Win32:Adware-gen impossible à supprimer

Résolu

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention -
Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention - 8 mai 2008 à 19:11

Bonjour,
je n'arrive pas à supprimer cette adware : Win32:Adware-gen [Adw]. Le logiciel antivirus installé sur cet ordinatur était .. juste avast. J'ai installé spybot et ad-aware, mais à chaque fois qu'ils tentent d'effectuer une analyse, l'ordinateur redémarre. : / Comme je ne m'y connais pas particulièrement en PC je ne sais déjà plus quoi faire. Je sais sinon que l'adware s'installe souvent dans les fichiers temp, mais ils n'en sont pas la source.

Merci d'avance pour votre aide...

Afficher la suite

A voir également:

Win32:Adware-gen impossible à supprimer
Puabundler win32 candyopen - Forum Virus
Win32:miscx-gen ✓ - Forum Linux / Unix
Puabundler win32 rostpay ✓ - Forum Antivirus
Puadimanager win32/offercore ✓ - Forum Virus
Trojan win32 - Forum Virus

113 réponses

Précédent

1
2
3
4
5
6

Suivant

Réponse 41 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

analyse ces fichiers sur virus total et si inféctés tu les vire avec otmovit

https://www.virustotal.com/gui/

C:\WINDOWS\system32\vgqtuuse.tmp
C:\WINDOWS\system32\gvlgdtch.tmp
C:\WINDOWS\system32\ovpcgcnr.tmp

voilà cela devrait etre bon!!!!

encore des soucis??

Réponse 42 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

Ok je m'y met!

Réponse 43 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

ok

a plus

Réponse 44 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

Donc,le rapport d'AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:07:12 24/03/2008

+ Résultat de l'analyse:

C:\lifsdxvr.exe -> Downloader.Agent.hyy : Nettoyé et sauvegardé (mise en quarantaine).
C:\ovvbu.exe -> Downloader.Tiny.ali : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Helper\1206283618.dll -> Not-A-Virus.Adware.E404 : Nettoyé et sauvegardé (mise en quarantaine).
[52664] C:\Program Files\Helper\1206283618.dll -> Not-A-Virus.Adware.E404 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Pandore\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Pandore\Cookies\pandore@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@247realmedia[3].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@247realmedia[4].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.138:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.66:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.91:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@2o7[4].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@excedence.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@gaiainteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@kaboose.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@paypal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@pentonmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@viafrplayer.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@viagaiaworlds.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@viamtvnvideo.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
:mozilla.110:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.111:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@3.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@4.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@4.adbrite[4].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adbrite[4].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ads.adbrite[3].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adrenaline[1].txt -> TrackingCookie.Adrenaline : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adrevolver[4].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@media.adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@media.adrevolver[5].txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.18:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@advertising[3].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adviva[3].txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.46:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.100:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Belstat : Nettoyé.
:mozilla.76:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@burstnet[3].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.burstnet[3].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@casalemedia[3].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fl01.ct2.comclick[3].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@connextra[1].txt -> TrackingCookie.Connextra : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.27:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@e-2dj6wfkosodzcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@e-2dj6whl4klcjwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@e-2dj6wjlyghcpmfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.29:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fastclick[3].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fastclick[4].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@findwhat[2].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fortunecity[2].txt -> TrackingCookie.Fortunecity : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@fortunecity[3].txt -> TrackingCookie.Fortunecity : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@hit.gemius[1].txt -> TrackingCookie.Gemius : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@hit.gemius[2].txt -> TrackingCookie.Gemius : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-deltatre.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-lgusa.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-psychologies.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-systran.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-wacomtechnology.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-youtube.hitbox[3].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@hitbox[3].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.77:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@mediaplex[3].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@stat.onestat[2].txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.17:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@data2.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@overture[3].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@qksrv[1].txt -> TrackingCookie.Qksrv : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@qksrv[2].txt -> TrackingCookie.Qksrv : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@france.real[1].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@real[1].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@real[2].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@realguide.real[1].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@realmedia[3].txt -> TrackingCookie.Realmedia : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@revsci[3].txt -> TrackingCookie.Revsci : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@edge.ru4[2].txt -> TrackingCookie.Ru4 : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.safer-networking[1].txt -> TrackingCookie.Safer-networking : Nettoyé.
:mozilla.92:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.93:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.94:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.95:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.96:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.97:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@serving-sys[4].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.30:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.33:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@smartadserver[4].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.101:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@h.starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@statcounter[3].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@statcounter[4].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tacoda[3].txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.112:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.113:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tradedoubler[4].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@trafficmp[1].txt -> TrackingCookie.Trafficmp : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@trafficmp[3].txt -> TrackingCookie.Trafficmp : Nettoyé.
:mozilla.109:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.35:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.36:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@argenius.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.104:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.105:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.108:C:\Documents and Settings\Pandore\Application Data\Mozilla\Firefox\Profiles\gk0bvy6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\Pandore\Cookies\pandore@zedo[3].txt -> TrackingCookie.Zedo : Nettoyé.
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP467\A0120637.sys -> Trojan.Srizbi.j : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

Et heu le hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:15, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [advap32] c:\smaq.exe/r
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\gqunlaws.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pandore\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Réponse 46 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

passe a la suite on verra apres

Réponse 47 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

Voiloute :

Search Navipromo version 3.5.1 commencé le 25/03/2008 à 11:44:00,09

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Pandore"

Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Pandore\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Pandore\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Pandore\menud+~1\progra~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Pandore\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Pandore\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\accdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 25/03/2008 à 11:46:04,29 ***

Réponse 48 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

Hum, vundofix n'a rien trouvé ... Je continue quand même?

Réponse 49 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

oui tu continue

Réponse 50 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

Le rapport de virtumonde:

[03/25/2008, 15:43:32] - VirtumundoBeGone v1.5 ( "C:\Downloads\VirtumundoBeGone.exe" )
[03/25/2008, 15:43:43] - Detected System Information:
[03/25/2008, 15:43:43] - Windows Version: 5.1.2600, Service Pack 2
[03/25/2008, 15:43:43] - Current Username: Pandore (Admin)
[03/25/2008, 15:43:43] - Windows is in NORMAL mode.
[03/25/2008, 15:43:43] - Searching for Browser Helper Objects:
[03/25/2008, 15:43:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/25/2008, 15:43:43] - BHO 2: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/25/2008, 15:43:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:43] - Checking for HKLM\...\Winlogon\Notify\ljjkifc
[03/25/2008, 15:43:43] - Found: HKLM\...\Winlogon\Notify\ljjkifc - This is probably Virtumundo.
[03/25/2008, 15:43:43] - Assigning {11241072-58BB-40CE-9171-0B2BDFB22E97} MSEvents Object
[03/25/2008, 15:43:43] - BHO list has been changed! Starting over...
[03/25/2008, 15:43:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/25/2008, 15:43:44] - BHO 2: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/25/2008, 15:43:44] - ALERT: Found MSEvents Object!
[03/25/2008, 15:43:44] - BHO 3: {1E8FFFD3-CF45-490E-ACD3-85FE15A8D42C} ()
[03/25/2008, 15:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:44] - No filename found. Continuing.
[03/25/2008, 15:43:44] - BHO 4: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[03/25/2008, 15:43:44] - BHO 5: {3E43E815-A480-4200-A9A8-7C8B38694681} ()
[03/25/2008, 15:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:44] - Checking for HKLM\...\Winlogon\Notify\ddcca
[03/25/2008, 15:43:44] - Key not found: HKLM\...\Winlogon\Notify\ddcca, continuing.
[03/25/2008, 15:43:44] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/25/2008, 15:43:44] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2008, 15:43:44] - BHO 8: {7bcb6b29-4290-4ac7-9c61-a6c51f87bc36} ()
[03/25/2008, 15:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:44] - Checking for HKLM\...\Winlogon\Notify\gfqyeckg
[03/25/2008, 15:43:44] - Key not found: HKLM\...\Winlogon\Notify\gfqyeckg, continuing.
[03/25/2008, 15:43:44] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/25/2008, 15:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:44] - No filename found. Continuing.
[03/25/2008, 15:43:44] - BHO 10: {A97E1B61-3B4A-4A08-A337-76DE915B243B} ()
[03/25/2008, 15:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:44] - No filename found. Continuing.
[03/25/2008, 15:43:44] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/25/2008, 15:43:44] - BHO 12: {C03FD59D-9104-44B7-929A-9EAA0BA05211} (e404mgr Class)
[03/25/2008, 15:43:44] - BHO 13: {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} (QuickTalk 2.1)
[03/25/2008, 15:43:44] - Finished Searching Browser Helper Objects
[03/25/2008, 15:43:44] - *** Detected MSEvents Object
[03/25/2008, 15:43:44] - Trying to remove MSEvents Object...
[03/25/2008, 15:43:45] - Terminating Process: IEXPLORE.EXE
[03/25/2008, 15:43:49] - Terminating Process: RUNDLL32.EXE
[03/25/2008, 15:43:50] - Disabling Automatic Shell Restart
[03/25/2008, 15:43:50] - Terminating Process: EXPLORER.EXE
[03/25/2008, 15:43:51] - Suspending the NT Session Manager System Service
[03/25/2008, 15:43:52] - Terminating Windows NT Logon/Logoff Manager
[03/25/2008, 15:43:53] - Re-enabling Automatic Shell Restart
[03/25/2008, 15:43:53] - File to disable: C:\WINDOWS\system32\ljjkifc.dll
[03/25/2008, 15:43:53] - Renaming C:\WINDOWS\system32\ljjkifc.dll -> C:\WINDOWS\system32\ljjkifc.dll.vir
[03/25/2008, 15:43:56] - File successfully renamed!
[03/25/2008, 15:43:56] - Removing HKLM\...\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/25/2008, 15:43:57] - Removing HKCR\CLSID\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/25/2008, 15:43:58] - Adding Kill Bit for ActiveX for GUID: {11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/25/2008, 15:43:58] - Deleting ATLEvents/MSEvents Registry entries
[03/25/2008, 15:43:58] - Removing HKLM\...\Winlogon\Notify\ljjkifc
[03/25/2008, 15:43:59] - Searching for Browser Helper Objects:
[03/25/2008, 15:43:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/25/2008, 15:43:59] - BHO 2: {1E8FFFD3-CF45-490E-ACD3-85FE15A8D42C} ()
[03/25/2008, 15:43:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:59] - No filename found. Continuing.
[03/25/2008, 15:43:59] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[03/25/2008, 15:43:59] - BHO 4: {3E43E815-A480-4200-A9A8-7C8B38694681} ()
[03/25/2008, 15:43:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:59] - Checking for HKLM\...\Winlogon\Notify\ddcca
[03/25/2008, 15:43:59] - Key not found: HKLM\...\Winlogon\Notify\ddcca, continuing.
[03/25/2008, 15:43:59] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/25/2008, 15:43:59] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2008, 15:43:59] - BHO 7: {7bcb6b29-4290-4ac7-9c61-a6c51f87bc36} ()
[03/25/2008, 15:43:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:59] - Checking for HKLM\...\Winlogon\Notify\gfqyeckg
[03/25/2008, 15:43:59] - Key not found: HKLM\...\Winlogon\Notify\gfqyeckg, continuing.
[03/25/2008, 15:43:59] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/25/2008, 15:43:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:59] - No filename found. Continuing.
[03/25/2008, 15:43:59] - BHO 9: {A97E1B61-3B4A-4A08-A337-76DE915B243B} ()
[03/25/2008, 15:43:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:43:59] - No filename found. Continuing.
[03/25/2008, 15:43:59] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/25/2008, 15:43:59] - BHO 11: {C03FD59D-9104-44B7-929A-9EAA0BA05211} (e404mgr Class)
[03/25/2008, 15:43:59] - BHO 12: {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} (QuickTalk 2.1)
[03/25/2008, 15:43:59] - Finished Searching Browser Helper Objects
[03/25/2008, 15:43:59] - Finishing up...
[03/25/2008, 15:43:59] - A restart is needed.
[03/25/2008, 15:44:11] - Attempting to Restart via STOP error (Blue Screen!)

[03/25/2008, 15:56:06] - VirtumundoBeGone v1.5 ( "C:\Downloads\VirtumundoBeGone.exe" )
[03/25/2008, 15:56:15] - Detected System Information:
[03/25/2008, 15:56:15] - Windows Version: 5.1.2600, Service Pack 2
[03/25/2008, 15:56:15] - Current Username: Pandore (Admin)
[03/25/2008, 15:56:15] - Windows is in NORMAL mode.
[03/25/2008, 15:56:15] - Searching for Browser Helper Objects:
[03/25/2008, 15:56:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/25/2008, 15:56:15] - BHO 2: {1E8FFFD3-CF45-490E-ACD3-85FE15A8D42C} ()
[03/25/2008, 15:56:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:56:15] - No filename found. Continuing.
[03/25/2008, 15:56:15] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[03/25/2008, 15:56:15] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/25/2008, 15:56:15] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2008, 15:56:15] - BHO 6: {7bcb6b29-4290-4ac7-9c61-a6c51f87bc36} ()
[03/25/2008, 15:56:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:56:15] - Checking for HKLM\...\Winlogon\Notify\gfqyeckg
[03/25/2008, 15:56:15] - Key not found: HKLM\...\Winlogon\Notify\gfqyeckg, continuing.
[03/25/2008, 15:56:15] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/25/2008, 15:56:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:56:15] - No filename found. Continuing.
[03/25/2008, 15:56:15] - BHO 8: {A97E1B61-3B4A-4A08-A337-76DE915B243B} ()
[03/25/2008, 15:56:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:56:15] - No filename found. Continuing.
[03/25/2008, 15:56:15] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/25/2008, 15:56:15] - BHO 10: {C03FD59D-9104-44B7-929A-9EAA0BA05211} (e404mgr Class)
[03/25/2008, 15:56:15] - BHO 11: {C956BC97-58BB-47DC-B43F-05AD17777F13} ()
[03/25/2008, 15:56:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 15:56:15] - Checking for HKLM\...\Winlogon\Notify\ddcca
[03/25/2008, 15:56:15] - Key not found: HKLM\...\Winlogon\Notify\ddcca, continuing.
[03/25/2008, 15:56:15] - BHO 12: {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} (QuickTalk 2.1)
[03/25/2008, 15:56:15] - Finished Searching Browser Helper Objects
[03/25/2008, 15:56:15] - Finishing up...
[03/25/2008, 15:56:15] - Nothing found! Exiting...

Réponse 51 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

parfait plus que le scan en ligne

Réponse 52 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-03-25 16:05:01
PROTECTIONS: 1
MALWARE: 51
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1098 [VPS 080324-0] 4.7.1098 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029426 adware/sbsoft Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@atdmt[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@linksynergy[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@clickbank[1].txt
00156968 Cookie/ads.tripod.lycos.com TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@ads.tripod.lycos[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@fe.lea.lycos[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@tickle[2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@tickle[1].txt
00167738 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@fe.lea.lycos[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@gostats[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@azjmp[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@azjmp[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@toplist[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@888[3].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@888[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@media.adrevolver[6].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@media.adrevolver[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adopt.hbmediapro[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@overture[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@zedo[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@int.sitestat[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@int.sitestat[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@bluestreak[1].txt
00187949 Cookie/adstat TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adstat.4u[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@bravenet[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adultfriendfinder[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@atwola[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@www.errorsafe[2].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@www.errorsafe[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@errorsafe[3].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@errorsafe[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@www3.addfreestats[1].txt
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adserver.filefront[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@www6.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@www1.addfreestats[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@drivecleaner[1].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@drivecleaner[3].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@winantivirus[1].txt
00329272 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@www.systemdoctor[1].txt
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@systemdoctor[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adserver.easyad[2].txt
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@advancedcleaner[2].txt
02893893 Trj/Bancos.RQ Virus/Trojan No 0 No No C:\Documents and Settings\Pandore\Local Settings\Temporary Internet Files\Content.IE5\3LLR1AQF\ComboFix[1].exe[327882R2FWJFW\pv.cfexe]
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Pandore\Cookies\pandore@adsrevenue[1].txt
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\WINDOWS\SYSTEM32\BLUETOOTHAUTHORIZATIONAGENT.EXE
C:\WINDOWS\SYSTEM32\IESEARCH.DLL
C:\WINDOWS\SYSTEM32\WLCTRL32.DLL
C:\D.EXE
;===================================================================================================================================================================================

Voila

Réponse 53 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

colle moi les rapports je te dirai

Réponse 54 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

C:\WINDOWS\SYSTEM32\BLUETOOTHAUTHORIZATIONAGENT.EXE

Fichier 50003.exe reçu le 2008.03.24 04:06:28 (CET)
Situation actuelle: terminé
Résultat: 15/31 (48.39%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Peed.A.157
Authentium - - Possibly a new variant of W32/STZ_like!Generic
Avast - - -
AVG - - SHeur.AZGP
BitDefender - - Trojan.Peed.Gen
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Trojan.Packed.142
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/STZ_like!Generic
F-Secure - - not-virus:Hoax.Win32.Renos.bgf
Ikarus - - Trojan.Peed
Kaspersky - - not-virus:Hoax.Win32.Renos.bgf
McAfee - - New Malware.fa
Microsoft - - Trojan:Win32/Tibs.FZ
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Generic File Infector
Rising - - -
Sophos - - Mal/HckPk-A
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Peed.A.157
Information additionnelle
MD5: 1b06a7cf662faf4ff8f900ebef8095ad
SHA1: 84540bc4b744bae0b9fa75e06295475675aba96b
SHA256: 42762f8ecc539488849a0201a6ff44665129d0e46c2bee9682b6317e592fd4ef
SHA512: 6dd8960b4ed3df09ee49568f24f2e3eed6c8cf8f11c5e41e322922bf3d608b93 7a89fb47e9bad7a7aa9a65b05edae24c43bb4ae9629a60516492545f868b7446

C:\WINDOWS\SYSTEM32\IESEARCH.DLL

Fichier msram.dll.vir reçu le 2008.03.24 04:08:03 (CET)
Situation actuelle: terminé
Résultat: 14/32 (43.75%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - ADSPY/Flycodec.A.2
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - PUA.Packed.UPack
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - Dloader.E!tr
F-Prot - - W32/Heuristic-162!Eldorado
F-Secure - - -
Ikarus - - Trojan-Spy.Win32.Banbra.hb
Kaspersky - - -
McAfee - - Generic Downloader.e
Microsoft - - Trojan:Win32/Emurbo.A
NOD32v2 - - -
Norman - - W32/Suspicious_U.gen
Panda - - -
Prevx1 - - TROJAN.CE
Rising - - -
Sophos - - Mal/EncPk-BW
Sunbelt - - -
Symantec - - -
TheHacker - - W32/Behav-Heuristic-060
VBA32 - - -
VirusBuster - - Packed/Upack
Webwasher-Gateway - - Ad-Spyware.Flycodec.A.2
Information additionnelle
MD5: a031896bcda3b4b5e79b9319200c667c
SHA1: f7b7d38e0842b79658fefde1ea24581475836b72
SHA256: 27fd4565a190f086607aac0a32721601547c202254e1d8844c7d016514770db0
SHA512: d59a983008faa5cac21006a8898da5dff6ab24f671fa629e54d09671d8611795 d4b9581d47a590074a1213a7ce07a40be2db8c8b2830ff82e882e0ce03d1dcbb

C:\WINDOWS\SYSTEM32\WLCTRL32.DLL

Fichier WLCtrl32.dll reçu le 2008.03.25 15:57:19 (CET)
Situation actuelle: terminé
Résultat: 16/32 (50.00%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.26.0 2008.03.25 -
AntiVir 7.6.0.75 2008.03.25 TR/Dldr.Agent.luo.19
Authentium 4.93.8 2008.03.25 -
Avast 4.7.1098.0 2008.03.24 -
AVG 7.5.0.516 2008.03.25 Downloader.Agent.ADQR
BitDefender 7.2 2008.03.25 Trojan.Dropper.Cutwail.B
CAT-QuickHeal 9.50 2008.03.24 TrojanDownloader.Agent.luo
ClamAV 0.92.1 2008.03.25 -
DrWeb 4.44.0.09170 2008.03.25 Trojan.DownLoader.50037
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5641 2008.03.25 -
Ewido 4.0 2008.03.25 -
FileAdvisor 1 2008.03.25 -
Fortinet 3.14.0.0 2008.03.25 W32/Agent.LUO!tr.dldr
F-Prot 4.4.2.54 2008.03.24 -
F-Secure 6.70.13260.0 2008.03.25 Trojan-Downloader.Win32.Agent.luo
Ikarus T3.1.1.20 2008.03.25 Trojan-Downloader.Win32.Agent.luo
Kaspersky 7.0.0.125 2008.03.25 Trojan-Downloader.Win32.Agent.luo
McAfee 5258 2008.03.24 -
Microsoft 1.3301 2008.03.25 TrojanDropper:Win32/Cutwail.Y
NOD32v2 2971 2008.03.25 -
Norman 5.80.02 2008.03.25 W32/Agent.dam
Panda 9.0.0.4 2008.03.25 -
Prevx1 V2 2008.03.25 TROJAN.PANDEX.B
Rising 20.37.02.00 2008.03.24 -
Sophos 4.27.0 2008.03.25 Mal/Generic-A
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.25 Trojan.Pandex
TheHacker 6.2.92.253 2008.03.25 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.25 Trojan.DR.Pandex.Gen.4
Webwasher-Gateway 6.6.2 2008.03.25 Trojan.Dldr.Agent.luo.19
Information additionnelle
File size: 11776 bytes
MD5: e844168bcaff9bbe55ce7dfdbcfbd551
SHA1: 6873e246c0edf9dcd40f77c6832bd697017c1ce7
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=060C23B600F1A4742EA80055DD2C47008BBECA7A

C:\D.EXE

Fichier VT08031910906-000001_b9a237a76197 reçu le 2008.03.22 18:39:09 (CET)
Situation actuelle: terminé
Résultat: 17/32 (53.12%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Dldr.Agent.lnh.2
Authentium - - -
Avast - - -
AVG - - Downloader.Agent.ADNW
BitDefender - - -
CAT-QuickHeal - - Win32.Backdoor.PoisonIvy.ay2
ClamAV - - PUA.Packed.MEW-1
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - Trojan-Downloader.Win32.Agent.lnh
Ikarus - - Trojan-Proxy.Win32.Small.DT
Kaspersky - - Trojan-Downloader.Win32.Agent.lnh
McAfee - - -
Microsoft - - Trojan:Win32/Emurbo.A
NOD32v2 - - -
Norman - - Suspicious_M.gen
Panda - - Suspicious file
Prevx1 - - Generic.Malware
Rising - - -
Sophos - - Mal/EncPk-BA
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - W32/Behav-Heuristic-066
VBA32 - - -
VirusBuster - - Packed/MEW
Webwasher-Gateway - - Trojan.Dldr.Agent.lnh.2
Information additionnelle
MD5: b9a237a761976ab3ead774a0f7dd1aed
SHA1: 4637c28c9a6d58e3a57339e11279f7533bb4ed6f
SHA256: 7cde9b9ee484520242c849e236dcc94638b1f3ce42a83e240f563a074234cc6f
SHA512: ca92774103c29ea48b80b574dd76597988910ef1d699c3a4bea251cb71217cfe dbb7fba63ab865e3aa41f1dc67f8b444167d691b004976781dd7760e0dc1a20b

Réponse 55 / 113

Pandorea Messages postés 20 Date d'inscription Statut Membre Dernière intervention

:) Ok et je mets un peu ou j'en suis avec le pc:
Alors avast me signale depuis hier un trojan qu'il n'arrive pas à maintenir en quarantaine ou supprimer (Win32:TratBHO [Trj])
L'odinateur est plutot lent au démarrage, mais bon rien d'horrible, et je ne suis plus détournée quand
je surfe (mais j'ai toujours de fenetres qui s'ouvrent sans cesse).

X) Qu'est-ce q tu voulais dire par "ids" tes soucis?

Réponse 56 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

quel fichiers sont inféctés selon avast?

Réponse 57 / 113

Pandorea

Bonjour! Merci pour toutes les infos! :)

Heu il y a : C:\WINDOWS\system32\ddcca.dll et un fichier temp mais je n'arrive pas a retrouver lequel.

Réponse 58 / 113

Pandorea

C'est bon c'est supprimé :)
Je n'ai plus de problèmes du coup! MERCI BEAUCOUP!!!!! ^3^!

Réponse 59 / 113

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

parfait

bonne suite si soucis tu dis

Pandorea

Hehehehe owo''' ...
En fait j'avais mal lu le resultat de OTMoveit...

File/Folder C:\WINDOWS\system32\ddcca.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03292008_162609

Donc j'ai toujours le trojan, et cest vundo comme me l'indique antivir qui pourtant le situe bi dans le dossier cité ci-dessus...

Réponse 60 / 113

Pandorea

Et également vundo dans C:WINDOWS\system32\ixagtcug.dll

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore

Pb Windows 7, .EXE n'est pas app win32 valide

win32:malware-gen bloqué par avast

Menaces HackTool:Win32

PUADlManager:Win32/OfferCore

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne