Sujet Précédent Sujet Suivant

Infection impossible a enlever

Fermé
griboille016 - 21 avril 2008 à 20:59
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 - 22 avril 2008 à 01:00
Bonjour,
lors d'un scan minutieux avec avast il en resulte un fichier impossible a mettre en quarantaine cela m'affiche
h:\windows\systeme 32\zmvpvupbvl.exe infection win 32 et h:\windows\systeme 32\zmvpvupbvl.exe infection win 32 impossible de scanner. que puis faire pour irradiquer cette bestiolecar a chaque fois un fenêtre s'affiche concernant un logiciel de :sécurity systeme warning . pc antyspyware
A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
griboille016
21 avril 2008 à 22:35
BTFix 1.098 (par bibi26) - 21/04/2008 22:34:12 - Nettoyage - Mode normal
Lancé depuis H:\Documents and Settings\jean-christophe\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- H:\Program Files\ShoppingReport\Bin\2.0.22\
- H:\Program Files\ShoppingReport\Bin\
- H:\Program Files\ShoppingReport\cs\
- H:\Program Files\ShoppingReport\
- H:\Program Files\GamesBar\
- H:\Documents and Settings\jean-christophe\Application Data\ShoppingReport\cs\db\
- H:\Documents and Settings\jean-christophe\Application Data\ShoppingReport\cs\dwld\
- H:\Documents and Settings\jean-christophe\Application Data\ShoppingReport\cs\report\
- H:\Documents and Settings\jean-christophe\Application Data\ShoppingReport\cs\res1\
- H:\Documents and Settings\jean-christophe\Application Data\ShoppingReport\cs\
- H:\Documents and Settings\jean-christophe\Application Data\ShoppingReport\
- H:\Documents and Settings\All Users\Application Data\GamesBar\
- H:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar\

---> Nettoyage terminé le 21/04/2008 22:34:19
0
Réponse 22 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 22:38
Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
Réponse 23 / 35
griboille016
21 avril 2008 à 23:38
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 667

Type de recherche: Examen complet (H:\|)
Eléments examinés: 90620
Temps écoulé: 25 minute(s), 27 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
H:\WINDOWS\system32\nurkfgvc.exe (Trojan.FakeAlert) -> No action taken.
H:\Documents and Settings\All Users\Application Data\rejmjqfi\ryhufabw.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408abc9-9485-4071-bec6-eee05a918a29} (Rogue.PC-Cleaner) -> No action taken.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Telecom Advance (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hxuqkysn (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\m51nYm51nY (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1408abc9-9485-4071-bec6-eee05a918a29} (Rogue.PC-Cleaner) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
H:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
H:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
H:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
H:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> No action taken.
H:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.

Fichier(s) infecté(s):
H:\WINDOWS\system32\nurkfgvc.exe (Trojan.FakeAlert) -> No action taken.
H:\Documents and Settings\All Users\Application Data\rejmjqfi\ryhufabw.exe (Trojan.FakeAlert) -> No action taken.
H:\WINDOWS\olgdqarf.exe (Trojan.FakeAlert) -> No action taken.
H:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> No action taken.
H:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
H:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
H:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
H:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
H:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
H:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
H:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
H:\Program Files\PC-Cleaner\com\pcsd.dll (Rogue.PC-Cleaner) -> No action taken.
H:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
H:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
H:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.
H:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
H:\WINDOWS\wxvgsdbq.exe (Trojan.FakeAlert) -> No action taken.
H:\WINDOWS\vadokmxt.dll (Trojan.FakeAlert) -> No action taken.
0
Réponse 24 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 23:42
y a un blem

as tu supprimé les einfections ??

sur le rapport ça n apparait pas

as tu le rapport avec suppression ?

regarde dans rapport/log
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
griboille016
21 avril 2008 à 23:45
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 667

Type de recherche: Examen complet (H:\|)
Eléments examinés: 90620
Temps écoulé: 25 minute(s), 27 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
H:\WINDOWS\system32\nurkfgvc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
H:\Documents and Settings\All Users\Application Data\rejmjqfi\ryhufabw.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1408abc9-9485-4071-bec6-eee05a918a29} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Telecom Advance (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hxuqkysn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\m51nYm51nY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1408abc9-9485-4071-bec6-eee05a918a29} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
H:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
H:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
H:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
H:\WINDOWS\system32\nurkfgvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Application Data\rejmjqfi\ryhufabw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\WINDOWS\olgdqarf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
H:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
H:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
H:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\Program Files\PC-Cleaner\com\pcsd.dll (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
H:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
H:\WINDOWS\wxvgsdbq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\WINDOWS\vadokmxt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 26 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
21 avril 2008 à 23:52
ok tu me rassure car y avait du monde dans ton pc

lol

réouvre maleware byte
va sur l onglet quarantaine
supprime tout

puis fais ça :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
0
Réponse 27 / 35
griboille016
22 avril 2008 à 00:05
22/04/2008 a 0:01:03,85

*** Recherche des fichiers dans H:

*** Recherche des fichiers dans H:\WINDOWS\

*** Recherche des fichiers dans H:\WINDOWS\system32

*** Recherche des fichiers dans H:\Program Files
*** Fin du rapport !
0
Réponse 28 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
22 avril 2008 à 00:08
ras ça sent bon

refais un rapport hijackthis stp
0
Réponse 29 / 35
griboille016
22 avril 2008 à 00:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:51, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE
H:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\OrangeHSS\Launcher\Launcher.exe
H:\Program Files\Logitech\QuickCam\Quickcam.exe
H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
H:\Program Files\OrangeHSS\systray\systrayapp.exe
H:\Program Files\OrangeHSS\Deskboard\deskboard.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
H:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
H:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
H:\Program Files\Outlook Express\msimn.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - H:\Program Files\speed-bit\tbspe1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - H:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - H:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - H:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - H:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Readme Dart Play New] H:\Documents and Settings\All Users\Application Data\64OwnsReadmeDart\CLOSELICENSE.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON PictureMate 100] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE /P21 "EPSON PictureMate 100" /O6 "USB001" /M "PictureMate 100"
O4 - HKLM\..\Run: [Spyware-Secure] H:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] H:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] \Magentic.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NBJ] "H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "H:\WINDOWS\TEMP\E_S162.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: adobe gamma loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: microsoft office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - H:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - H:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - H:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
0
Réponse 30 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
22 avril 2008 à 00:21
apparemment tu as spyware secure d installer

verifie et désinstal le

pui supprime ces lignes :

O4 - HKLM\..\Run: [Readme Dart Play New] H:\Documents and Settings\All Users\Application Data\64OwnsReadmeDart\CLOSELICENSE.exe

O4 - HKLM\..\Run: [Spyware-Secure] H:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user'

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres refais un der
0
Réponse 31 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
22 avril 2008 à 00:21
apparemment tu as spyware secure d installer

verifie et désinstal le

pui supprime ces lignes :

O4 - HKLM\..\Run: [Readme Dart Play New] H:\Documents and Settings\All Users\Application Data\64OwnsReadmeDart\CLOSELICENSE.exe

O4 - HKLM\..\Run: [Spyware-Secure] H:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user'

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres refais un der
0
Réponse 32 / 35
griboille016
22 avril 2008 à 00:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37:13, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE
H:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\OrangeHSS\Launcher\Launcher.exe
H:\Program Files\Logitech\QuickCam\Quickcam.exe
H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
H:\Program Files\OrangeHSS\systray\systrayapp.exe
H:\Program Files\OrangeHSS\Deskboard\deskboard.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
H:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
H:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
H:\Program Files\Outlook Express\msimn.exe
H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - H:\Program Files\speed-bit\tbspe1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - H:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - H:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - H:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - H:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON PictureMate 100] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAKE.EXE /P21 "EPSON PictureMate 100" /O6 "USB001" /M "PictureMate 100"
O4 - HKLM\..\Run: [ORAHSSSessionManager] H:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] \Magentic.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NBJ] "H:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "H:\WINDOWS\TEMP\E_S162.tmp" /EF "HKCU"
O4 - Global Startup: adobe gamma loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: microsoft office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - H:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - H:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - H:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - H:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
0
Réponse 33 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
22 avril 2008 à 00:42
ton rapport est propre

je te conseil de te separer d avast

pour le désinstaller telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility

et d insatller a la place ANTIVIR (gratuit en anglais mais simple)

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
0
Réponse 34 / 35
griboille016
22 avril 2008 à 00:57
pas trouver tcleaner.txt si ça te dérange pas je vais au dodo demain boulot encore un grand merci a toi et a ce site génial. good night
0
Réponse 35 / 35
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
22 avril 2008 à 01:00
ok si tout les fix ont disparu c est good

Si tu es satisfait de mon intervention

et que tu n as plus de probleme

change le statut du sujet en résolu stp

pour cela va en haut sur ta premiere question et la tu as le choix
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
phil -

13 réponses
Comment enlever l'audiodescription pour non voyant ?
chantal1234 -
Sim -

52 réponses
"Mode sécurisé": comment l'enlever ?
skander1615 -
Tito -

2 réponses
libellé page1 excel
imazi -
Raymond PENTIER -

7 réponses
Freebox mode sécurisé
Sigrist -
Sigrist -

0 réponse