Sujet Précédent Sujet Suivant

WIN 32 PRIVAVACY Set B

Myra -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

Je cherche de l'aide pour m'aider à me debarasser de virus ( je crois qu'il m'en reste 2 dont je n'arrive pas à bout WIN 32 Privacy Set B et Win32 Rootkit agen) qui ont infectés mon PC; Je ne suis pas très avancé en informatique , mais j'ai procédé au scan avec avast ( en mode standard et minitieux) ( en mode sans échec aussi) . J'ai aussi utilisé Lavasoft, . J'ai cru à un moment avoir réglé tout cela ,mais rien à faire ils sont toujours là et je suis désespérée.
L'ecran est envahi pas des pub intempestives,mais aussi de bruit, musique, dont je sais seulement qu'ils sortent de l'ordi.
J'ai une fenete Vista Windows et une autre CC+ Vision qui ne cessent d'apparaitre .J'ai bloque les fenetres de pub intempestives, mais cela se re configure tout seul.
Pouvez vous m'aider SVP . Je crois que je suis arrivée à mes limites de compétences dans ce domaine.
Merci d'avance
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Ferme Hijackthis en cliquant sur la croix-rouge.

Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :

http://www.techsupportforum.com/sectools/Deckard/dss.exe

Choisis "Enregistrer" et "Bureau" comme emplacement.

Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).

Double-clique sur DSS.exe pour lancer l'outil.

S'il ne trouve pas HijackThis, clique sur Oui.

Clique sur OK à chaque fois que cela sera demandé.

L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.

Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
0
Réponse 2 / 26
Myra
 
Je me lance et vous tiens au courant
Merci encore
Myra
0
Réponse 3 / 26
Myra
 
voila le resultat
Je ne sais pastrop comment interpreter cela , mais j 'espère que c est ok. pdt le scan DSS , Avast a detecte des virus que j'ai supprime.Espere que cela ira. Quoiqu'il en soi, merci de m'avoir répondu et propose une aide .

Deckard's System Scanner v20071014.68
Run by arethas maryse on 2008-06-04 03:17:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
44: 2008-06-04 06:18:12 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2008-06-02 21:21:59 UTC - RP43 - Point de vérification système
42: 2008-06-01 03:49:52 UTC - RP42 - Point de vérification système
41: 2008-05-29 14:09:42 UTC - RP41 - Point de vérification système
40: 2008-05-28 06:13:23 UTC - RP40 - Last known good configuration

-- First Restore Point --
1: 2008-05-28 06:09:15 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 503 MiB (512 MiB recommended)./color

-- HijackThis (run as arethas maryse.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:30, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\arethas maryse\Local Settings\Temporary Internet Files\Content.IE5\MM6DTP42\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\arethas maryse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {2EC21872-1824-4325-964F-F5382D76A517} - C:\WINDOWS\system32\awtrOiIB.dll
O2 - BHO: {e70cfb5e-f808-6148-d144-bbf210f4eb05} - {50be4f01-2fbb-441d-8416-808fe5bfc07e} - C:\WINDOWS\system32\dyapbgne.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B1C794A9-4AED-44B8-976B-F66A4662C4F0} - C:\WINDOWS\system32\tuvUNdBs.dll (file missing)
O2 - BHO: (no name) - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\yayaWPGx.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: targetedbanner browser optimizer - {ed329a46-c031-7050-66d7-3cca8efc955e} - C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{57d5230e-f58a-afb7-aad6-e92d38efaeb8}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll" DllStart
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\nasadkqw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayaWPGx - C:\WINDOWS\SYSTEM32\yayaWPGx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0
Réponse 4 / 26
Myra
 
voila le resultat
Je ne sais pastrop comment interpreter cela , mais j 'espère que c est ok. pdt le scan DSS , Avast a detecte des virus que j'ai supprime.Espere que cela ira. Quoiqu'il en soi, merci de m'avoir répondu et propose une aide .

Deckard's System Scanner v20071014.68
Run by arethas maryse on 2008-06-04 03:17:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
44: 2008-06-04 06:18:12 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2008-06-02 21:21:59 UTC - RP43 - Point de vérification système
42: 2008-06-01 03:49:52 UTC - RP42 - Point de vérification système
41: 2008-05-29 14:09:42 UTC - RP41 - Point de vérification système
40: 2008-05-28 06:13:23 UTC - RP40 - Last known good configuration

-- First Restore Point --
1: 2008-05-28 06:09:15 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 503 MiB (512 MiB recommended)./color

-- HijackThis (run as arethas maryse.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:30, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\arethas maryse\Local Settings\Temporary Internet Files\Content.IE5\MM6DTP42\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\arethas maryse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {2EC21872-1824-4325-964F-F5382D76A517} - C:\WINDOWS\system32\awtrOiIB.dll
O2 - BHO: {e70cfb5e-f808-6148-d144-bbf210f4eb05} - {50be4f01-2fbb-441d-8416-808fe5bfc07e} - C:\WINDOWS\system32\dyapbgne.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B1C794A9-4AED-44B8-976B-F66A4662C4F0} - C:\WINDOWS\system32\tuvUNdBs.dll (file missing)
O2 - BHO: (no name) - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\yayaWPGx.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: targetedbanner browser optimizer - {ed329a46-c031-7050-66d7-3cca8efc955e} - C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{57d5230e-f58a-afb7-aad6-e92d38efaeb8}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll" DllStart
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\nasadkqw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayaWPGx - C:\WINDOWS\SYSTEM32\yayaWPGx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

grosse infection.

Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
0
Myra
 
J'apprécie bcp votre aide
voici le dernier rapport
Merci
SmitFraudFix v2.323

Rapport fait à 11:54:00,62, 04/06/2008
Executé à partir de C:\Documents and Settings\arethas maryse\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\arethas maryse


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\arethas maryse\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ARETHA~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2158652B-56FA-4451-BBEF-0B83E2B72EDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2158652B-56FA-4451-BBEF-0B83E2B72EDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2158652B-56FA-4451-BBEF-0B83E2B72EDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
0
Réponse 7 / 26
Myra
 
voila le dernier rapport, je crois . je commence a m'enmeler les pinceaux
Mais je ne sais si c'etait une erreur , j'avais fait tout le processus HijackThis, c'est a dire nettoyer ne mode sans echec

Apres j'ai fait ce que vous m'avez envoye. Je dois vous die que je ne sais pas ce que cela signifie tout ce qu 'ily a d'écrit la .
Mon fond d'ecran est tout bleu . C'est normal ?
Voila pour le moment

[06/04/2008, 12:54:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\arethas maryse\Local Settings\Temporary Internet Files\Content.IE5\P3EA7RQB\VirtumundoBeGone[1].exe" )
[06/04/2008, 12:54:25] - Detected System Information:
[06/04/2008, 12:54:25] - Windows Version: 5.1.2600, Service Pack 2
[06/04/2008, 12:54:25] - Current Username: arethas maryse (Admin)
[06/04/2008, 12:54:26] - Windows is in NORMAL mode.
[06/04/2008, 12:54:26] - Searching for Browser Helper Objects:
[06/04/2008, 12:54:26] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/04/2008, 12:54:26] - BHO 2: {25CA76B8-A45A-415D-A0A0-DE8FC6239EE5} ()
[06/04/2008, 12:54:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:26] - Checking for HKLM\...\Winlogon\Notify\awtrOiIB
[06/04/2008, 12:54:26] - Key not found: HKLM\...\Winlogon\Notify\awtrOiIB, continuing.
[06/04/2008, 12:54:26] - BHO 3: {50be4f01-2fbb-441d-8416-808fe5bfc07e} ()
[06/04/2008, 12:54:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:26] - Checking for HKLM\...\Winlogon\Notify\dyapbgne
[06/04/2008, 12:54:26] - Key not found: HKLM\...\Winlogon\Notify\dyapbgne, continuing.
[06/04/2008, 12:54:26] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/04/2008, 12:54:26] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/04/2008, 12:54:27] - BHO 6: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[06/04/2008, 12:54:27] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/04/2008, 12:54:27] - BHO 8: {B1C794A9-4AED-44B8-976B-F66A4662C4F0} ()
[06/04/2008, 12:54:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:27] - Checking for HKLM\...\Winlogon\Notify\tuvUNdBs
[06/04/2008, 12:54:27] - Key not found: HKLM\...\Winlogon\Notify\tuvUNdBs, continuing.
[06/04/2008, 12:54:27] - BHO 9: {B76CF1F4-ECDC-4CA1-89F8-32403496528E} ()
[06/04/2008, 12:54:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:27] - Checking for HKLM\...\Winlogon\Notify\yayaWPGx
[06/04/2008, 12:54:27] - Found: HKLM\...\Winlogon\Notify\yayaWPGx - This is probably Virtumundo.
[06/04/2008, 12:54:27] - Assigning {B76CF1F4-ECDC-4CA1-89F8-32403496528E} MSEvents Object
[06/04/2008, 12:54:27] - BHO list has been changed! Starting over...
[06/04/2008, 12:54:27] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/04/2008, 12:54:27] - BHO 2: {25CA76B8-A45A-415D-A0A0-DE8FC6239EE5} ()
[06/04/2008, 12:54:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:28] - Checking for HKLM\...\Winlogon\Notify\awtrOiIB
[06/04/2008, 12:54:28] - Key not found: HKLM\...\Winlogon\Notify\awtrOiIB, continuing.
[06/04/2008, 12:54:28] - BHO 3: {50be4f01-2fbb-441d-8416-808fe5bfc07e} ()
[06/04/2008, 12:54:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:28] - Checking for HKLM\...\Winlogon\Notify\dyapbgne
[06/04/2008, 12:54:28] - Key not found: HKLM\...\Winlogon\Notify\dyapbgne, continuing.
[06/04/2008, 12:54:28] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/04/2008, 12:54:28] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/04/2008, 12:54:28] - BHO 6: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[06/04/2008, 12:54:28] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/04/2008, 12:54:28] - BHO 8: {B1C794A9-4AED-44B8-976B-F66A4662C4F0} ()
[06/04/2008, 12:54:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:29] - Checking for HKLM\...\Winlogon\Notify\tuvUNdBs
[06/04/2008, 12:54:29] - Key not found: HKLM\...\Winlogon\Notify\tuvUNdBs, continuing.
[06/04/2008, 12:54:29] - BHO 9: {B76CF1F4-ECDC-4CA1-89F8-32403496528E} (MSEvents Object)
[06/04/2008, 12:54:29] - ALERT: Found MSEvents Object!
[06/04/2008, 12:54:29] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/04/2008, 12:54:29] - BHO 11: {ed329a46-c031-7050-66d7-3cca8efc955e} (targetedbanner browser optimizer)
[06/04/2008, 12:54:29] - BHO 12: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[06/04/2008, 12:54:29] - Finished Searching Browser Helper Objects
[06/04/2008, 12:54:29] - *** Detected MSEvents Object
[06/04/2008, 12:54:29] - Trying to remove MSEvents Object...
[06/04/2008, 12:54:30] - Terminating Process: IEXPLORE.EXE
[06/04/2008, 12:54:32] - Terminating Process: RUNDLL32.EXE
[06/04/2008, 12:54:32] - Disabling Automatic Shell Restart
[06/04/2008, 12:54:33] - Terminating Process: EXPLORER.EXE
[06/04/2008, 12:54:34] - Suspending the NT Session Manager System Service
[06/04/2008, 12:54:34] - Terminating Windows NT Logon/Logoff Manager
[06/04/2008, 12:54:34] - Re-enabling Automatic Shell Restart
[06/04/2008, 12:54:34] - File to disable: C:\WINDOWS\system32\yayaWPGx.dll
[06/04/2008, 12:54:34] - Renaming C:\WINDOWS\system32\yayaWPGx.dll -> C:\WINDOWS\system32\yayaWPGx.dll.vir
[06/04/2008, 12:54:36] - File successfully renamed!
[06/04/2008, 12:54:36] - Removing HKLM\...\Browser Helper Objects\{B76CF1F4-ECDC-4CA1-89F8-32403496528E}
[06/04/2008, 12:54:36] - Removing HKCR\CLSID\{B76CF1F4-ECDC-4CA1-89F8-32403496528E}
[06/04/2008, 12:54:36] - Adding Kill Bit for ActiveX for GUID: {B76CF1F4-ECDC-4CA1-89F8-32403496528E}
[06/04/2008, 12:54:36] - Deleting ATLEvents/MSEvents Registry entries
[06/04/2008, 12:54:36] - Removing HKLM\...\Winlogon\Notify\yayaWPGx
[06/04/2008, 12:54:36] - Searching for Browser Helper Objects:
[06/04/2008, 12:54:36] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/04/2008, 12:54:36] - BHO 2: {25CA76B8-A45A-415D-A0A0-DE8FC6239EE5} ()
[06/04/2008, 12:54:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:36] - Checking for HKLM\...\Winlogon\Notify\awtrOiIB
[06/04/2008, 12:54:36] - Key not found: HKLM\...\Winlogon\Notify\awtrOiIB, continuing.
[06/04/2008, 12:54:36] - BHO 3: {50be4f01-2fbb-441d-8416-808fe5bfc07e} ()
[06/04/2008, 12:54:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:36] - Checking for HKLM\...\Winlogon\Notify\dyapbgne
[06/04/2008, 12:54:36] - Key not found: HKLM\...\Winlogon\Notify\dyapbgne, continuing.
[06/04/2008, 12:54:36] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/04/2008, 12:54:36] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/04/2008, 12:54:36] - BHO 6: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[06/04/2008, 12:54:37] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/04/2008, 12:54:37] - BHO 8: {B1C794A9-4AED-44B8-976B-F66A4662C4F0} ()
[06/04/2008, 12:54:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/04/2008, 12:54:37] - Checking for HKLM\...\Winlogon\Notify\tuvUNdBs
[06/04/2008, 12:54:37] - Key not found: HKLM\...\Winlogon\Notify\tuvUNdBs, continuing.
[06/04/2008, 12:54:37] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/04/2008, 12:54:37] - BHO 10: {ed329a46-c031-7050-66d7-3cca8efc955e} (targetedbanner browser optimizer)
[06/04/2008, 12:54:37] - BHO 11: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[06/04/2008, 12:54:37] - Finished Searching Browser Helper Objects
[06/04/2008, 12:54:37] - Finishing up...
[06/04/2008, 12:54:37] - A restart is needed.
[06/04/2008, 12:54:42] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 8 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

oui, le fond d'écran c'est normal, il faut que tu le remettes.

poste le rapport Hijackthis
0
Réponse 9 / 26
Myra
 
Je ne sais pas ou il est . Je cherche mais je le retrouve pas
Dois je refaire la procédure ?
Hou la laa merci de vote patience
0
Réponse 10 / 26
Myra
 
J'ai retrouve un rapport .Sais pas si c'est le bon
SmitFraudFix v2.323

Rapport fait à 12:29:06,43, 04/06/2008
Executé à partir de C:\Documents and Settings\arethas maryse\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2158652B-56FA-4451-BBEF-0B83E2B72EDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2158652B-56FA-4451-BBEF-0B83E2B72EDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2158652B-56FA-4451-BBEF-0B83E2B72EDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 11 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Double clique sur l'icône Hijackthis sur ton Bureau

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum
0
Réponse 12 / 26
Myra
 
voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:10, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{57d5230e-f58a-afb7-aad6-e92d38efaeb8}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll" DllStart
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\nasadkqw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0
Réponse 13 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
re,

Imprime ces instructions car tu n'y auras pas accès durant le passage en mode sans échec.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 14 / 26
Myra
 
voici le dernier rapport apres avvoir executer la procedure ;
mais juste avant de vous envoyer ceci, j 'ai encore eu des fenetres intempeestives et des bips inderterminés

[b]SDFix: Version 1.187 [/b]
Run by arethas maryse on 04/06/2008 at 22:22

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\WINDOWS\SYSTEM32\INETWH32.DLL - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\WINDOWS\system32\vntiho05\vntiho051080.exe - Deleted
C:\WINDOWS\retadpu209.exe - Deleted
C:\Documents and Settings\arethas maryse\real.txt - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted

Folder C:\Program Files\Network Monitor - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\WINDOWS\system32\vntiho05 - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:36:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 28 May 2008 1,478,386 A.SH. --- "C:\WINDOWS\system32\jvfruity.tmp"
Wed 28 May 2008 1,457,185 ..SH. --- "C:\WINDOWS\system32\kmtmmjhy.tmp"
Wed 11 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 1 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"

[b]Finished![/b]
0
Réponse 15 / 26
Myra
 
Cela fait peut ête 3h que j'ai envoye le rapport . Entetemps les fenetres intempestives sont encore apparues et avast a redetecte les mêmes virus , que j'ai encore supprimes. Ils reviennet de manière récurrentes . Suis désespérée.
0
Réponse 16 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjourn

normal pour les fenêtres.

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://www.malwarebytes.com/

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse avec un nouveau rapport Hijackthis.
0
Réponse 17 / 26
Myra
 
Mon dernier rapport suite au scan
Merci

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 827

12:31:05 05/06/2008
mbam-log-6-5-2008 (12-31-05).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 135746
Temps écoulé: 41 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 25
Fichier(s) infecté(s): 107

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\awtrOiIB.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\wrx.luna.1 (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{006c2f9b-122d-438f-bac0-de3c620d2ec6} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{010653e4-75ec-4d9b-ae49-f64fc810770d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99503768-34dc-4eb7-85fd-05611b4d70c9} (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ed329a46-c031-7050-66d7-3cca8efc955e} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed329a46-c031-7050-66d7-3cca8efc955e} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e49cc34-07c5-410b-ace8-4e5438197533} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e49cc34-07c5-410b-ace8-4e5438197533} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware (Adware.Starware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{57d5230e-f58a-afb7-aad6-e92d38efaeb8} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54a58e5f (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM5796bdc3 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtroiib -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\WinAntiSpyware 2006 Scanner (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\Download (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\Download\mdqfmvtq (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Deckard\System Scanner\backup\DOCUME~1\ARETHA~1\LOCALS~1\Temp\uninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP40\A0007569.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP42\A0015823.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP42\A0016844.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP42\A0019831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP43\A0021831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP44\A0023077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP44\A0024091.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP44\A0024095.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP44\A0024110.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{28B95B92-4ADC-47B5-B9D3-0B42A08FD847}\RP44\A0024111.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaWPGx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\sr.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\support.url (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\unins000.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\unins000.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\updater.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\vbpv.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\was6.skin (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\WAS6.url (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\appupdate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\AutoProcess.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\dbupdate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\knownfiles.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\monstate.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\PortSpec.ats (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\quaratine.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\RTMonitor.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\Summary.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\tasks.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\TEBase.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2006 Scanner\database\threatnet.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\StarwareConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\StarwareUninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\U027060D2.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\416_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\416_button_1b_def.pinkcorners.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\416_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\416_button_1b_over.pinkcorners.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\416_button_8b_def.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\416_button_8b_over.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\417_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\417_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\417_button_8b_def.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\417_button_8b_over.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\blocker.cur (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Recipes\RecipesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Recipes\RecipesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\arethas maryse\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{08bfa10f-3477-979b-7bd5-885f54e3f726}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\omnqoitx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\higxqytq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrOiIB.dll (Trojan.Vundo) -> Delete on reboot.
0
Réponse 18 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

fais redémarrer l'ordi pour achever le travail de MBAM.

remets un rapport Hijackthis.
0
Réponse 19 / 26
Myra
 
Il avait deja redemarre l'ordi pour achever semble t-il le travail juste avant que je n'envoie le rapport. Mais je le referrais sans prob. Par contre comment j'obtiens a partir de la le rapport Hijackthis STP; Je te l'ai dis , je te suis en aveugle
0
Réponse 20 / 26
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

(voir post 12)

Double clique sur l'icône Hijackthis sur ton Bureau

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum
0

Discussions similaires

Fiabilité B-part ?
rachidsa -
Lepigeondebparts -

9 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses