Fond d'écran bleu à cause d'Antivirus XP 2008

Résolu
Siria -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Comme beaucoup d'autres en ce moment, je viens d'être affectée par Antivirus XP 2008. A force de lire des messages depuis 15h cette âprès-midi j'ai réussi à enlever un peu le faux antivirus.

Mais certains problèmes persistes ><. Premièrement j'ai toujours dans "msconfig" le dossier où était le virus ("rhcgj9j0e717") alors qu'il est décohé et qu'il n'apparaît plus dans le disc C.
Deuxièmement mon fond d'écran est bleu avec le message suivant : "WARNING ! Spyware detected on your computer ! Install an antivirus or spyware remover to clean your computer". Je ne peux pas changer le fond d'écran car certaines commandes de Windows ont disparues dans "Affichage".
Troisièmement, de temps en temps Avast! me dit que j'ai le virus VBS:Malware-gen alors que je l'ai supprimé au moins trois fois. Quoique en ce moment il ne me le dit plus...

Pourriez vous m'aidez s'il vous plaît ?

Merci par avance !
Configuration: Windows XP
Internet Explorer 7.0

9 réponses

  1. unselig Messages postés 164 Statut Membre 20
     
    changer votre antivirus
    0
  2. Maarek2b Messages postés 41 Statut Membre 9
     
    Hum Hum.

    Il y a 2 solutions courtes mais Brutale ou alors une solution longue ( Voir Tres Loooongue ) mais embettante.

    - Formate ton Pc, tu garde tout ce dont tu as besoin ( Cle Usb , Cd...) et tu formate tout le reste
    - Re-installe ton Windows, c'est Pratique mais il faudra apres par la suite re-installer les pilotes Audio, Video, MB etc...

    - Continue de lutter contre tes virus et Spyware. Je te conseil néanmoins de Le faire avec Deux logiciels : kaspersky et Spyboot S&D, c'est les plus connus.

    Pour ton fond d'ecran, ca doit etre un autre virus qui fait ca.
    Lorsque tu scan ton pc ou que tu supprime des virus, debranche ta connexions internet. Certains virus sont des " Ecrans Emmetteurs ", lorsque tu le supprime, il telecharge a ton insu son clone. En clair, tu verras que t'aura toujour ton virus meme si tu le supprime 99 fois.

    Les 3 solution que j'ai proposées sont les trois plus efficaces a ton niveau d'infection. quoique il pourrait y en avoir d'autre mais sje te conseille tout de meme de ré-installer Windows, ca supprimera ainsi les inscriptions faites sur le registres par tes infections.
    0
    1. barbara55
       
      Oh stp REPOND-MOI si tu sais, je suis sure que tu sais..

      mes mises à jours automatiques se désactivent , je ne sais pas pourquoi?A LA FERMETURE DE MON PC ???

      obligée de REACTIVER à chaque ouverture du PC, après de nombreuses recherches pour solutionner ce souci...impossible JE SUIS DESESPEREE

      et mon PC cours 1 risque !!! pff MERCI D'AVANCE DE ME REPONDRE LE + VITE POSSIBLE ?merçi merçi
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > barbara55
         
        cré ton propre message

        merci
        0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  4. Siria
     
    Woaw !!
    Merci pour vos reponses rapide^^

    Incroyable, j'ai fait le scan avec MalwareByte est le fond d'écran bleu a disparu ! J'ai de nouveau les fonctions de Windows pour changer le fond d'écran !! ^^

    Merci !!!!

    Je met quand même les deuxrapports, au cas où j'aurais encore quelque chose.

    Rapport de MalwereByte :

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 967
    Windows 5.1.2600 Service Pack 2

    23:59:59 19/07/2008
    mbam-log-7-19-2008 (23-59-59).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 98309
    Temps écoulé: 37 minute(s), 58 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 27

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcgj9j0e717 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphclj9j0e717 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\LYDIE\Local Settings\Temp\ac8zt2\epgx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsa5A.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsf4D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsk57.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsn50.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nss54.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsx5D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphclj9j0e717.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphclj9j0e717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phclj9j0e717.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    Woaw !!
    Merci pour vos reponses rapide^^

    Incroyable, j'ai fait le scan avec MalwareByte est le fond d'écran bleu a disparu ! J'ai de nouveau les fonctions de Windows pour changer le fond d'écran !! ^^

    Merci !!!!

    Je met quand même les deuxrapports, au cas où j'aurais encore quelque chose.

    Rapport de MalwereByte :

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 967
    Windows 5.1.2600 Service Pack 2

    23:59:59 19/07/2008
    mbam-log-7-19-2008 (23-59-59).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 98309
    Temps écoulé: 37 minute(s), 58 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 27

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcgj9j0e717 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphclj9j0e717 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Application Data\rhcgj9j0e717\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\LYDIE\Local Settings\Temp\ac8zt2\epgx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsa5A.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsf4D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsk57.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsn50.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nss54.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\nsx5D.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphclj9j0e717.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphclj9j0e717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phclj9j0e717.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LYDIE\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

    ***********

    Rapport de Hijhackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:10:16, on 20/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\oopmagentts.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagentts.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: OFFICE One Startup v7.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Siria
     
    Oups

    j'ai mis deux fois le même message mais je ne trouve pas la fonction éditer

    -_-'

    Je supprimerai le second post dès que je l'aurai trouvé
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait malwarebyte's a fait le menage!!

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    ____________

    pour voir si rien d'autre:

    colle le rapport d'un scan en ligne
    avec un des suivants: (désactive avast le temps du scan)

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

    si rien dans le scan en ligne c'est bon pour toi

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT +
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  8. Siria Messages postés 2 Date d'inscription   Statut Membre
     
    Bonjour !

    J'ai fais avec Panda et il me detecte 21 fiichiers inferctés et 59 vulnérables :s. Mais il faut que je paye si je veux qu'il les supprime.

    **************

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-07-20 21:10:27
    PROTECTIONS: 1
    MALWARE: 21
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.8.1227 [VPS 080720-0] 4.8.1227 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00039738 Exploit/URLSpoof HackTools No 0 Yes No C:\Program Files\OFFICE One 7.0\share\template\fr\Présentations Arrière-Plan\Marbre.otp[meta.xml]
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@doubleclick[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@atdmt[2].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@tradedoubler[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@mediaplex[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@xiti[1].txt
    00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@fe.lea.lycos[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@ad.yieldmanager[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@apmebf[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@bs.serving-sys[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@weborama[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@advertising[1].txt
    00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@media.adrevolver[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@statse.webtrendslive[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@ads.pointroll[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@bluestreak[1].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@adrevolver[2].txt
    00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@searchportal.information[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\LYDIE\Cookies\lydie@smartadserver[1].txt
    03128601 Adware/MalwareProtector2008 Adware No 0 Yes No C:\System Volume Information\_restore{6C9955C6-B2C4-493D-8142-ABBDEF640E18}\RP63\A0004301.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location w
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description w
    ;===================================================================================================================================================================================
    184380 MEDIUM MS08-002 w
    184379 MEDIUM MS08-001 w
    182048 HIGH MS07-069 w
    182046 HIGH MS07-067 w
    182043 HIGH MS07-064 w
    179553 HIGH MS07-061 w
    176382 HIGH MS07-057 w
    176383 HIGH MS07-058 w
    170907 HIGH MS07-046 w
    170906 HIGH MS07-045 w
    170904 HIGH MS07-043 w
    164915 HIGH MS07-035 w
    164913 HIGH MS07-033 w
    164911 HIGH MS07-031 w
    160623 HIGH MS07-027 w
    157262 HIGH MS07-022 w
    157261 HIGH MS07-021 w
    157260 HIGH MS07-020 w
    157259 HIGH MS07-019 w
    156477 HIGH MS07-017 w
    150253 HIGH MS07-016 w
    150249 HIGH MS07-013 w
    150248 HIGH MS07-012 w
    150247 HIGH MS07-011 w
    150243 HIGH MS07-008 w
    150242 HIGH MS07-007 w
    150241 MEDIUM MS07-006 w
    141034 HIGH MS06-076 w
    141033 MEDIUM MS06-075 w
    137571 HIGH MS06-070 w
    133387 MEDIUM MS06-065 w
    133386 MEDIUM MS06-064 w
    133385 MEDIUM MS06-063 w
    133379 HIGH MS06-057 w
    129977 MEDIUM MS06-053 w
    129976 MEDIUM MS06-052 w
    126093 HIGH MS06-051 w
    126092 MEDIUM MS06-050 w
    126087 HIGH MS06-046 w
    126086 MEDIUM MS06-045 w
    126082 HIGH MS06-041 w
    126081 HIGH MS06-040 w
    123421 HIGH MS06-036 w
    123420 HIGH MS06-035 w
    120825 MEDIUM MS06-032 w
    120823 MEDIUM MS06-030 w
    120818 HIGH MS06-025 w
    120815 HIGH MS06-022 w
    117384 MEDIUM MS06-018 w
    114666 HIGH MS06-015 w
    108744 MEDIUM MS06-008 w
    108743 MEDIUM MS06-007 w
    108742 MEDIUM MS06-006 w
    104567 HIGH MS06-002 w
    104237 HIGH MS06-001 w
    96574 HIGH MS05-053 w
    93395 HIGH MS05-051 w
    93394 HIGH MS05-050 w
    93454 MEDIUM MS05-049 w
    ;===================================================================================================================================================================================

    *******************
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok il y en a un dans ta restauration

    __________________

    désactive la restauration système pour purger les virus qui seraient dedans puis réactive là :

    https://www.informatruc.com

    _________________

    voilà c'est fini!!!
    0
  10. Siria Messages postés 2 Date d'inscription   Statut Membre
     
    Voilà c'est fait !

    Merci beaucoup pour ton aide ! ^^
    0