Chargement en cours...
Connexion au forum informatique de Sur-la-Toile
La discussion « Probleme avec winantivirus ,error safe, system doctor... » se trouve dans le forum « Dépannage Informatique »
Statut de la discussion » Probleme avec winantivirus ,error safe, system doctor... « ( normale)

Probleme avec winantivirus ,error safe, system doctor...

Le 16-03-2007 à 15:51 #

Salut a tous,

J'ai besoin de votre aide, j'ai très très souvent des pages de winantivirus, error safe ou system doctor qui s'affiche.

Je vous laisse mon rapport :

Logfile of HijackThis v1.99.1
Scan saved at 15:53:34, on 16/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Office Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.macollectiondemaillotdelom.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3AA7DDC9-10BE-4B33-ABC1-B80C3646DAD4} - C:\WINDOWS\system32\byxyyvs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\jvkuhdlx.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\qagqkete.dll
O2 - BHO: (no name) - {E4BC4A4E-54E1-454D-8FEE-4B7057461A8B} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {EFFD6F0E-A9BE-401C-968C-C97DF8CD4ABa} - C:\WINDOWS\system32\wnmyihhm.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xnetrrio.dll",setvm
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.presslabo.com/importer/MypixUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139323911573
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxyyvs - C:\WINDOWS\SYSTEM32\byxyyvs.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Je vous remercie par avance de votre gentillesse.


Ajout du 16-03-2007 à 15:53:

Voici ensuite mon autre rapport avec :

SmitFraudFix v2.148

Rapport fait à 15:55:46,85, 16/03/2007
Executé à partir de C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\dr.exe PRESENT !
C:\WINDOWS\Tasks\At1.job PRESENT !
C:\WINDOWS\Tasks\At2.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Geoffroy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Geoffroy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Geoffroy\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\patcher.exe PRESENT !
C:\Program Files\serial.dat PRESENT !
C:\Program Files\serial.zip PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci une fois de plus de votre aide.


Ajout du 16-03-2007 à 16:11:

Et enfin mon dernier rapport :

03/16/07 16:00:33 [Info]: BlackLight Engine 1.0.55 initialized
03/16/07 16:00:33 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/16/07 16:00:33 [Note]: 7019 4
03/16/07 16:00:33 [Note]: 7005 0
03/16/07 16:00:35 [Note]: 7006 0
03/16/07 16:00:35 [Note]: 7011 2036
03/16/07 16:00:36 [Note]: 7026 0
03/16/07 16:00:36 [Note]: 7026 0
03/16/07 16:00:44 [Note]: FSRAW library version 1.7.1021
03/16/07 16:12:35 [Note]: 7007 0

Merci à vous.

Le 16-03-2007 à 20:02 #

Salut geoditnene,

et bienvenue sur la toile

Tu as une infection Vundo, entre autres (car il me semble que tu es très infecté )

Télécharger sur le Bureau : VundoFix

= Double-clic VundoFix.exe.
= Clic OK
=Attendre le redemarrage de Vundofix
=Clic Scan for Vundo
= le scan est assez long , à la fin
=Clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
= le rapport se trouve dans C:\vundofix.txt

tu postes le rapport vundofix
et tu refais un scan hijackthis("do a system sca only") tu coches ces deux lignes:
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678

et tu repostes un nouveau rapport.

A plus


[ Ce message a été modifié par : : scoob1 le 16-03-2007 20:06 ]

Le 16-03-2007 à 20:22 #

Voici mon rapport :


VundoFix V6.3.16

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 20:15:31 16/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\afiwclmy.exe
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\byxvsro.dll
C:\WINDOWS\system32\byxyyvs.dll
C:\WINDOWS\system32\cbawalya.exe
C:\WINDOWS\system32\giparsvq.exe
C:\WINDOWS\system32\gyjtapny.dll
C:\WINDOWS\system32\hflclrln.exe
C:\WINDOWS\system32\jvkuhdlx.dll
C:\WINDOWS\system32\jvueuahm.exe
C:\WINDOWS\system32\kphfqpvi.exe
C:\WINDOWS\system32\ldydyswh.exe
C:\WINDOWS\system32\llaqqadb.exe
C:\WINDOWS\system32\ofeptdac.dll
C:\WINDOWS\system32\pjparvwl.exe
C:\WINDOWS\system32\pxgwftls.exe
C:\WINDOWS\system32\qagqkete.dll
C:\WINDOWS\system32\qqfqwypv.dll
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rubjssgn.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\tjjjtwgb.exe
C:\WINDOWS\system32\trxdksnw.exe
C:\WINDOWS\system32\tuvtuvv.dll
C:\WINDOWS\system32\uoqwurtd.exe
C:\WINDOWS\system32\uxthytro.exe
C:\WINDOWS\system32\vjhpwnxb.exe
C:\WINDOWS\system32\vlsebqex.exe
C:\WINDOWS\system32\vuumensb.exe
C:\WINDOWS\system32\xqxmcalg.exe
C:\WINDOWS\system32\xvakoqpi.exe
C:\WINDOWS\system32\ycpbglkr.exe
C:\WINDOWS\system32\yltcuyhe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\afiwclmy.exe
C:\WINDOWS\system32\afiwclmy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvsro.dll
C:\WINDOWS\system32\byxvsro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyyvs.dll
C:\WINDOWS\system32\byxyyvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbawalya.exe
C:\WINDOWS\system32\cbawalya.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\giparsvq.exe
C:\WINDOWS\system32\giparsvq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gyjtapny.dll
C:\WINDOWS\system32\gyjtapny.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hflclrln.exe
C:\WINDOWS\system32\hflclrln.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvkuhdlx.dll
C:\WINDOWS\system32\jvkuhdlx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvueuahm.exe
C:\WINDOWS\system32\jvueuahm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kphfqpvi.exe
C:\WINDOWS\system32\kphfqpvi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ldydyswh.exe
C:\WINDOWS\system32\ldydyswh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\llaqqadb.exe
C:\WINDOWS\system32\llaqqadb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ofeptdac.dll
C:\WINDOWS\system32\ofeptdac.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pjparvwl.exe
C:\WINDOWS\system32\pjparvwl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pxgwftls.exe
C:\WINDOWS\system32\pxgwftls.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qagqkete.dll
C:\WINDOWS\system32\qagqkete.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqfqwypv.dll
C:\WINDOWS\system32\qqfqwypv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rubjssgn.dll
C:\WINDOWS\system32\rubjssgn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tjjjtwgb.exe
C:\WINDOWS\system32\tjjjtwgb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\trxdksnw.exe
C:\WINDOWS\system32\trxdksnw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtuvv.dll
C:\WINDOWS\system32\tuvtuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uoqwurtd.exe
C:\WINDOWS\system32\uoqwurtd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxthytro.exe
C:\WINDOWS\system32\uxthytro.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vjhpwnxb.exe
C:\WINDOWS\system32\vjhpwnxb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlsebqex.exe
C:\WINDOWS\system32\vlsebqex.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vuumensb.exe
C:\WINDOWS\system32\vuumensb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xqxmcalg.exe
C:\WINDOWS\system32\xqxmcalg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvakoqpi.exe
C:\WINDOWS\system32\xvakoqpi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycpbglkr.exe
C:\WINDOWS\system32\ycpbglkr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yltcuyhe.dll
C:\WINDOWS\system32\yltcuyhe.dll Has been deleted!

Performing Repairs to the registry.
Done!

Je vais faire ce que tu m'as dit ensuite mais surtout merci d'avance!!


Ajout du 16-03-2007 à 20:29:

J ai bien trouvé les deux cases à cocher mais je ne sais pas ce qu'il faut faire ensuite.

"Save log", "Fix checked", "Info on selected item...", "Info", "Config" ou "Add checked to ignorelist"?

Merci

Le 16-03-2007 à 20:38 #

salut

tu dois faire fix checked

mais c'est pas fini

# Exécute les anti-spywares suivants :

* Télécharger et installer AVG antispyware, clique ici.
o Pendant l'installation décoche "Install background guard (required for automatic updates)" et "Install scan via context menu".
o lance AVG et mets-le à jour
o Redémarre en mode sans échec, (en tapotant F8 au démarrage)
o Lance AVG
o clique "Complete System Scan"

# Refaire un log HiJackthis et le poster et aussi le rapport AVG

Le 16-03-2007 à 21:24 #

Voici mon 1er rapport :

Logfile of HijackThis v1.99.1
Scan saved at 20:51:46, on 16/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Office Keyboard Driver\PS2USBKbdDrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.macollectiondemaillotdelom.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C05C0E27-240E-4838-ADEC-8F3C3FD2573E} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {EFFD6F0E-A9BE-401C-968C-C97DF8CD4ABa} - C:\WINDOWS\system32\wnmyihhm.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xnetrrio.dll",setvm
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.presslabo.com/importer/MypixUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139323911573
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

et celui de AVG :

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:26:35 16/03/2007

+ Résultat de l'analyse:



HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Ignoré.
C:\Program Files\TBONBin -> Adware.BetterInternet : Ignoré.
C:\Program Files\TBONBin\TBONInst.cfg -> Adware.BetterInternet : Ignoré.
C:\Program Files\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Ignoré.
C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Ignoré.
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : Ignoré.
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : Ignoré.
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL -> Adware.IESearch : Ignoré.
C:\WINDOWS\system32\P2P Networking v126.cpl -> Adware.P2PNet : Ignoré.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Ignoré.
C:\Program Files\serial.dat/dr.exe -> Adware.Virtumonde : Ignoré.
C:\Program Files\serial.zip/dr.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP421\A0075085.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP421\A0075086.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP421\A0075106.dll -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\byxvsro.dll.bad -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\byxyyvs.dll.bad -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\tuvtuvv.dll.bad -> Adware.Virtumonde : Ignoré.
C:\WINDOWS\dr.exe -> Adware.Virtumonde : Ignoré.
C:\documents.exe -> Adware.Virtumonde : Ignoré.
C:\my.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072605.exe -> Downloader.VB.ft : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072607.exe -> Downloader.VB.ft : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072608.exe -> Downloader.VB.ft : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072601.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072604.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Ignoré.
C:\RECYCLER\S-1-5-21-1220945662-789336058-725345543-1003\Dc5.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072602.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP406\A0072603.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP419\A0074863.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
:mozilla.19:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.92:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.93:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.95:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.55:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.56:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.57:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.104:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@bfast[1].txt -> TrackingCookie.Bfast : Ignoré.
:mozilla.94:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.20:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Bpath : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@ads50.bpath[2].txt -> TrackingCookie.Bpath : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@clickbank[2].txt -> TrackingCookie.Clickbank : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@com[1].txt -> TrackingCookie.Com : Ignoré.
:mozilla.97:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.98:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.99:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignoré.
:mozilla.32:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
:mozilla.59:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Ivwbox : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignoré.
:mozilla.38:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré.
:mozilla.39:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré.
:mozilla.40:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Liveperson : Ignoré.
:mozilla.119:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignoré.
:mozilla.144:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.145:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.146:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.147:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.148:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.149:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.150:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.151:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@revsci[2].txt -> TrackingCookie.Revsci : Ignoré.
:mozilla.75:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.76:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.77:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.33:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.34:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.156:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
:mozilla.85:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.86:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.87:C:\Documents and Settings\Geoffroy\Application Data\Mozilla\Firefox\Profiles\mgeee9sb.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Geoffroy\Cookies\geoffroy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP397\A0071886.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP398\A0071951.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP403\A0072259.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP403\A0072343.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP403\A0072505.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP404\A0072516.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP408\A0072675.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP410\A0074025.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP411\A0074085.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP412\A0074163.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP413\A0074201.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP414\A0074244.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP414\A0074272.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP415\A0074325.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP416\A0074397.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP418\A0074469.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP419\A0074561.dll -> Trojan.Agent.acl : Ignoré.
C:\System Volume Information\_restore{62754F20-961D-4C82-8DC8-F99972CC70C7}\RP419\A0074875.dll -> Trojan.Agent.acl : Ignoré.


Fin du rapport

Merci

Le 16-03-2007 à 22:05 #

faut recommencer AVG

= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
------------------------
= Dans ANALYSE
==> Paramètres ==> sous COMMENT REAGIR==>Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important

Le 16-03-2007 à 22:05 #

re,

Bon l'infection vundo n'est plus là !

Pour le rapport AVG, je peux pas l'analyser car je connais pas.

Si GS passe par là

Pour hijackthis, tu refais un scan "do a system scan only" , tu coches les lignes suivantes et tu cliques ensuite sur "fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C05C0E27-240E-4838-ADEC-8F3C3FD2573E} - C:\WINDOWS\system32\ssqrr.dll (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Ensuite:

Télécharger sur le bureau : navilog1.zip

= Double-Clic navilog1.zip
= Extraire tout ( ou extraire sans confirmation ou unzip)
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

le rapport se trouve dans c: fixnavi.txt

tu postes le rapport navilog ainsi qu'un autre rapport hijackthis

A plus

Edit : ben voilà, GS est passé par là. Salut

[ Ce message a été modifié par : : scoob1 le 16-03-2007 22:06 ]
» Liste des Forums » Dépannage Informatique




Ces discussions pourraient vous intéresser également:


virus error safe encore lui
system doctor !
system doctor est download.com!
SYSTEM DOCTOR... une nouvelle victime...
Comment supprimer les pop ups(, system doctor, spyware secure...)??

Sujets Connexes

Arakien & WéWé


Forums

Navigation


Publicité

Connectés

Il y a actuellement 551 visiteurs et 11 toiliens en ligne, ainsi que 10 connectés sur le tchat.

Recherche

Annonces


Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 1349 millisecondes sur WWW1.