infection par Win32:Adware-gen.[Adw](resolu par gof,thanks))

Gof · le 24 janvier 2008

Bonsoir abricot31

Oui tout semble bien aller à présent. As-tu des soucis particuliers suite aux manipulations que nous avons effectuées ensemble ?

Afin de confirmer, fais ceci :

Fais un scan en ligne Kaspersky
Clique sur Accept
Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
clique une nouvelle fois sur "Accept"
Les bases de mises à jour vont s'installer, patiente un moment
Clique sur Next.
Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Colle ce rapport dans ta réponse sur le forum.

Aide en cas de problème :Cybersécurité

NOTE: Le scan est à faire avec Internet Explorer.

abricot31 · le 25 janvier 2008

bonjour gof dieu merci je n ai eu aucun pblem sauf ce matin , g eu une fenetre de spybot me disant qu une modification importante du registre a eu lieu au sujet du fichier "mssecure.exe" et ma demandé si j acceptai ou non (cette modif) j ai choisi d accepter j esper avoir pris la bonne decision!!! bonne journée a toi !!!

abricot31 · le 25 janvier 2008

waooo super kaspersky online scanner j aime bien!!! voici son rapport merci bien!!! gof

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, January 25, 2008 12:26:30 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 25/01/2008

Kaspersky Anti-Virus database records: 532093

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 63454

Number of viruses found: 2

Number of infected objects: 5

Number of suspicious objects: 0

Duration of the scan process: 00:55:31

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\.housecall6.6\Quarantine\facebook.com-carpeta5.zip.bac_a02972/pictura-002.JPEG-www.facebook.com Infected: Backdoor.Win32.IRCBot.aqz skipped

C:\Documents and Settings\user\.housecall6.6\Quarantine\facebook.com-carpeta5.zip.bac_a02972 ZIP: infected - 1 skipped

C:\Documents and Settings\user\.housecall6.6\Quarantine\facebook.com-carpeta5.zip.bac_a02972 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\call1024.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\call256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\call512.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\callmember256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat1024.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat16384.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat2048.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat4096.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat512.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chat8192.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg16384.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg32768.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatmsg8192.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatsync\2b\2b6fb8257bddb884.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatsync\94\94e31cf687650799.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatsync\98\98e9b860707c36ab.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatsync\c5\c533eed3e7fa4bea.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\chatsync\e8\e89ce40667015ae9.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\index2.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\profile4096.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\transfer256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\transfer512.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\user1024.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\user16384.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\user256.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\user32768.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\user4096.dbb Object is locked skipped

C:\Documents and Settings\user\Application Data\Skype\soufianou1\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Ares\My Shared Folder\avg anti-spyware plus 7 5 1 43 3339 patched multilingual-rel.rar/Setup + Patch.exe Infected: Trojan.Win32.Pakes.bzo skipped

C:\Documents and Settings\user\Local Settings\Application Data\Ares\My Shared Folder\avg anti-spyware plus 7 5 1 43 3339 patched multilingual-rel.rar CAB: infected - 1 skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{98C79A28-BB8A-4F9F-B7F8-88910C9E04F6}\RP408\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Internet Logs\USER-6C29F98C60.ldb Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT01975.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT01979.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

abricot31 · le 25 janvier 2008

salut gof!!! comment faire pour suprimmer les virus et object trouvé par kaspersky online g appuyer sur "new scan" et suite a nouveau scan , ben c le meme resultat , les virus n ont il pas ete chassé??

Gof · le 26 janvier 2008

Bonsoir abricot31

bonjour gof dieu merci je n ai eu aucun pblem sauf ce matin , g eu une fenetre de spybot me disant qu une modification importante du registre a eu lieu au sujet du fichier "mssecure.exe" et ma demandé si j acceptai ou non (cette modif) j ai choisi d accepter j esper avoir pris la bonne decision!!! bonne journée a toi !!!

Oui tu as bien fait.

Bien pour l'analyse en ligne. Mais ce que je vois n'est pas bien. Je vois une version de AVG AS qui n'est pas propre ! Où as-tu été la télécharger ?

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que Unregister Dll's and Ocx's soit coché.
Copie-colle dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved

C:\Documents and Settings\user\.housecall6.6
C:\Documents and Settings\user\Local Settings\Application Data\Ares\My Shared Folder\avg anti-spyware plus 7 5 1 43 3339 patched multilingual-rel.rar

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results. Copie le résultat.
Clique sur Exit pour fermer.
Colle le résultat dans ta prochain réponse.

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes. Et poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom [nombres_nombres].log

Profites en également pour désinstaller les entrées suivantes en passant par le Panneau de configuration>Ajout/suppression de programmes :

J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1

Ce sont des vieilles versions dont tu n'as pas besoin, vu que tu es à jour.

Joins un nouveau HijackThis avec tout ça. Comment se comporte le pc à présent ?

abricot31 · le 26 janvier 2008

bonjour gof voici le rapport de "otmoveit" ;

C:\Documents and Settings\user\.housecall6.6\Update\AU_Cache moved successfully.

C:\Documents and Settings\user\.housecall6.6\Update moved successfully.

C:\Documents and Settings\user\.housecall6.6\Quarantine moved successfully.

C:\Documents and Settings\user\.housecall6.6\Pattern\AU_Backup\3\524288 moved successfully.

C:\Documents and Settings\user\.housecall6.6\Pattern\AU_Backup\3\2048 moved successfully.

C:\Documents and Settings\user\.housecall6.6\Pattern\AU_Backup\3 moved successfully.

C:\Documents and Settings\user\.housecall6.6\Pattern\AU_Backup moved successfully.

C:\Documents and Settings\user\.housecall6.6\Pattern moved successfully.

C:\Documents and Settings\user\.housecall6.6\log moved successfully.

C:\Documents and Settings\user\.housecall6.6\Licences moved successfully.

C:\Documents and Settings\user\.housecall6.6\jars moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Temp moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Log moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Backup\3\536875008 moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Backup\3 moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Backup\2\268435712 moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Backup\2 moved successfully.

C:\Documents and Settings\user\.housecall6.6\AU_Backup moved successfully.

C:\Documents and Settings\user\.housecall6.6 moved successfully.

File/Folder C:\Documents and Settings\user\Local Settings\Application Data\Ares\My Shared Folder\avg anti-spyware plus 7 5 1 43 3339 patched multilingual-rel.rar not found.

Created on 01/26/2008 08:31:58

en fait g fait la meme erreur que pour choper win 32,g telecharger une application a partir d un p2p en l occurence "avg anti spy"(ares) hier en lisant le rapport kaspersky j ai decider de le suprimmer!! je continuerai apres excuse moi je n ai pas tro le temps!! a bientot gof (merci)

abricot31 · le 26 janvier 2008

re bonjour gof comme tu me la demandé g suprimmé les anciennes versions java et voici le dernier rapport hijack this :

Logfile of HijackThis v1.99.1

Scan saved at 12:56:24, on 26/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\SpeedRam2\Speedram.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meteomedia.com/weather/agxx0006/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [speedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: www.secuser.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE1FDF38-FA70-4FA0-85C3-4C79A04FFB93}: NameServer = 208.67.222.222 193.55.10.102

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pour mon pc ben a vrais dire je ne sent aucune difference et ce meme apres infection par win32 (dieu merci) par contre il y a un pblem qui persiste depuis l achat de cet ordi ,souven il y a une bulle " windows memoire insufisente"je croyai que j allai en finir avec en ajoutant 512 de ram ce mois ci ben a ma grande surprise non je continue a avoir cette bulle de temps en temps ( il est vrais que ce n est pas aussi souven que qd j avais que 512-en ce moment g 2 fois 512)voila !!! merci beaucoup gof !!!! c hyper sympa de ta part!!

abricot31 · le 26 janvier 2008

tien je note une amelioration au nivau de vitesse de connexion, il me semble que les pages s affiche plus vite que d habitude

Gof · le 27 janvier 2008

Bonjour abricot31

Bien, on arrive au bout. Je te fais désinstaller et supprimer les outils qu'on a utilisés. Puisque ton pc ne présente aucun disfonctionnement, je te fais désactiver et réactiver ta restauration système de sorte d'effacer tous tes anciens points de restauration. Histoire de repartir sur des bases saines. Suis la manipulation indiquée :

Ne t'inquiète pas, en la réactivant, Windows recréera automatiquement un point de restauration qui sera, lui, propre. Procède comme ceci :

-clic droit sur Poste de travail / Propriétés / onglet Système de restauration
- coche la case "Désactiver le système de restauration..."

- clique sur "Appliquer" puis "oui"

- - redémarre, reviens sur ce panneau

- décoche la case "Désactiver le système de restauration..." pour remettre les choses en place.

- clique sur "Appliquer" puis "Ok"

Pour une aide visuelle, tu peux consulter ce lien de Bruce lee.

Supprime l'archive winseeker.zip ainsi que le répertoire winSeeker.

Télécharge ToolsCleaner sur ton Bureau:

Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Coche les options facultatives : Nettoyage des fichiers temporaires & Vidage de la corbeille
Clique sur Quitter, pour que le rapport puisse se créer.
Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

abricot31 · le 29 janvier 2008

salut gof comment vas tu ?? tu m excuse stp je n ai pas encore eu le temps de faire la restauration !!

Connexion

Pas encore inscrit ?

infection par Win32:Adware-gen.[Adw](resolu par gof,thanks))

Messages recommandés

Gof

abricot31

abricot31

abricot31

Gof

abricot31

abricot31

abricot31

Gof

abricot31

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer