(resolu)infection tenace!!!

[okok77]

Bonjour

Mon Ordi est pas mal infecté....voici le rapport que Zonk m,a dit de vous envoyer..

merci a l'avance

OKOK77

 

 

 

 

Avira AntiVir Personal

Report file date: 7 décembre 2008 16:03

 

Scanning for 1076607 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: DANK

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 22:37:18

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 14:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 19:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 14:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:39:27

ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 21:02:02

ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 07/12/2008 21:02:03

ANTIVIR3.VDF : 7.1.0.199 2048 Bytes 07/12/2008 21:02:04

Engineversion : 8.2.0.42

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 17:05:56

AESCRIPT.DLL : 8.1.1.17 336251 Bytes 04/12/2008 22:36:48

AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 22:39:57

AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 22:39:55

AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 22:39:52

AEOFFICE.DLL : 8.1.0.32 196987 Bytes 05/12/2008 22:36:38

AEHEUR.DLL : 8.1.0.74 1519990 Bytes 04/12/2008 22:36:44

AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 22:36:31

AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 22:36:15

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 17:05:56

AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 22:36:13

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 17:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 15:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 16:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 22:39:35

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 18:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 15:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 19:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 00:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 19:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 19:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 20:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 20:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 7 décembre 2008 16:03

 

Starting search for hidden objects.

'70316' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'imapi.exe' - '1' Module(s) have been scanned

Scan process 'wmplayer.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'jucheck.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'LogiTray.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

40 processes with 40 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '56' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\daniel\Bureau\Anti-Malware 1.30.0.0\Setup.exe

[0] Archive type: RSRC

--> Object

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '49b03db9.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn11

[0] Archive type: CAB (Microsoft)

--> AntivirusPro2009.exe

[DETECTION] Is the TR/Fakealert.HO Trojan

[NOTE] A backup was created as '49a04118.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn12

[0] Archive type: CAB (Microsoft)

--> AVEngn.dll

[DETECTION] Is the TR/Fakealert.HO Trojan

[NOTE] A backup was created as '49a04119.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn14

[0] Archive type: CAB (Microsoft)

--> htmlayout.dll

[DETECTION] Contains recognition pattern of the SPR/Fake.XPAntiSp.2 program

[NOTE] A backup was created as '49a0411a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn15

[0] Archive type: CAB (Microsoft)

--> wscui.cpl

[DETECTION] Is the TR/Fakealert.HO Trojan

[NOTE] A backup was created as '4820e1a3.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\daniel\Local Settings\Temp\Répertoire temporaire 7 pour Malwarebytes Anti Malware 1.13.zip\Setup.exe

[DETECTION] Is the TR/Agent.tvb Trojan

[NOTE] A backup was created as '49b04148.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\daniel\Mes documents\FrostWire\Saved\Malwarebytes Anti Malware 1.13.zip

[0] Archive type: ZIP

--> Setup.exe

[DETECTION] Is the TR/Vundo.DVD Trojan

[NOTE] A backup was created as '49a841fb.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Program Files\Free Offers from Freeze.com\RegistryHelperINT2.ico

[DETECTION] Contains recognition pattern of the SPR/Fake.RegHelpe.A program

[NOTE] A backup was created as '49a343c4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Program Files\Morpheus\morpheustoolbar.exe

[0] Archive type: RSRC

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/MyWebSearch.U application

[NOTE] A backup was created as '49ae44f1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1560\A0153348.exe

[DETECTION] Is the TR/Dldr.FraudLoad.vdoj Trojan

[NOTE] A backup was created as '496d4586.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1563\A0153471.cpl

[DETECTION] Is the TR/Fakealert.HO Trojan

[NOTE] A backup was created as '496d459b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1563\A0153499.exe

[DETECTION] Is the TR/Dldr.FraudLoad.vdoj Trojan

[NOTE] A backup was created as '496d459d.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1563\A0153500.exe

[DETECTION] Is the TR/Dldr.FraudLoad.vdoj Trojan

[NOTE] A backup was created as '4812dc86.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1564\A0153541.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

[NOTE] A backup was created as '496d45a1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1588\A0156998.exe

[0] Archive type: RSRC

--> Object

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '496d45e0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1588\A0156999.ico

[DETECTION] Contains recognition pattern of the SPR/Fake.RegHelpe.A program

[NOTE] A backup was created as '496d45e1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1588\A0157000.exe

[0] Archive type: RSRC

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/MyWebSearch.U application

[NOTE] A backup was created as '4812dcfa.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\WINDOWS\system32\Tools\Restart.exe

[DETECTION] Contains recognition pattern of the SPR/Destart.A program

[NOTE] A backup was created as '49af4a9c.qua' ( QUARANTINE )

[NOTE] The file was deleted!

Begin scan in 'D:\' <LECTEUR_C>

D:\WINDOWS\SYSTEM32\Tools\Restart.exe

[DETECTION] Contains recognition pattern of the SPR/Destart.A program

[NOTE] A backup was created as '49af4af6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\System Volume Information\_restore{1E508242-EB52-41DD-BBE9-255C179A7376}\RP1588\A0157002.exe

[DETECTION] Contains recognition pattern of the SPR/Destart.A program

[NOTE] A backup was created as '496d4bb8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

 

 

End of the scan: 7 décembre 2008 17:17

Used time: 1:14:16 Hour(s)

 

The scan has been done completely.

 

7730 Scanning directories

289565 Files were scanned

20 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

20 files were deleted

0 files were repaired

20 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

289544 Files not concerned

4509 Archives were scanned

2 Warnings

20 Notes

70316 Objects were scanned with rootkit scan

0 Hidden objects were found

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:19:37, on 2008-12-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\daniel\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab

O20 - AppInit_DLLs: karna.dat

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

--

End of file - 8296 bytes

 

 

 

ouffff

Merci encore

Modifié le 19 janvier 2009 par okok77

[Falkra]

Bonsoir, il y a une infection.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : Si MBAM te demande à redémarrer, fais-le.

[Zonk]

Allo Falkra et merci pour tout!!

okok77 est un grand ami...il m'a envoyé le rapport MBAM directement à moi (okok77 n'est pas très habitué des forums)....je vais l'aviser de faire acte de présence

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1406

Windows 5.1.2600 Service Pack 2

 

2008-11-18 12:22:43

mbam-log-2008-11-18 (12-22-43).txt

 

Type de recherche: Examen rapide

Eléments examinés: 46520

Temps écoulé: 5 minute(s), 27 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 24

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 15

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ustart.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini10894.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\daniel\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

 

Édit:

okok77ne semble pas avoir fait l'analyse complète...je l'avise via email.....

Modifié le 18 décembre 2008 par Zonk

[Falkra]

Ha bah tu m'étonnes que ça va mieux.

 

L'analyse rapide c'est ce qui était demandé, et ça suffit, pas de problème.

 

Il me faut un nouveau rapport HijackThis maintenant.

[Zonk]

Allo

Ha bah tu m'étonnes que ça va mieux.

J'ai dit ca??? ou???

@+

[Falkra]

Je ne sais pas où, mais ça roule mieux.

 

A suivre, un log HijhackThis stp (enfin stp à lui).

[Zonk]

Je ne sais pas où, mais ça roule mieux.

 

A suivre, un log HijhackThis stp (enfin stp à lui).

Ca devrait venir...il a de la difficulté à apprivoisé le principe du forum...mais ca viendra assez rapidement !

[Zonk]

Allo Falkra

Ce sympathique de okok77 m'a encore envoyé le rapport à moi-même

 

 

Le voici:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:12:26, on 2008-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\daniel\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office\OSA9.EXE

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab

O20 - AppInit_DLLs: karna.dat

O20 - Winlogon Notify: UpdateNf - C:\WINDOWS\SYSTEM32\updatenf.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

--

End of file - 8613 bytes

 

@+ et merci pour mon chum okok77

Modifié le 19 décembre 2008 par Zonk

[Falkra]

Ok, il en reste, on continue.

 

• Télécharge SmitFraudFix de S!Ri sur le bureau :
  http://siri.urz.free.fr/Fix/SmitfraudFix.exe
  
• Note: si tu as une version de SmitfraudFix, ne l'utilise pas, élimine là et télécharge la dernière version.
  
• Double-clique sur smitfraudfix.exe
  
• Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
  
• Poste le rapport sur le forum dans ta prochaine réponse. (si tu ne le trouves pas, il est dans "C:\rapport.txt")
  

 

Si un virus est détecté par ton antivirus ou un autre logiciel (genre riskTool.win32.reboot), n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il faut partie de l'outil et des antivirus qui y voient un danger potentiel.

[okok77]

Bonjour

Je voudrait te remercier Falkra et tous ceux qui on voulus m'aider a nettoyer mon pc

Mais finalement j'ai opté pour un format C...ce fut radical mais efficace..fini les trojans et compagnie!

Merci a toi Zonk fidel compagnon d'arme!

bonne journée a tous!

OKOK77