Probleme de pc lent sur nlle config

[Coyote bleu]

Bonjour

 

j'ai posté un premier topic dans la section hardware et on m'a conseillé de de vous soummetre un rapport Hikjackthis; les probleme que je rencontre sont un pc lent en general et des performance graphique derisoire par rapport à ma config; de plus dans le gestionnaire des tache, mon unité entrale est tjs a 100 % !

 

Voila les rapport

 

 

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\U2VsemVyZQ\command.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\msbitsec.exe

C:\WINDOWS\MSmedia.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\netnav.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\TEMP\mg.exe

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\ASUS\Ai Booster\OverClk.exe

C:\windows\adtech2006a.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\sdj.exe

C:\Program Files\TRIXX\TRIXX.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

J:\Stockage\Mes documents\Download\Programmes\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\vtutt.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"

O4 - HKLM\..\Run: [Windows Taskmanager Data] csrrss.exe

O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe

O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [Windowsz] rwnt.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\paqpwr.exe reg_run

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe

O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [symwsc.exe] C:\sdj.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM\..\RunServices: [Windows Taskmanager Data] csrrss.exe

O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe

O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Taskmanager Data] csrrss.exe

O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514248546

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: vtutt - C:\WINDOWS\SYSTEM32\vtutt.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2VsemVyZQ\command.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

En esperant que cela vous evoquera quelque chose et que pourrez m'aider à résoudre mes probleme.

 

Bonne journée.

[Mark]

Bonjour Coyote bleu ;

 

Y a longtemps que je n'avais pas vu un PC aussi infecté !! My God... ton Norton doit être hors de combat, sinon tu l'aurais au visage constamment ! Il manque la partie supérieure de ton rapport HijackThis!, où l'on verrait que ton système n'est pas à jour, ce qui explique pourquoi tu es ainsi infecté. Vers, virus, trojans, spywares... tout y est, et des méchants en plus !!

 

Bon, ça risque d'être long, mais allons-y. Juste en passant, certaines de ces infections ont permis à des utilisateurs distants d'avoir accès à tes mots de passe et à de l'info perso qui se trouve sur ta bécane. Lorsque nettoyé, y faudra changer tes mots de passe, # de carte de crédit, etc..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On va passer un outil antivirus :

 

Étape 1:

Télécharge eScan Antivirus Toolkit ici. Sauvegarde-le sur ton Bureau.

Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

 

Étape 2:

Voici comment mettre l'outil à jour :

 

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

 

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

 

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

 

Ne pas lancer le scan tout de suite !

 

Étape 3:

Redémarre en mode Sans Échec : tapote la touche F8 immédiatement au redémarrage, puis choisis "Mode Sans Échec" à l'écran d'options de démarrage en utilisant les flèches du clavier, puis valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

Étape 4:

Du mode Sans Échec, voici comment utiliser le programme :

 

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

 

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

 

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

 

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

 

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

 

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

 

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

 

Ferme le programme. Redémarre ton PC en mode Normal. Autre scan maintenant :

 

Télécharge SpySweeper (de Webroot) ICI (version d'essai - 14 jours):

• Installe le programme. Une fois installé, il se lancera.
  
• L'option de le mettre à jour s'affichera; clic Yes.
  
• Lorsque les mises à jour seront installées, clic Options sur la gauche.
  
• Clic sur l'onglet Sweep Options.
  
• Sous What to Sweep, coche les options suivantes:
  • 
    
  • Sweep Memory
    
  • Sweep Registry
    
  • Sweep Cookies
    
  • Sweep All User Accounts
    
  • Enable Direct Disk Sweeping
    
  • Sweep Contents of Compressed Files
    
  • Sweep for Rootkits
    
  • DÉCOCHE Do not Sweep System Restore Folder.
    

  [*]Clic Sweep Now sur la gauche.

  [*]Clic sur Start.

  [*]Quand le scan est terminé, clic sur Next.

  [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

  [*]Tous les items cochés seront éliminés.

  [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

  [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

  [*]Clic sur l'onglet Summary, puis clic sur Finish.

  [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

Colle également un nouveau rapport HijackThis! (au complet !), ainsi que le rapport du eScan.

Modifié le 16 décembre 2005 par Qc001

[tornado]

Salut Qc001 et Coyote bleu,

 

Ce serait bien aussi qu'après le scan d'escan , tu passes un coup d' Easycleaner pour faire " le ménage" sur ton pc.

 

Pour cela, tu installes easycleaner, tu démarres en mode sans échec puis tu lances le soft. Tu choisis les fonctions "Registres" et "Inutiles" et tu ne touches pas à la fonction doublon .

Dans chaque fonction, tu recherches sur ton disque durs les fichiers concernés ( "trouver") et une fois celle-ci terminée, tu supprimes tous les fichiers trouvés ( tu risques rien)

[Coyote bleu]

Merci pour ta réponse et surtout la precision dont tu as fait preuve dans la description des differentes étapes.

 

Je m'y met des maintenant en esperant que ca soit fini ce soir.

 

Mais sinon ce ne serait pas plus simple de formater ? et de tout reinstallé sans se connecter à internet avec d'avoir installer Norton ?

Modifié le 16 décembre 2005 par Coyote bleu

[Mark]

Salut à tous

 

Ouaip, je suis d'accord pour Easy Cleaner ; ça va alléger le rapport de Spy Sweeper quelque peu ! (merci Tornado...)

[Coyote bleu]

J'ai effectuer la premiere étape en mode sans echec, mais quand j'ai redemmarer Windows et que je me suis connecter pour télecharger Spy Sweeper, tout de suite mon cpu est remonter à 100% alors qu'avant que je me reconnecte il ne dépassais plus les 20%.

 

Je suppose que je vais devoir reitteré les opération precedente, mais quel antivirus puisje utiliser à la place de Norton qui d'apres pas mal de topic est une grosse daube ! Et qu'elle conseil me donner vous pour que je ne reprenne pas des virus des que je me reconnecte ! parce que sinon c'est un cercle vicieux !

 

je vous post deja le bilan de Escan pour le disque interne avec windows, attention 104 virus detecté !

 

 

File C:\PROGRA~1\MEDIAG~1\MEDIAG~1.EXE tagged as not-a-virus:AdWare.Win32.WinAD.bt. No Action Taken.

File C:\WINDOWS\System32\paqpwr.exe infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\windows\adtech2006a.exe infected by "Trojan-Clicker.Win32.VB.kc" Virus. Action Taken: File Deleted.

File C:\sdj.exe infected by "Trojan-Proxy.Win32.Agent.if" Virus. Action Taken: File Deleted.

File C:\WINDOWS\U2VsemVyZQ\command.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\WINDOWS\MSmedia.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\WINDOWS\SYSTEM32\RDRIV.SYS infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\WINDOWS\timessquare.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\ddayw.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\eeymuux.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\ipsiepe.dll infected by "Trojan-Downloader.Win32.Qoologic.az" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\jvvjfdf.exe infected by "Trojan.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\mtjsmpp.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: File Renamed.

File C:\WINDOWS\System32\myhost.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\WINDOWS\System32\o infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\pmkji.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\vgactl.cpl infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\wuauclt.dll infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File to be deleted on reboot.

File C:\WINDOWS\System32\wugwp.dat infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Christophe\Local Settings\Temp\Del16.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.x. No Action Taken.

File C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\3VX6VHMW\rcverlib[1].exe infected by "Trojan-Downloader.Win32.Qoologic.ax" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\AHH36DVX\rcverlib[1].exe infected by "Trojan-Downloader.Win32.Qoologic.ax" Virus. Action Taken: File Deleted.

File C:\hyh.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\install.exe infected by "Trojan-Dropper.Win32.Agent.aed" Virus. Action Taken: File Deleted.

File C:\MTE3NDI6ODoxNg.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmza.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmzl.exe infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmzm.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmzp.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: File Deleted.

File C:\Program Files\MediaGateway\MediaGateway.exe tagged as not-a-virus:AdWare.Win32.WinAD.bt. No Action Taken.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\03AC1BEE.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B6B6A04.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D470C07.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FC31E58.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16E9107B.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16ED3A77.exe infected by "Backdoor.Win32.PoeBot.a" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17070A5A.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D6061C2.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37771CA8.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CAF30EA.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\445D6C77.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456F3349.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72D3550C.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\stub_113_4_0_4_0.exe infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002623.dll tagged as not-a-virus:AdWare.Win32.180Solutions.s. No Action Taken.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002636.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002654.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002672.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002805.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002809.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002817.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP22\A0003817.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP23\A0003843.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP23\A0004842.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP27\A0005026.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP27\A0005035.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP27\A0006034.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP28\A0006140.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP28\A0006156.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0006167.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0007167.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008171.exe infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008172.exe infected by "Trojan-Clicker.Win32.VB.kc" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008173.exe infected by "Trojan-Proxy.Win32.Agent.if" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008174.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008175.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008176.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008177.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008178.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008179.dll infected by "Trojan-Downloader.Win32.Qoologic.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008180.exe infected by "Trojan.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008181.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008182.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008183.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008184.cpl infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008185.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008186.exe infected by "Trojan-Dropper.Win32.Agent.aed" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008187.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008188.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008189.exe infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008190.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008191.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008192.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008193.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008194.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008195.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008196.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008197.exe infected by "Backdoor.Win32.PoeBot.a" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008198.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008199.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008200.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008201.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008202.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008203.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008204.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008205.exe infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus. Action Taken: File Deleted.

File C:\WINDOWS\Temp\drev.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\WINDOWS\Temp\mg.exe tagged as not-a-virus:AdWare.Win32.WinAD.bt. No Action Taken.

File C:\WINDOWS\Temp\res21.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.q. No Action Taken.

File C:\WINDOWS\U2VsemVyZQ\asappsrv.dll tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\WINDOWS\U2VsemVyZQ\command.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

 

 

et celui du disque dur externe, seulement un virus lol

 

File C:\WINDOWS\U2VsemVyZQ\command.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\WINDOWS\System32\wuauclt.dll infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File to be deleted on reboot.

 

 

EDIT : je vais deja installé Firefox et tout ses "patch" qui ont été "épinglé", mais que me conseillé vous comme antivirus, gratuit si possible ?

 

Je vais deja tout mettre à jour avant de "vacciner" à nouveau mon pc !

Modifié le 16 décembre 2005 par Coyote bleu

[megataupe]

Bon, en attendant l'avis de Qc001 (qui te fera sans doute désactiver

la restauration systéme en fin de nettoyage) passe un coup de Easy Cleaner

et essaie encore de charger Spy Sweeper. Si tu n'y arrives pas, tu vas essayer avec Ewido

 

Télécharger la version d'essai d'Ewido ici :

 

http://www.ewido.net/fr/

 

et l'installer (important: pendant l'installation, sur la page "Additional Options" décocher les deux options "Install background guard" et "Install scan via context menu").

 

Démarrer Ewido. Cliquer sur mise à jour, attendre la fin de cette mise à jour puis, fermer le programme.

 

Redémarrer en Mode Sans Échec, puis relancer Ewido et cliquer sur Scanner puis sur scan complet du système.

 

Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée).

 

A la fin du scan, Sauver le rapport (Fichier/Enregistrer sous...), Fermer le programme et envoyer le rapport.

 

Pour l'antivirus, tu peux garder Antivir (efficace et léger) mais, il faudra faire attention pour

désinstaller Norton, voir ici :

 

Désinstaller Norton

[Coyote bleu]

Non mais c'est bon Spy sweeper c'est lancer; donc en premier lieu j'installe Antivir (c'est eScan Antivirus Toolkit) ou un autre, est il payant ?

 

Quant à Norton je le désinstalle en suivant le tuto, mais ce une fois apres avoir installé le nouvel antivirus ? ?

 

Dois je mettre à jour windows avant de renettoyer le pc ou puis je le faire apres ?

[megataupe]

Pour Antivir qui est gratuit, voir ici :

 

- télécharger Antivir ( http://www.free-av.com ) et le paramétrer selon les indications de tesgaz ( http://speedweb1.free.fr/frames2.php?page=tuto5 )

 

Tu l'installes (hors connexion) avant de désinstaller Norton mais, ne fais pas tourner les deux

ensemble.

 

Tu pourras faire les mises à jour après nettoyage complet.

 

Bonne nuit

[Coyote bleu]

bonjour,

 

désolé pour le retard dans le réponse mais je n'ai pas eu beaucop de temps à consacrer au pc ce week-end.

 

voila le rapport de Escan du disque dur interne avant l'installation de Antivir

 

File C:\PROGRA~1\MEDIAG~1\MEDIAG~1.EXE tagged as not-a-virus:AdWare.Win32.WinAD.bt. No Action Taken.

File C:\WINDOWS\System32\paqpwr.exe infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\windows\adtech2006a.exe infected by "Trojan-Clicker.Win32.VB.kc" Virus. Action Taken: File Deleted.

File C:\sdj.exe infected by "Trojan-Proxy.Win32.Agent.if" Virus. Action Taken: File Deleted.

File C:\WINDOWS\U2VsemVyZQ\command.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\WINDOWS\MSmedia.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\WINDOWS\SYSTEM32\RDRIV.SYS infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\WINDOWS\timessquare.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\ddayw.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\eeymuux.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\ipsiepe.dll infected by "Trojan-Downloader.Win32.Qoologic.az" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\jvvjfdf.exe infected by "Trojan.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\mtjsmpp.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: File Renamed.

File C:\WINDOWS\System32\myhost.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\WINDOWS\System32\o infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\pmkji.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\vgactl.cpl infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\wuauclt.dll infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File to be deleted on reboot.

File C:\WINDOWS\System32\wugwp.dat infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Christophe\Local Settings\Temp\Del16.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.x. No Action Taken.

File C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\3VX6VHMW\rcverlib[1].exe infected by "Trojan-Downloader.Win32.Qoologic.ax" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\AHH36DVX\rcverlib[1].exe infected by "Trojan-Downloader.Win32.Qoologic.ax" Virus. Action Taken: File Deleted.

File C:\hyh.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\install.exe infected by "Trojan-Dropper.Win32.Agent.aed" Virus. Action Taken: File Deleted.

File C:\MTE3NDI6ODoxNg.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmza.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmzl.exe infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmzm.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus. Action Taken: File Deleted.

File C:\Program Files\Fichiers communs\wfmz\wfmzp.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: File Deleted.

File C:\Program Files\MediaGateway\MediaGateway.exe tagged as not-a-virus:AdWare.Win32.WinAD.bt. No Action Taken.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\03AC1BEE.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B6B6A04.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D470C07.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FC31E58.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16E9107B.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16ED3A77.exe infected by "Backdoor.Win32.PoeBot.a" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17070A5A.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D6061C2.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37771CA8.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CAF30EA.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\445D6C77.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456F3349.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72D3550C.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\stub_113_4_0_4_0.exe infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002623.dll tagged as not-a-virus:AdWare.Win32.180Solutions.s. No Action Taken.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002636.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002654.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002672.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002805.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002809.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP20\A0002817.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP22\A0003817.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP23\A0003843.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP23\A0004842.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP27\A0005026.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP27\A0005035.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP27\A0006034.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP28\A0006140.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP28\A0006156.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0006167.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0007167.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008171.exe infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008172.exe infected by "Trojan-Clicker.Win32.VB.kc" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008173.exe infected by "Trojan-Proxy.Win32.Agent.if" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008174.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008175.sys infected by "Rootkit.Win32.Agent.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008176.exe infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008177.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008178.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008179.dll infected by "Trojan-Downloader.Win32.Qoologic.az" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008180.exe infected by "Trojan.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008181.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008182.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008183.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008184.cpl infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008185.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008186.exe infected by "Trojan-Dropper.Win32.Agent.aed" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008187.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008188.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008189.exe infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008190.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008191.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008192.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008193.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008194.exe infected by "Backdoor.Win32.PoeBot.d" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008195.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008196.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008197.exe infected by "Backdoor.Win32.PoeBot.a" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008198.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008199.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008200.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008201.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008202.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008203.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008204.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{E23A187E-313A-4E39-8A7D-8BF8C80EDC29}\RP29\A0008205.exe infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus. Action Taken: File Deleted.

File C:\WINDOWS\Temp\drev.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\WINDOWS\Temp\mg.exe tagged as not-a-virus:AdWare.Win32.WinAD.bt. No Action Taken.

File C:\WINDOWS\Temp\res21.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.q. No Action Taken.

File C:\WINDOWS\U2VsemVyZQ\asappsrv.dll tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\WINDOWS\U2VsemVyZQ\command.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

 

 

 

voila celui du disque dur externe toujours avant l'installation de antivir

 

File C:\WINDOWS\U2VsemVyZQ\command.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\WINDOWS\System32\wuauclt.dll infected by "Trojan-Downloader.Win32.Qoologic.at" Virus. Action Taken: File to be deleted on reboot.

 

voila maintenant le rapport de Ewido tjs avant Antivir

 

---------------------------------------------------------

ewido security suite - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 15:30:40, 17/12/2005

+ Somme de contrôle: 65DCDB3B

 

+ Résultats du scan:

 

HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder

HKU\.DEFAULT\Software\zango -> Spyware.Zango : Nettoyer et sauvegarder

HKU\S-1-5-18\Software\zango -> Spyware.Zango : Nettoyer et sauvegarder

C:\dcrt.exe -> Proxy.Agent.ih : Nettoyer et sauvegarder

:mozilla.17:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder

:mozilla.19:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder

:mozilla.20:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.21:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.22:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.23:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.24:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.25:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.26:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.27:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.28:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder

:mozilla.29:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder

:mozilla.30:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder

:mozilla.31:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder

:mozilla.32:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@atdmt[1].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@ehg-ati.hitbox[1].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@hitbox[2].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@valueclick[2].txt -> Spyware.Cookie.Valueclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Local Settings\Temp\Del16.tmp -> Spyware.180Solutions : Nettoyer et sauvegarder

C:\Program Files\Fichiers communs\wfmz\wfmzd\wfmzc.dll -> Downloader.Small : Nettoyer et sauvegarder

C:\WINDOWS\MSmedia.exe.mwt -> Backdoor.Agobot.afk : Nettoyer et sauvegarder

C:\WINDOWS\system32\myhost.exe.mwt -> Backdoor.Agobot.afk : Nettoyer et sauvegarder

C:\WINDOWS\Temp\res21.tmp -> Spyware.180Solutions : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

 

 

Apres j'ai installé windows sp2, antivir , il m'a reperé tout un tat de cochonerie que je lui ai fait éffacé. Ensuite j'ai relancé un scan par ewido, voila le résultat (jusque la je ne suis pas connecté à internet.)

---------------------------------------------------------

ewido security suite - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 15:30:40, 17/12/2005

+ Somme de contrôle: 65DCDB3B

 

+ Résultats du scan:

 

HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder

HKU\.DEFAULT\Software\zango -> Spyware.Zango : Nettoyer et sauvegarder

HKU\S-1-5-18\Software\zango -> Spyware.Zango : Nettoyer et sauvegarder

C:\dcrt.exe -> Proxy.Agent.ih : Nettoyer et sauvegarder

:mozilla.17:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder

:mozilla.19:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder

:mozilla.20:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.21:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.22:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.23:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.24:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.25:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.26:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.27:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder

:mozilla.28:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder

:mozilla.29:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder

:mozilla.30:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder

:mozilla.31:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder

:mozilla.32:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@atdmt[1].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@ehg-ati.hitbox[1].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@hitbox[2].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@valueclick[2].txt -> Spyware.Cookie.Valueclick : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Cookies\christophe@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder

C:\Documents and Settings\Christophe\Local Settings\Temp\Del16.tmp -> Spyware.180Solutions : Nettoyer et sauvegarder

C:\Program Files\Fichiers communs\wfmz\wfmzd\wfmzc.dll -> Downloader.Small : Nettoyer et sauvegarder

C:\WINDOWS\MSmedia.exe.mwt -> Backdoor.Agobot.afk : Nettoyer et sauvegarder

C:\WINDOWS\system32\myhost.exe.mwt -> Backdoor.Agobot.afk : Nettoyer et sauvegarder

C:\WINDOWS\Temp\res21.tmp -> Spyware.180Solutions : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

 

Apres je rétablit la connexion et met à jour Antivir, il me repere à nouveau des "trojan" qu'il éfface, et nouveau rapport

---------------------------------------------------------

ewido anti-malware - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 20:05:12, 20/12/2005

+ Somme de contrôle: AE82DE71

 

+ Résultats du scan:

 

:mozilla.6:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.7:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.8:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder

:mozilla.9:C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\0mtbue5g.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

et pour finir, un rapport hijackthis fait en dernier

 

Logfile of HijackThis v1.99.1

Scan saved at 21:30:08, on 20/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\msbitsec.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\TRIXX\TRIXX.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

J:\Stockage\Mes documents\Download\Programmes\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\vtutt.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514248546

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: vtutt - C:\WINDOWS\SYSTEM32\vtutt.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2VsemVyZQ\command.exe (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Microsoft Background Intelligent Transfer Update Version 2.0 (MBIT) - Unknown owner - C:\WINDOWS\system32\msbitsec.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NT Net Driver (NtNav) (NtNav) - Unknown owner - C:\WINDOWS\system32\netnav.exe (file missing)

 

 

 

Voila, j'espere avoir fait tout ce qu'il fallais et avoir virer toutes ces saloperies ?