Se connecter / S'enregistrer
Votre question

probleme ordi infecté

Tags :
  • Scan
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Juillet 2007 01:30:24

bonsoir, je suis en galère sur mon pc.j'ai AVG comme antivirus ki m'a détecté plusieurs trojan horse generic, worm delf.ni et virus found downloader obfuscated...que du beau monde.
Ne sachant pas trop comment faire pour me débarasser de tout ça je vous demande de l'aide..je suis totalement perdu..
Merci d'avance à la personne qui voudra bien m'aider un peu

Autres pages sur : probleme ordi infecta

26 Juillet 2007 10:45:12

Merci pour ton aide.je viens de lancer le scan je dois m'absenter pendant kelkes heures.je t'envoie le rapport dés que je rentre.
Contenus similaires
26 Juillet 2007 13:59:01

scan terminé et ça n'a pas l'air très encourageant humhum
BitDefender Online Scanner



Scan report generated at: Thu, Jul 26, 2007 - 12:29:30





Scan path: A:\;C:\;D:\;E:\;F:\;H:\;







Statistics

Time
01:39:48

Files
290143

Folders
2325

Boot Sectors
6

Archives
9340

Packed Files
11735




Results

Identified Viruses
5

Infected Files
8

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
8




Engines Info

Virus Definitions
640953

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

D:\Documents and Settings\RoYaLdEaD\Application Data\mediastorejugs\WindowMeal.exe
Infected with: Trojan.Obfuscated.GT

D:\Documents and Settings\RoYaLdEaD\Application Data\mediastorejugs\WindowMeal.exe
Disinfection failed

D:\Documents and Settings\RoYaLdEaD\Application Data\mediastorejugs\WindowMeal.exe
Deleted

D:\Documents and Settings\RoYaLdEaD\Local Settings\Temp\bisA6.exe
Infected with: Trojan.Obfuscated.GT

D:\Documents and Settings\RoYaLdEaD\Local Settings\Temp\bisA6.exe
Disinfection failed

D:\Documents and Settings\RoYaLdEaD\Local Settings\Temp\bisA6.exe
Deleted

D:\Program Files\Adverts\uninst.exe
Infected with: Trojan.Peed.Gen

D:\Program Files\Adverts\uninst.exe
Disinfection failed

D:\Program Files\Adverts\uninst.exe
Deleted

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di125\TTweak-XPPro\Patch 02.exe
Infected with: Trojan.Keygen.Q

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di125\TTweak-XPPro\Patch 02.exe
Disinfection failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di125\TTweak-XPPro\Patch 02.exe
Deleted

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di133\TQuickStarTime\Keygen QuickStarTime 3.x.exe=>(NSIS o)=>lzma_solid_nsis0001
Infected with: Trojan.Agent.SK

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di133\TQuickStarTime\Keygen QuickStarTime 3.x.exe=>(NSIS o)=>lzma_solid_nsis0001
Disinfection failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di133\TQuickStarTime\Keygen QuickStarTime 3.x.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di133\TQuickStarTime\Keygen QuickStarTime 3.x.exe=>(NSIS o)
Update failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di135\Tweak-XP Professional 4.0.7 By [5uxXxoR]\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar=>Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
Infected with: Trojan.Keygen.Q

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di135\Tweak-XP Professional 4.0.7 By [5uxXxoR]\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar=>Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
Disinfection failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di135\Tweak-XP Professional 4.0.7 By [5uxXxoR]\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar=>Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
Deleted

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di135\Tweak-XP Professional 4.0.7 By [5uxXxoR]\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar
Update failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di143\Crack Slysoft Suite 1.31.exe
Infected with: Trojan.Patch.G

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di143\Crack Slysoft Suite 1.31.exe
Disinfection failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di143\Crack Slysoft Suite 1.31.exe
Deleted

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di147\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar=>Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
Infected with: Trojan.Keygen.Q

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di147\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar=>Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
Disinfection failed

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di147\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar=>Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
Deleted

H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di147\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar
Update failed


kes ke tu penses de tout ça?










26 Juillet 2007 14:25:17

change ton antivirus c est il est pas terrible si ca peu t interesser lit ce comparatif
http://www.clubic.com/article-77079-1-guide-comparatif-...
choisi plutot Antivir Personal 7 ou kapersky qui est bien mais il faut 1 minimum de performance pour le faire tourner, sinon personnellement j ai avast qui est bien pour ma part
26 Juillet 2007 14:32:13

merci pour le conseil...je pense ke je repartirai avec antivir, jai eu de bons echos...
sinon pas d'idées sur comment me sortir de ce bric à brac d'infections??
26 Juillet 2007 14:50:27

fait 1 essaie avec antivir on mode sans echec, tu auras peut etre des resultats
26 Juillet 2007 18:00:40

Il y a des truc qu'il faut suprimmer manuellement mais d'abord, esque ca te gênerait si tu réinstallerais completement quick time et Tweak car ils sont infectés.
26 Juillet 2007 18:13:05

je suis pas encore chez moi mais je n'ai pas ni tweak ni quick time d'installés quasiment sur a 95% je trouve ça bizarre...jai les logiciels ds un fichier mais ils st pas installés...

26 Juillet 2007 19:04:06

Salut,

en effet AVG en antivirus c'est moyen :/  ...si tu peux installe Antivir et refais une analyse ( n'oublie pas de désinstaller AVG avant ;) 

Fais ceci également:

---> Télécharger HijackThis

->Le mettre dans un dossier dédié
( sur le bureau par exemple, dossier nommé HijackThis)
->Dézipper le dans le dossier
->Clique Droit sur Hijackthis :
-> Choisir " Renommer "
-> Taper Scanner.exe puis valider

-> Lancer l'application
-> Choisir l'option "Do a system scan and save a logfile"
-> Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
-> Copier/coller dans le prochain message
AIDE SUR http://www.malekal.com/tutorial_HijackThis.html
26 Juillet 2007 19:20:00

ok je viens de rentre je m'en occupe de suite!
merci du coup de main en tout cas
26 Juillet 2007 21:31:44

ça y est rapport de antivir puis logfile de hijackthis


AntiVir PersonalEdition Classic
Report file date: jeudi 26 juillet 2007 20:05

Scanning for 986937 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: RoYaLdEaD
Computer name: XPSP2-58BCB5359

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 17:33:51
ANTIVIR2.VDF : 6.39.0.177 762368 Bytes 23/07/2007 17:33:51
ANTIVIR3.VDF : 6.39.0.189 163328 Bytes 26/07/2007 17:33:51
AVEWIN32.DLL : 7.4.0.50 2650624 Bytes 26/07/2007 17:33:51
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 26/07/2007 17:33:51
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: D:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 26 juillet 2007 20:05

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
Scan process 'lanceur.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '15' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'H:\' <Carpe diem>
H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di135\Tweak-XP Professional 4.0.7 By [5uxXxoR]\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar
[0] Archive type: RAR
--> Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
[DETECTION] Is the Trojan horse TR/Keygen.Q.20
[INFO] The file was moved to '470df40f.qua'!
H:\RECYCLER\S-1-5-21-1292428093-1563985344-839522115-1003\Di147\Tweak-XP Professional 4.0.7 By [5uxXxoR].rar
[0] Archive type: RAR
--> Etape 3 [Crack]\Tweak-XP Pro 4.0.7 Retail Patch.exe
[DETECTION] Is the Trojan horse TR/Keygen.Q.20
[INFO] The file was moved to '470df456.qua'!


End of the scan: jeudi 26 juillet 2007 21:26
Used time: 1:20:36 min

The scan has been done completely.

2194 Scanning directories
208049 Files were scanned
2 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
208047 Files not concerned
3290 Archives were scanned
1 Warnings
3 Notes
0 Hidden objects were found








Logfile of HijackThis v1.99.1
Scan saved at 21:32:13, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\RoYaLdEaD\Bureau\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/welcome/?varclt=3&login=yve...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Stupid Data Dart Wave] D:\Documents and Settings\All Users\Application Data\flag ace stupid data\cool the.exe
O4 - HKLM\..\Run: [seek obj fast wave] D:\Documents and Settings\All Users\Application Data\Two Idol Wave Flag\Bird Mode Rdr.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RULE ITCH] D:\DOCUME~1\ROYALD~1\APPLIC~1\MEDIAS~1\WindowMeal.exe
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = D:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

28 Juillet 2007 17:50:08

Re,

Tu télécharges trop de cracks :pfff:  ..mais bon..:

Note ou imprime ces instructions sous Bloc Notes ou Word


fais ceci:

--->Télécharger sur ton bureau : http://www.malekal.com/download/clean.zip


->Démarrer AVG Anti-Spyware 7.5
->Cliquer sur Mise à jour.
->Sous Mise à jour manuelle cliquer sur "Commencer la mise à jour"
et attendre la fin de cette mise à jour
puis fermer le programme

--->Télécharger sur le bureau Ccleaner

************************************
REDEMARRER EN MODE SANS ECHEC ************************************

1.Cliquer sur Ccleaner
Cliquer sur "Lancer le nettoyage"
Une fois terminé, sélectionne la liste apparue dans le côté droit de la fenêtre du logiciel ( c'est ce qui a été effacé) et colle le dans le bloc-note.
Fermer Ccleaner

2.Relancer AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?",
cliquer sur:
"Actions recommandées"
choisir "Quarantaine"
Re-cliquer sur l'onglet "Analyse"
puis réaliser une "Analyse complète du système"
A la fin du scan, choisir l'option " Appliquer toutes les actions "
en bas.
Cliquer sur "Enregistrer le rapport"
puis sur "Enregistrer le rapport sous"
Enregistrer ce fichier texte sur ton bureau.

3.Va sur le bureau et fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu cliques sur "extrait tout ou extraire ici".
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Un rapport va etre généré


Redemarrer normalement et poster:

le log de Ccleaner
le log AVG
le log de Clean
et un nouveau Hijackthis.

bon courage :jap: 
29 Juillet 2007 14:34:33

slt je me suis occupé de tout ça...merci pour la marche à suivre c kool
log ccleaner
ANALYSE COMPLETE - (22,999 secs)
------------------------------------------------------------------------------------------
317,6MB ont été supprimés. (Taille approximative)
------------------------------------------------------------------------------------------

Détails des fichiers à supprimer (Note: AUCUN fichier n'a pour l'instant été supprimé)
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 2821) 298,7MB
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@abmr[2].txt 260 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@action.metaffiliation[1].txt 158 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@ad.cibleclick[2].txt 107 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@ad.yieldmanager[1].txt 580 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@atdmt[2].txt 96 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@badoo[1].txt 220 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@bluestreak[1].txt 302 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@bs.serving-sys[2].txt 125 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@c.msn[2].txt 67 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@chansons[2].txt 82 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@clickintext[2].txt 166 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@club-internet[1].txt 622 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@cybermonitor[1].txt 87 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@dailymotion[2].txt 191 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@delb.myspace[2].txt 164 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@divx.adbureau[1].txt 136 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@doctissimo[2].txt 421 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@doubleclick[1].txt 81 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@edt02[2].txt 898 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@em.aveno[1].txt 78 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@estat[1].txt 79 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@forum.telecharger.01net[1].txt 86 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr-fr[2].txt 70 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.13.slidein.clickintext[2].txt 290 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.14.slidein.clickintext[2].txt 473 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.15.slidein.clickintext[2].txt 472 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.16.slidein.clickintext[2].txt 291 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.20.slidein.clickintext[2].txt 289 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.26.slidein.clickintext[2].txt 652 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.29.slidein.clickintext[1].txt 560 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@fr.netlog[2].txt 424 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@google[1].txt 130 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@hotmail.msn[1].txt 71 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@infos-du-net.fr.intellitxt[1].txt 130 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@infos-du-net[2].txt 186 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@live[1].txt 330 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@login.live[2].txt 179 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@lop[1].txt 63 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@mediaplex[1].txt 79 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@meetic[2].txt 478 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@meetyourmessenger[1].txt 606 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@messenger.msn[1].txt 95 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@msn[1].txt 429 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@myspace[2].txt 441 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@nb.myspace[2].txt 273 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@netlog[2].txt 325 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@overture[1].txt 97 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@r4v3n[2].txt 330 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@rad.live[2].txt 700 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@rad.msn[2].txt 690 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@serviceswitching[1].txt 147 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@serving-sys[2].txt 459 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@smartadserver[2].txt 373 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@tfc[1].txt 407 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@tradedoubler[2].txt 106 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@watzatsong[1].txt 380 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@weborama[1].txt 321 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.01net[2].txt 72 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.cibleclick[1].txt 107 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.dailymotion[1].txt 305 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.infos-du-net[1].txt 360 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.lop[1].txt 66 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.malwarecomplaints[2].txt 195 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.meetyourmessenger[1].txt 137 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.paroles[2].txt 343 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.watzatsong[1].txt 81 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@xiti[2].txt 100 bytes
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@yahoo[2].txt 158 bytes
Marqué pour l'effacement: D:\Documents and Settings\RoYaLdEaD\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marqué pour l'effacement: D:\Documents and Settings\RoYaLdEaD\Cookies\index.dat
Poubelle vidée (1 fichiers) 16,3MB
D:\WINDOWS\TEMP\Upd5.tmp 0 bytes
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\bbassistant.log 43,36KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\java_install.log 0 bytes
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\java_install_reg.log 288 bytes
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\jinstall.cfg 1,13KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\jrelog.txt 24,74KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\jusched.log 581 bytes
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\12nzlQytaOaVHX1g89VoUzWY1tE= 3,49KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\1BckauYMgN9Fl0CL1PnTmZk9jjg= 17,90KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\2dQit2CEYZB2FPvgUYqkkUlUXvPI= 27,22KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\3STAYvqM+eoA9TSD1KJzt2F2q9oQ= 28,73KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\4EmYHB7owRuE0q3XAyjop2M6OFI= 26,16KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\88DMy0M+3o9gl94pWUKMlpLsK1A= 11,83KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\9R7kuSSr1JYDNzBJqj0+OErPdpI= 27,91KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\akQ8t8zszUlMl8533RtF+CPtuzc= 24,65KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\aXG0IyK7gm66BBjrsL12FbAw0cIk= 1,68KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\chOjKEEvDyWBo7gYJ11y62FjSG0E= 24,28KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\CwxbfTZUg+EHkSFpvs1nMX2FPAWQ= 3,00KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\dT2F3l3USqxWQR3K5qw23fgvcOwM= 988 bytes
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\dWfua9e2pqwQqHUcKMTM+HtIe2Y= 27,92KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\FFrLE1kkU05k4oxtVMHUiOzlRYg= 2,54KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\fMnZKByKyLrAepiFmSwf8OqIlLE= 1,96KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\Frh35njPbHRj4SqTrWfSOBCaTw8= 11,56KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\I7fo+9rhxDbghHL8g3PDD0fWufQ= 22,60KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\ltCAi0lNt03znxzXQmU64gox82M= 2,34KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\MAFtI0iYlE97JEb3XhLpeLmjX14= 20,27KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\mz+laZiB42AMgs5vyrgHBxxbHlc= 2,16KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\o0X6o0opoq3WnMRYzloQPOYvass= 13,88KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\rTbnuXHiA6c8ipdEaL5MF5IeaHk= 26,18KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\uLhjKL823TGa2VcoGX5NiXueb0A= 831 bytes
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\V8PeV8n4hIB1NSMGKFVGy8BSmhE= 3,11KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\VM59+75dcwdBXkXcUNY2imkerZY= 3,27KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\Vqj5ViYSQ7ceCJQt5e6wb3K14x0= 2,08KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\XMT31HJ0MueqtumbGXKIGufy7Hc= 23,65KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\YwJX8Ph10D2FCq2LKmhYuZAZre2Q= 24,36KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\MessengerCache\z03GofCz43AKXzCEc3PBqfotZ2g= 1,33KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\mod57.tmp 21,12KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\nsd55.tmp\ConnectionTester.dll 92,00KB
D:\DOCUME~1\ROYALD~1\LOCALS~1\Temp\nsd55.tmp\System.dll 9,00KB
D:\WINDOWS\system32\wbem\Logs\wbemess.log 18,55KB
D:\WINDOWS\system32\wbem\Logs\wbemprox.log 844 bytes
D:\WINDOWS\system32\wbem\Logs\wmiprov.log 7,66KB
D:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 64,02KB
D:\WINDOWS\0.log 0 bytes
D:\WINDOWS\setupact.log 75 bytes
D:\WINDOWS\setupapi.log 15,06KB
D:\WINDOWS\setuperr.log 0 bytes
D:\WINDOWS\Sti_Trace.log 0 bytes
D:\WINDOWS\wiadebug.log 216 bytes
D:\WINDOWS\wiaservc.log 50 bytes
D:\WINDOWS\WindowsUpdate.log 39,41KB
D:\WINDOWS\ntbtlog.txt 0,11MB
D:\WINDOWS\Debug\UserMode\userenv.log 5,23KB
D:\WINDOWS\SchedLgU.Txt 4,22KB
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\#SharedObjects\65MLY8G2\images.badoo.com\385\-\-\flash\Baloon.swf\ConnectType2.sol 64 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\#SharedObjects\65MLY8G2\meetic.fr\event\connector_event.swf\ConnectorEvent_v1.sol 142 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\#SharedObjects\65MLY8G2\meetic.fr\messenger\connector_messenger.swf\meetic_chat_v2.sol 55 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\#SharedObjects\65MLY8G2\meetic.fr\messenger\connector_messenger.swf\saveTempMv3.sol 42 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\#SharedObjects\65MLY8G2\meetic.fr\saveMv3.sol 99 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\#SharedObjects\65MLY8G2\www.dailymotion.com\flash\flvplayer.swf\userPreferences.sol 66 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.badoo.com\settings.sol 86 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#meetic.fr\settings.sol 79 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol 89 bytes
D:\Documents and Settings\RoYaLdEaD\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 418 bytes
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 396 bytes
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\avguard.log 6,16KB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\sched.log 1,16KB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\Upd-2007-07-28-20-22-13.log 22,20KB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\UPDATE\vdf1.vdf 0,35MB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\UPDATE\vdf2.vdf 0,35MB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\UPDATE\vdf3.vdf 0,35MB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\UPDATE\vdf4.vdf 0,35MB
D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\UPDATE\vdf5.vdf 0,35MB
------------------------------------------------------------------------------------------









log avg as


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 14:16:10 29/07/2007

+ Résultat de l'analyse:



D:\Documents and Settings\RoYaLdEaD\Bureau\sécurité\lopremover.zip/lopremover.exe -> Adware.Lop : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Bureau\sécurité\lopremover\lopremover.exe -> Adware.Lop : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@lop[1].txt -> TrackingCookie.Lop : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@www.lop[1].txt -> TrackingCookie.Lop : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport








log clean


29/07/2007 a 14:18:05,96

*** Recherche des fichiers dans D:
D:\StubInstaller.exe FOUND

*** Recherche des fichiers dans D:\WINDOWS\

*** Recherche des fichiers dans D:\WINDOWS\system32

*** Recherche des fichiers dans D:\Program Files
"D:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND
*** Fin du rapport !




log hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 14:19:50, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\RoYaLdEaD\Bureau\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/welcome/?varclt=3&login=yve...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RULE ITCH] D:\DOCUME~1\ROYALD~1\APPLIC~1\MEDIAS~1\WindowMeal.exe
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = D:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe




voila

30 Juillet 2007 11:11:28

Re,

dsl du retard, je fais ça depuis un cyber café..donc pas forcement de la place :/  ...

Sinon :


Citation :
Aucune action entreprise.


Il faut que tu recommences AVG...

Donc fais ceci:

Note ou imprime les instructions suivantes

Redemarrer en mode sans echec, puis:

1.recommence l'analyse avec AVG stp en faisant ce que j'ai écrit précedemment..

2.
Va sur le dossier "Clean" puis clique sur le fichier clean, et une fois lancé, lance l'option 2 en appuyant sur la touche 2 de ton clavier pour effectuer le nettoyage.

3.Relancer Hijackthis
Cliquer cette fois sur "do a system scan only"
Cocher dans les cases à gauche les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)



Ensuite redemarre normalement, puis fais ceci:

4.--->Telecharger Navilog1

->L'enregistrer sur ton Bureau
->double clic sur Navilog1.exe ( le .exe peut ne pas apparaitre )
Il s’éxécutera automatiquement
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
->Suivre les invites et choisir l'option 1 puis valider

NE PAS UTILISER LES OPTIONS 2,3,4 sans notre avis!

->Attendre jusqu'à " analyse terminé le ........... "
->Appuyer sur une touche comme demandé

Copier / Coller le rapport généré ( C:\fixnavi.txt ) dans ta réponse


Puis,

Aller sur le site http://virusscan.jotti.org/fr/

dans l'emplacement en haut à côté de "Parcourir", copier/coller ceci:
D:\DOCUME~1\ROYALD~1\APPLIC~1\MEDIAS~1\WindowMeal.exe

Puis cliquer sur parcourir, et selectionner WindowMeal.exe

et cliquer sur " envoyer" dès que ce sera possible

Une fois le scan terminé, copier/coller le rapport ( ou faire un screenshot assez grand pour qu'on puisse lire le résultat, comme ttu veux ;)  )


Je récapitule donc:

à la fin tu dois poster dans ta prochaine réponse:

le nouveau log AVG (fait correctement)
le log clean ( avec l'option 2 effectuée)
le nouveau log Hijackthis
le log Navilog ( C:\fixnavi.txt)
et le log Virus Scan Jotti

++
30 Juillet 2007 12:32:02

ok merci je moccupe de ça et je te recontacte
30 Juillet 2007 20:30:46

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:27:58 30/07/2007

+ Résultat de l'analyse:



D:\System Volume Information\_restore{DF57D8A6-A0ED-4C15-B415-2E3B66B02B1E}\RP1\A0000052.exe -> Adware.Lop : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
D:\Documents and Settings\RoYaLdEaD\Cookies\royaldead@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport

Logfile of HijackThis v1.99.1
Scan saved at 20:31:43, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\RoYaLdEaD\Bureau\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/welcome/?varclt=3&login=yve...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RULE ITCH] D:\DOCUME~1\ROYALD~1\APPLIC~1\MEDIAS~1\WindowMeal.exe
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = D:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe



puis pbme quand j'essaye de faire marcher navilog 1 antivir détecte un vir.heur kan je le réinstalle...
jai du faire de la mer... quelque part
pfff ça me gave!!



30 Juillet 2007 20:33:35

jai fé nimporte koi je me suis encore planté pour avg...je recommence ou ça a tout chnagé ce ke jai fé...dsl je suis mort de fatigue je fais nawak
31 Juillet 2007 16:56:08

Salut,

Citation :
puis pbme quand j'essaye de faire marcher navilog 1 antivir détecte un vir.heur kan je le réinstalle...


Ignore cette alerte..enfin je pense

Citation :
nimporte koi je me suis encore planté pour avg


Non no c'et ok pour AVG ;) ...j'attends le reste..prends ton temps :hello: 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS