comment se debarasser d'un truc...

Si vous avez des infections (Virus/Vers/Malware spywares, pubs etc... :)

Modérateurs: Mods Windows, Helper

comment se debarasser d'un truc...

Messagepar copica » 13 Avr 2007 18:23

Bonjour !!

Et oui c'est encore moi PDT_014

Voilà j'ai fait un scan en ligne avec Panda et il m'a trouvé 4 virus (desinfectés) mais je voudrai me debarasser de Mywebsearch et je ne sais pas comment faire !

voici le rapport de Panda et le truc a enlevé et en premiere ligne :


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Stéphanie\Bureau\APPZ\eChanblard.exe[EvID4226Patch.exe]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@weborama[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@xiti[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@azjmp[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@atdmt[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@ads.pointroll[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@mediaplex[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@fl01.ct2.comclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@doubleclick[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@bluestreak[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@ad.yieldmanager[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@server.iad.liveperson[4].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@tradedoubler[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[data.coremetrics.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.weborama.fr/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[server.iad.liveperson.net/hc/65768308]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[fl01.ct2.comclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\cookies-3.txt[.xiti.com/]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Stéphanie\Application Data\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\crtdcghcn.jar-2ffd5a2c-4e02ac9c.zip[Dvnny.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Stéphanie\Application Data\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\crtdcghcn.jar-2ffd5a2c-4e02ac9c.zip[Dex.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Stéphanie\Application Data\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\crtdcghcn.jar-2ffd5a2c-4e02ac9c.zip[Dix.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Stéphanie\Application Data\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\crtdcghcn.jar-2ffd5a2c-4e02ac9c.zip[Dux.class]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.011\FILE0002.CHK[.xiti.com/]
Spyware:Cookie/Comclick Not disinfected C:\FOUND.011\FILE0007.CHK


Merci d'avance !!

copica
newbie expert
newbie expert
 
Messages: 72
Inscription: 27 Fév 2007 17:55
Localisation: dans mon salon

Author Topic copica

 

Messagepar Malekal_morte » 13 Avr 2007 18:28

Salut,

Essaye :
Menu Démarrer puis tape regedit et clic sur OK.
Dans la partie de gauche déroule l'arborescence suivante , en cliquant sur les + : hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
fais un clic droit sur {147A976F-EEE1-4377-8EA7-4716E4CDD239} puis supprimer.

Refais un scan.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Communauté - infos/news sécurité :
Facebook : Communauté malekal.com sur Facebook
GooglePlus : Communauté malekal.com sur GooglePlus

Stop publicités - popups intempestives
Supprimer-virus.com : guide de suppression de malwares

S'inscrire à la newsletters malekal.com pour se tenir informé des menaces

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 67888
Inscription: 10 Sep 2005 13:57

Messagepar copica » 13 Avr 2007 18:37

Ok !

Je vais faire ça !

copica
newbie expert
newbie expert
 
Messages: 72
Inscription: 27 Fév 2007 17:55
Localisation: dans mon salon

Messagepar copica » 13 Avr 2007 19:48

ça y est toujours mais sous une forme differente :


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Stéphanie\Bureau\APPZ\eChanblard.exe[EvID4226Patch.exe]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@bluestreak[2].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@fl01.ct2.comclick[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[data.coremetrics.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.weborama.fr/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[server.iad.liveperson.net/hc/65768308]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[fl01.ct2.comclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\cookies-3.txt[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.011\FILE0002.CHK[.xiti.com/]
Spyware:Cookie/Comclick Not disinfected C:\FOUND.011\FILE0007.CHK

copica
newbie expert
newbie expert
 
Messages: 72
Inscription: 27 Fév 2007 17:55
Localisation: dans mon salon

Messagepar Malekal_morte » 13 Avr 2007 19:49

Ca sent le faux positif Panda.

tu peux poster un rapport HijackThis pour voir.
Ce dossier existe : c:\program files\mywebsearch ?
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Communauté - infos/news sécurité :
Facebook : Communauté malekal.com sur Facebook
GooglePlus : Communauté malekal.com sur GooglePlus

Stop publicités - popups intempestives
Supprimer-virus.com : guide de suppression de malwares

S'inscrire à la newsletters malekal.com pour se tenir informé des menaces

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 67888
Inscription: 10 Sep 2005 13:57

Messagepar copica » 13 Avr 2007 20:20

Non c:\program files\mywebsearch n'existe pas

rapport HijackThis :


Logfile of HijackThis v1.99.1
Scan saved at 20:15:31, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\program files\orange\player orange\Player Orange.exe
C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Stéphanie\Bureau\Kitbar4$.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Stéphanie\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9E8B9A5E-FF40-4757-AFAF-840C6B32EFA4} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrangePlayer] c:\program files\orange\player orange\Player Orange.exe /systray
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

copica
newbie expert
newbie expert
 
Messages: 72
Inscription: 27 Fév 2007 17:55
Localisation: dans mon salon

Messagepar Malekal_morte » 13 Avr 2007 20:23

- Télécharge et Installe CounterSpy : http://www.malekal.com/tutorial_CounterSpy.html
- Une fois installé et l'assistant de configuration executé, démarre CounterSpy afin d'effectuer une mise à jour.
- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci
- Clic sur le bouton "Scan Now" à gauche et laisse le scan se faire.
- A l'issu du scan, tous les éléments trouvés seront positionnés sur Quarantine
- Clic sur le bouton en bas à gauche Take Action pour envoyer tous les éléments détectés en quarantaine.
- Redémarre l'ordinateur

Refais un scan Panda.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Communauté - infos/news sécurité :
Facebook : Communauté malekal.com sur Facebook
GooglePlus : Communauté malekal.com sur GooglePlus

Stop publicités - popups intempestives
Supprimer-virus.com : guide de suppression de malwares

S'inscrire à la newsletters malekal.com pour se tenir informé des menaces

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 67888
Inscription: 10 Sep 2005 13:57

Messagepar copica » 14 Avr 2007 03:22

C'était long mais une bonne chose c'est parti :

Rapport panda :


Incident Status Location

Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Stéphanie\Bureau\APPZ\eChanblard.exe[EvID4226Patch.exe]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@bluestreak[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@fl01.ct2.comclick[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@doubleclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@atdmt[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@weborama[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stéphanie\Cookies\stéphanie@mediaplex[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.weborama.fr/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[fl01.ct2.comclick.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.com.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[data.coremetrics.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[server.iad.liveperson.net/hc/65768308]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stéphanie\Application Data\Mozilla\Firefox\Profiles\DEFAULT.P3F\cookies-3.txt[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.011\FILE0002.CHK[.xiti.com/]
Spyware:Cookie/Comclick Not disinfected C:\FOUND.011\FILE0007.CHK

copica
newbie expert
newbie expert
 
Messages: 72
Inscription: 27 Fév 2007 17:55
Localisation: dans mon salon

Messagepar Malekal_morte » 14 Avr 2007 10:50

Pour les cookies, ils reviendront !
Un nettoyage avec CCleaner pour les supprimer.

Sujet résolu !
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Communauté - infos/news sécurité :
Facebook : Communauté malekal.com sur Facebook
GooglePlus : Communauté malekal.com sur GooglePlus

Stop publicités - popups intempestives
Supprimer-virus.com : guide de suppression de malwares

S'inscrire à la newsletters malekal.com pour se tenir informé des menaces

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 67888
Inscription: 10 Sep 2005 13:57


Si vous trouvez le contenu de cette page pertinente, faites +1 :

Publicité

Retourner vers VIRUS : Aide à la désinfection (vers, trojans, spywares, hijack)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 5 invités

Partenaires du site : Geekeden - OxygenePC.com