Problème de virus: appel à l'aide! - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Problème de virus: appel à l'aide!
 
emilie3184
Profil : IDNaute
Plus d'informations
n°323256
15-07-2008 à 19:40:04

Bonjour!
Vous m'aviez bien aidé il y a quelques temps, alors je me tourne de nouveau vers vous aujourd'hui car mon ordinateur est infecté et que j'arrive pas à m'en sortir!

Petit rappel des faits: l'ordinateur familial était protégé par Norton. Il y a deux jours, notre abonnement s'est terminé et AVANT de lr prolonger (ou d'en prendre un autre) mon père a ouvert un mail pensant qu'il venait d'un ami... Trop tard! Le virus était laché. Des fenetres pop up qui s'ouvraient en permanance, de nouvelles icones (porno) sont apparues sur le bureau et nos fonds d'ecran ont disparus pour laisser place à un ecran bleu avec un ecart jaune disant "Warning! Spyware detected on your computer!" (noon, sans déconner?)
Depuis mon frère a installé Avast, il a scanné plusieurs fois le pc, nous n'avons plus de pop up mais le reste bugue toujours.

Donc voilà, je prends le relais et demande votre aide! :(
Merci!
Emilie3184

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Bruce Lee72
Profil : IDNaute
Plus d'informations
n°323268
15-07-2008 à 20:25:50

Bonjour,

Télécharge [color=blue]HijackThisV2[/color] sur ton Bureau. [list]

  • Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  • Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici: http://cybersecurite.xooit.com/t13 [...] -2-0-2.htm
  • Poste le rapport généré sur le forum.[/list]
emilie3184
Profil : IDNaute
Plus d'informations
n°323269
15-07-2008 à 20:27:47

Merci de votre aide!
Voici le rapport:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:10, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\lphc5s0j0ee2j.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy version MAJ\SDHelper.dll
O2 - BHO: PromoIE Module - {57071861-57F2-4272-A519-6F599CADD6FD} - C:\DOCUME~1\DENISI~1\LOCALS~1\Temp\10.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QXK Olive - {855F1423-B60B-4400-A709-1583196F080A} - C:\WINDOWS\wbxdpgfexqf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: sqvgnrpx - {FEE28DB7-CAA1-45D7-85BC-C9D7E8009E07} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Canal Widget] "c:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [lphc5s0j0ee2j] C:\WINDOWS\system32\lphc5s0j0ee2j.exe
O4 - HKLM\..\Run: [SMrhc1s0j0ee2j] C:\Program Files\rhc1s0j0ee2j\rhc1s0j0ee2j.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy version MAJ\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy version MAJ\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy version MAJ\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/25.24/uploader2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/a [...] _en_dl.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/ga [...] in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O21 - SSODL: fsrpknov - {6094E17E-C4BD-4D43-8646-A7B9DE49942C} - C:\WINDOWS\fsrpknov.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14858 bytes

Bruce Lee72
Profil : IDNaute
Plus d'informations
n°323273
15-07-2008 à 20:34:00

Re,

Télécharger Malwarebytes' Anti-Malware depuis http://www.besttechie.net/tools/mbam-setup.exe
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".

Désactiver le module résident de ton antivirus.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen complet" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche, puis cliquer sur le bouton "Afficher les résultats".
Vérifier que toutes les lignes sont cochées.
Cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.

Poste le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier d'installation de Malwarebytes' Anti-Malware / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])

Poste également un nouveau rapport HijackThis.

emilie3184
Profil : IDNaute
Plus d'informations
n°323277
15-07-2008 à 20:45:08

Ok, mais juste une precision:
"Désactiver le module résident de ton antivirus"

Je fais ça comment? :??:

emilie3184
Profil : IDNaute
Plus d'informations
n°323278
15-07-2008 à 20:45:08

Ok, mais juste une precision:
"Désactiver le module résident de ton antivirus"

Je fais ça comment? :??:

Bruce Lee72
Profil : IDNaute
Plus d'informations
n°323281
15-07-2008 à 20:51:21

Re,

Citation :

"Désactiver le module résident de ton antivirus"



Fait juste ca et continue la procédure:

lance Spybot, va dans "mode" puis "mode avancé" tu auras un message d'avertissement repond "oui" va ensuite dans "Outils" (en bas a gauche) clique ensuite sur "Résident" puis décoche la case devant "Résident "TeaTimer" (Protection des réglages système fondamentaux) actif".

Pense a réactiver la TeaTimer à la fin de la désinfection.

Quitte Spybot.

emilie3184
Profil : IDNaute
Plus d'informations
n°323307
15-07-2008 à 23:11:37

Voici les rapports:

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 957
Windows 5.1.2600 Service Pack 2

23:02:23 15/07/2008
mbam-log-7-15-2008 (23-02-23).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 274453
Temps écoulé: 1 hour(s), 36 minute(s), 26 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 36
Fichier(s) infecté(s): 84

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphc5s0j0ee2j.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\system32\blphc5s0j0ee2j.scr (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{04640c85-7a3b-4af5-b18e-68cd13b479e1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{92e6d108-e807-40f5-a4ad-72b81aecf2c0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d1e18c15-c6d6-4426-aeb5-2bc4c771987c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc390924-4e9e-4ca3-9d6a-08d6ed87b00a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{21a6b242-7d3d-4fe2-9b03-52d721589682} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fee28db7-caa1-45d7-85bc-c9d7e8009e07} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\promo2.promoie (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\promo2.promoie.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57071861-57f2-4272-a519-6f599cadd6fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57071861-57f2-4272-a519-6f599cadd6fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6094e17e-c4bd-4d43-8646-a7b9de49942c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bfxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{fee28db7-caa1-45d7-85bc-c9d7e8009e07} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5s0j0ee2j (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1s0j0ee2j (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\MediaVideoCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denis\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denis\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arnaud\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arnaud\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\rhc1s0j0ee2j\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Application Data\rhc1s0j0ee2j\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\DENIS II\Application Data\rhc1s0j0ee2j (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP1\A0000009.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000018.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000019.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000020.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000022.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000023.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000025.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000026.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000028.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000029.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP2\A0000030.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0000303.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0000304.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0000305.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0000306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0000307.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0000317.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0001303.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0001304.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0001305.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0001515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP5\A0001870.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABA7C896-4533-45B1-9D52-5D7701C69521}\RP6\A0003974.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\efro.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys13.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys170.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys18.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SysA.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Application Data\RegistrySmart\Registry Backups\2007-03-31_17-56-39.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc5s0j0ee2j.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5s0j0ee2j.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5s0j0ee2j.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc5s0j0ee2j.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxxhbjox_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npwhtie_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxxhbjox_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npwhtie_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\DENIS II\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Bureau\FREE STUFF.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Bureau\NUDE PICS.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marie-Pierre\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilie\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DENIS II\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DENIS II\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.



******


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:39, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Softw