Virus

Réponse 21 / 28

asstractor

Précédemment vous m'aviez dit que nous nous occuperions d'installer un antivirus plus tard. Pour l'instant voici le log highjackthis suite au fix effectué. Merci encore.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:31, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.wikipedia.org/wiki/Accueil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 2: (no name) - http://join2day.com/abc/S/shishkin/shishkin23.JPG
O24 - Desktop Component 3: (no name) - http://join2day.com/abc/S/shishkin/shishkin6.JPG

Réponse 22 / 28

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

Ok, on y va pour l'antivirus, il est plus que temps :

1)Télécharge Avira antivir

-- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
https://www.avira.com/ sur ton Bureau.

2) Installe et paramètre puis mets a jour Antivir

Double-clique sur son set up sur ton Bureau pour lancer l’installation.

Une fois celui ci installé, ferme le scan qui s'est lancé de manière automatique et paramètre le comme indiqué ici :

http://speedweb1.free.fr/frames2.php?page=tuto5
ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

3) Redémarre en mode sans échec

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Voir si besoin C) https://forum.pcastuces.com/sujet.asp?f=25&s=3902

4) Scan Antivirus et nettoyage avec Avira Antivir

Lance Avira antivir en faisant un double-clic sur le raccourci d’Antivir sur ton Bureau (ou via Démarrer /tous les programmes /Antivir) puis « start Antivir »
Clique sur Local protection (colonne à gauche) puis sur « Scanner » puis vérifie à RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton Bureau..

5) Rapport

Redémarre en mode normal puis poste le rapport d'Antivir (que tu as sauvegardé sur ton Bureau).

Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php

@ suivre

Réponse 23 / 28

asstractor

Voici le rapport fait avec Avira conformément aux indications données:

Avira AntiVir Personal
Report file date: mardi 17 juin 2008 20:16

Scanning for 1340302 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: David Marchand
Computer name: DAVID

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 15:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 14:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 14:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 14:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 23:51:20
ANTIVIR3.VDF : 7.0.4.210 116736 Bytes 17/06/2008 23:51:22
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 17/06/2008 23:51:42
AESCN.DLL : 8.1.0.21 119156 Bytes 17/06/2008 23:51:40
AERDL.DLL : 8.1.0.20 418165 Bytes 17/06/2008 23:51:40
AEPACK.DLL : 8.1.1.5 364918 Bytes 17/06/2008 23:51:38
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/06/2008 23:51:34
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 17/06/2008 23:51:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 17/06/2008 23:51:28
AEGEN.DLL : 8.1.0.28 307572 Bytes 17/06/2008 23:51:28
AEEMU.DLL : 8.1.0.6 430451 Bytes 17/06/2008 23:51:24
AECORE.DLL : 8.1.0.31 168310 Bytes 17/06/2008 23:51:22
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 23:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 16:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 23:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 14:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 23:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 20:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 18:02:12

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mardi 17 juin 2008 20:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\uieqr.exe.vir
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.dnw Backdoor server programs
[NOTE] The file was moved to '48bd591c.qua'!
C:\QooBox\Quarantine\C\Program Files\SSTEM~1\cmd.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '48bc592e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cmrtxhyw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ca593c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccaWolJ.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48bb5933.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGxXQiG.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489f5937.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hjmshrhv.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48c5593a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\igrjccdk.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48ca5938.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tgwjbtfv.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48cf5938.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yemdwvro.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48c55937.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winzoa32.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '48c6593b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\David Marchand\Application Data\SpeedRunner\SpeedRunner.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48bd5947.qua'!
C:\Documents and Settings\David Marchand\Bureau\ComboFix.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48c561b5.qua'!
C:\Documents and Settings\David Marchand\Bureau\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '48ba61bc.qua'!
C:\Documents and Settings\David Marchand\Bureau\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48cb61bc.qua'!
C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.36177
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '489961f8.qua'!
C:\Program Files\Microsoft Office\media\cagcat10\J0234687.GIF
[DETECTION] Is the Trojan horse TR/BHO.ecl
[NOTE] The file was moved to '488a64c7.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047779.dll
[DETECTION] Is the Trojan horse TR/Monder.KG
[NOTE] The file was moved to '488867d5.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047908.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867dd.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047909.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296c8e.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047910.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867df.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047911.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867de.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047912.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296c8f.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047914.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867c0.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047915.DLL
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '49296cb0.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047953.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '488867e3.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047957.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49296cb4.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047958.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867e4.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047959.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296cb5.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047960.exe
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '488867e6.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047962.exe
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '488867e5.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047963.exe
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '49296cb6.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047964.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867e7.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047967.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296cb7.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP249\A0049291.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.dnw Backdoor server programs
[NOTE] The file was moved to '48886805.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP249\A0049292.dll
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '49296356.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP253\A0049787.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48886837.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP253\A0049788.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '49296368.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP253\A0049789.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48886839.qua'!
C:\Rustbfix\avenger.exe
[DETECTION] Contains detection pattern of the SPR/Avenger program
[NOTE] The file was moved to '48bd68d1.qua'!
Begin scan in 'D:\' <ACERDATA>

End of the scan: mardi 17 juin 2008 22:23
Used time: 2:06:42 min

The scan has been done completely.

6443 Scanning directories
205090 Files were scanned
43 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
39 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
205047 Files not concerned
7525 Archives were scanned
1 Warnings
39 Notes

Merci

Réponse 24 / 28

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonjour Asstractor

Vide la quarantaine d'Antivir

* Clique droit sur Antivir dans la barre des taches (en bas a droite) puis "Start Antivir", clique sur « Administration » puis sur "Quarantine", clique sur une des lignes des détections qui y sont présentes puis ctrl-a afin de sélectionner l'ensemble du contenu de la quarantaine puis clique sur le symbole poubelle, une fenêtre va s'ouvrir "Are you sure you want to delete the selected object(s) from quarantine". Confirme la suppression par oui.
Ferme Antivir.

Vide la quarantaine de Malwarebytes' Anti-Malware

Clique sur le raccourci de Malwarebytes' Anti-Malware , puis sur Quarantaine, clique sur "Tout supprimer"

Peux tu me poster un nouveau rapport HijackThis stp.

@ suivre.

Réponse 25 / 28

asstractor

voici le log hijackthisthis suite à la suppression des éléments en quarantaine dans Malwarebytes et Avira.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:28, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.wikipedia.org/wiki/Accueil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 2: (no name) - http://join2day.com/abc/S/shishkin/shishkin23.JPG
O24 - Desktop Component 3: (no name) - http://join2day.com/abc/S/shishkin/shishkin6.JPG

Réponse 26 / 28

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonjour asstractor

C'est du bon boulot .

Il reste deux services de Norton/ Symantec

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Démarrer / Paramètres / Panneau de configuration et dans Ajout/Suppression de programmes , clique sur la ligne du programme à désinstaller Planificateur LiveUpdate automatique ou LiveUpdate puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation à son terme.
(S'il ne figure pas dans la liste des programmes va voir dans C:\Program Files\Symantec\LiveUpdateet cherche un Uninstall afin de lancer la désinstallation de ce programme.)

Par la suite supprime le dossier C:\Program Files\Symantec <-- Ce dossier en gras.

Tu peux utiliser cet outils pour supprimer le reste des traces de Symantec :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Fais redémarrer ton PC après tout cela et poste un autre rapport HijackThis en réponse.

@ suivre.

Réponse 27 / 28

asstractor

je crois avoir enlevé toute trace de Norton. Voici le log Hijackthis, merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:31, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.wikipedia.org/wiki/Accueil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O24 - Desktop Component 2: (no name) - http://join2day.com/abc/S/shishkin/shishkin23.JPG
O24 - Desktop Component 3: (no name) - http://join2day.com/abc/S/shishkin/shishkin6.JPG

Réponse 28 / 28

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Hello asstractor

Bien joué.

Derniers efforts avant conclusion :

1) ToolsCleaner de A.Rothstein

On va supprimer toutes les traces des logiciels que nous avons utilisés qui traitent des infections spécifiques et ceci grâce a ToolsCleaner de A.Rothstein

Télécharge le http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe et laisse-le travailler
* Clique sur Recherche et laisse-le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.

--> Poste moi le rapport de ToolsCleaner ( qui se trouve à la racine de ton disque dur (C:\TCleaner.txt)

2) Scan en ligne chez Bitdefender

Aide toi de ce Tuto (merci Morgane) http://pageperso.aol.fr/loraline60/bitdefender_scan.htm

* Fais un scan antivirus en ligne https://www.bitdefender.fr/ avec IE et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Poste en réponse le rapport de scan qui se trouve ici C:\windows\bdoscan8\scanres.txt ou scanres.html

@ suivre car il restera des conseils de sécurité à appliquer.

Virus - Page 2

Discussions similaires

Newsletters