trojan-gen reste malgré les scans

Question

Bonjour,

depuis 2 jours, je n'arrive pas à me débarrasser de trojan-gen{OTHER} Je supprime tout les dossiers infectés avec avast, je rescanne pour vérifier et c'est ok, mais dès que je rallume la bécane, Microsoft Windows me dit que googletodbar2user.exe à cesser de fonctionner et enguise d'explication, il m'envoie sur une page uniquement en anglais avec des anti-virus à acheter. 
Donc impossible d'aller sur internet depuis ma session.
Et à l'allumage, avast me redit que j'ai trojan mais impossible de scanner.
Par contre, depuis la session de mon homme, on a "eliminer" tropjan 2 fois, mais on peut quand meme aller sur google!!

Alors voilà, j'espere que quelqu'un aura un peu de temps pour me sortir de ce bordel.
Et je précise aussi que l'informatique et moi, on n'est pas amis

Merci.

anthony5151 · Answer

Bonjour anadic 10,

Merci de suivre la procédure suivante pour générer un rapport hijackthis qui me permettra de diagnostiquer le problème de ton ordinateur :

Télécharge hijackthis sur ton bureau :  https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/ 

Installe le, puis fais ceci avant de le lancer :
Va dans le menu démarrer --> Poste de travail --> disque local C --> Program Files --> Trend Micro --> Hijackthis --> cherche hijackthis.exe et fais un clic droit dessus --> renomme le en Jack.exe

Ensuite lance le et clique sur "Do a system scan and save a logfile". 
Fais un copier-coller du rapport entier sur le forum

anadic10 · Answer

merci pour ta réponse;
 
je ne trouve pas Poste de travail, ni un disque local C. Si HIJACKTHIS se telecharge sur Ordinateur, c'est ok?

anthony5151 · Answer

Ah oui excuse moi tu as Vista, les noms sont différents !

Une fois hijackthis installé, va dans le menu démarrer --> Ordinateur --> disque dur C --> Programmes --> Trend Micro --> Hijackthis --> cherche hijackthis.exe et fais un clic droit dessus --> renomme le en Jack.exe

Ensuite lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum

anadic10 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:22, on 12/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\ehome\ehmsas.exe
C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\Jack.exe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [limixhe] c:\users	of\appdata\local\limixhe.exe limixhe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users	of\AppData\Local\Temp\fccApqRk.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CANALPLAY Installer - https://www.canalplus.com/canalplay/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

anadic10 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:22, on 12/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\ehome\ehmsas.exe
C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\Jack.exe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [limixhe] c:\users	of\appdata\local\limixhe.exe limixhe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users	of\AppData\Local\Temp\fccApqRk.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CANALPLAY Installer - https://www.canalplus.com/canalplay/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

anthony5151 · Answer

Ok, ton ordinateur est touché par deux infections différentes.

On va d'abord s'occuper de l'infection MagicControl/navipromo, qui s'installe via des programmes dits "gratuits", dont ceux-ci :

 * go-astro
 * GoRecord
 * HotTVPlayer / HotTVPlayer & Paris Hilton
 * Live-Player
 * MailSkinner
 * Messenger Skinner
 * Instant Access
 * InternetGameBox
 * Officiale Emule (Version d'Emule modifiée)
 * Sudoplanet
 * Webmediaplayer


Pour désinfecter, merci de suivre exactement cette procédure :

# Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection) : 
- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide. 


# Télécharge maintenant Navilog1 depuis-ce lien : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, lance Navilog en faisant un clic-droit sur le raccourci présent sur ton bureau et en choisissant "Exécuter en tant qu'administrateur"

Au menu principal, Fais le choix 1 
Laisse toi guider et patiente. 
Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche le bloc note va s'ouvrir. 
Copie-colle l'intégralité du rapport ici.

anadic10 · Answer

Search Navipromo version 3.6.5 commencé le 12/09/2008 à  1:13:41,25

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "tof" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000 
Internet Explorer : 7.0.6000.16711 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users	of\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users	of\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\INVIT~1\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users
anas\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users	of\AppData\Roaming" ***


*** Recherche dossiers dans "C:\Users\INVIT~1\appdataoaming" ***


*** Recherche dossiers dans "C:\Users
anas\appdataoaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users	of\AppData\Local\Microsoft" *

* Recherche dans "C:\Users	of\AppData\Local" *

* Recherche dans "C:\Users\INVIT~1\AppData\Local" * 

* Recherche dans "C:\Users
anas\AppData\Local" * 



*** Recherche fichiers *** 


c:\users\public\desktop\WebMediaPlayer.lnk trouvé ! 
C:\Windows\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users	of\AppData\Local\Microsoft" :


* Dans "C:\Users	of\AppData\Local" :

equoeswgy.dat trouvé !
equoeswgy_nav.dat trouvé !
equoeswgy_navps.dat trouvé !
limixhe.dat trouvé !
limixhe_nav.dat trouvé !
limixhe_navps.dat trouvé !
ztdzyd.dat trouvé !
ztdzyd_nav.dat trouvé !
ztdzyd_navup.dat trouvé !
ztdzyd_navps.dat trouvé !

* Dans "C:\Users\INVIT~1\AppData\Local" : 


* Dans "C:\Users
anas\AppData\Local" : 

olpiyw.dat trouvé !
olpiyw_nav.dat trouvé !
olpiyw_navup.dat trouvé !
olpiyw_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 12/09/2008 à  1:24:38,68 ***

anthony5151 · Answer

Relance Navilog en faisant un clic-droit sur le raccourci Navilog présent sur ton bureau et en choisissant "Exécuter en tant qu'administrateur" 

Le fix va t'informer qu'il va alors redémarrer ton PC 
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts 
Appuie sur une touche comme demandé. 
(si ton Pc ne redémarre pas automatiquement, fais le toi même) 
Au redémarrage de ton PC, choisis ta session habituelle. 

Patiente jusqu'au message : 
*** Nettoyage Termine le ..... *** 

Le bloc note va s'ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.

anadic10 · Answer

Il me refait faire la meme chose.
Au niveau du choix, je met quoi? ( recherche, suppression...)

anadic10 · Answer

heu... il se fait tard, je vais me coucher. On peut continuer demain?

anthony5151 · Answer

Oups, j'avais oublié de préciser :
Au menu principal, choisis 2 (suppression) et valide. 

Désolé !

anadic10 · Answer

Clean Navipromo version 3.6.5 commencé le 12/09/2008 à 17:12:01,36

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "tof" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000 
Internet Explorer : 7.0.6000.16711
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users	of\AppData\Local\Microsoft" *


* Suppression dans "C:\Users	of\AppData\Local" *


* Suppression dans "C:\Users\INVIT~1\AppData\Local" *


* Suppression dans "C:\Users
anas\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\WebMediaPlayer ...suppression... 
...\WebMediaPlayer supprimé ! 


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\WebMediaPlayer ...suppression... 
...\WebMediaPlayer supprimé ! 


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users	of\appdataoaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\INVIT~1\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "C:\Users
anas\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "C:\Users	of\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\INVIT~1\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users
anas\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users	of\AppData\Roaming" ***


*** Suppression dossiers dans "C:\Users\INVIT~1\appdataoaming" *** 


*** Suppression dossiers dans "C:\Users
anas\appdataoaming" *** 



*** Suppression fichiers ***

c:\users\public\desktop\WebMediaPlayer.lnk supprimé !
C:\Windows\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users	of\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users	of\AppData\Local\Microsoft" *


* Dans "C:\Users	of\AppData\Local" *


equoeswgy.dat trouvé ! 
Copie equoeswgy.dat réalisée avec succès !
equoeswgy.dat supprimé !

equoeswgy_nav.dat trouvé ! 
Copie equoeswgy_nav.dat réalisée avec succès !
equoeswgy_nav.dat supprimé !

equoeswgy_navps.dat trouvé ! 
Copie equoeswgy_navps.dat réalisée avec succès !
equoeswgy_navps.dat supprimé !

limixhe.dat trouvé ! 
Copie limixhe.dat réalisée avec succès !
limixhe.dat supprimé !

limixhe_nav.dat trouvé ! 
Copie limixhe_nav.dat réalisée avec succès !
limixhe_nav.dat supprimé !

limixhe_navps.dat trouvé ! 
Copie limixhe_navps.dat réalisée avec succès !
limixhe_navps.dat supprimé !

ztdzyd.dat trouvé ! 
Copie ztdzyd.dat réalisée avec succès !
ztdzyd.dat supprimé !

ztdzyd_nav.dat trouvé ! 
Copie ztdzyd_nav.dat réalisée avec succès !
ztdzyd_nav.dat supprimé !

ztdzyd_navps.dat trouvé ! 
Copie ztdzyd_navps.dat réalisée avec succès !
ztdzyd_navps.dat supprimé !

ztdzyd_navup.dat trouvé ! 
Copie ztdzyd_navup.dat réalisée avec succès !
ztdzyd_navup.dat supprimé !


* Dans "C:\Users\INVIT~1\AppData\Local" * 


* Dans "C:\Users
anas\AppData\Local" * 


olpiyw.dat trouvé ! 
Copie olpiyw.dat réalisée avec succès !
olpiyw.dat supprimé !

olpiyw_nav.dat trouvé ! 
Copie olpiyw_nav.dat réalisée avec succès !
olpiyw_nav.dat supprimé !

olpiyw_navps.dat trouvé ! 
Copie olpiyw_navps.dat réalisée avec succès !
olpiyw_navps.dat supprimé !

olpiyw_navup.dat trouvé ! 
Copie olpiyw_navup.dat réalisée avec succès !
olpiyw_navup.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !


*** Nettoyage terminé le 12/09/2008 à 17:20:24,42 ***

anthony5151 · Answer

Ok, maintenant fais ceci stp :

Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe 
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée 
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle

Lance Malwarebyte's Anti-Malware 
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen" 
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection 
- S'il t'es demandé de redémarrer, clique sur Yes


Poste le rapport de scan après la suppression ici

anadic10 · Answer

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 6.0.6000 

12/09/2008 19:21:38
mbam-log-2008-09-12 (19-21-23).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 195739
Temps écoulé: 32 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 56

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{95012afd-f4f1-4a96-bf3b-4f5d6c54d593} (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources (Rogue.Spyware-Secure) -> No action taken.
C:\WINDOWS\System32\wTR02 (Trojan.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
C:\Users	of\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.

Fichier(s) infecté(s):
C:\Users
anas\AppData\Local\Temp\htiorpwr.dll (Trojan.Vundo) -> No action taken.
C:\Users
anas\AppData\Local\Temp\uvjyyjql.dll (Trojan.Vundo) -> No action taken.
C:\Users	of\AppData\Local\Mozilla\Firefox\Profiles\eh77czi6.default\Cache\6836B59Ed01 (Trojan.Dropper) -> No action taken.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure
bmw (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_coud.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_droit.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_vert.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images	itle-hepfile.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\3differentscan.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\contactus.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\found-objects.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\lexic.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs
avigtabs.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\quarantine.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubsegister.htm (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\cookies_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesourcesegister_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources	rad_demo_EN.txt (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources	rad_demo_ES.txt (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secureesources	rad_demo_FR.txt (Rogue.Spyware-Secure) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk (Rogue.Spyware-Secure) -> No action taken.
C:\WINDOWS\System32\pac.txt (Malware.Trace) -> No action taken.

anthony5151 · Answer

On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... 

Fais exactement ce qui suit : 

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ---------------------------------------------------------- 
Il faut désactiver l'UAC : désactive le contrôle des comptes utilisateurs : Menu démarrer -->  panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Redémarre ensuite ton pc.

Ensuite, avant de lancer Combofix :
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !! 

Dans ton cas, il s'agit d'Avast uniquement...

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre... 

Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 
--------------------------------------------------------------------------------------------------------------------------------- 

Ensuite : 

Fais un clic droit sur C-Fix.exe (= combofix.exe ) --> exécuter en tant qu’administrateur

Appuie sur une touche pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

anadic10 · Answer

ComboFix 08-09-12.09 - tof 2008-09-13 14:50:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1321 [GMT 2:00]
Lancé depuis: C:\Users	of\Desktop\C-Fix.exe
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf
C:\Windows\system32\jusched.exe
C:\Windows\system32\MSINET.oca

.
(((((((((((((((((((((((((((((   Fichiers créés du 2008-08-13 au 2008-09-13  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 12:50	1,048,576	--sha-w	C:\Users\Invité
tuser.dat
2008-09-13 12:50	1,048,576	--sha-w	C:\Users\Invité
tuser.dat
2008-09-12 16:38	---------	d-----w	C:\Users	of\AppData\Roaming\Malwarebytes
2008-09-12 16:38	---------	d-----w	C:\ProgramData\Malwarebytes
2008-09-12 16:38	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 15:20	---------	d-----w	C:\Program Files\Navilog1
2008-09-12 12:05	---------	d-----w	C:\ProgramData\Roxio
2008-09-12 10:51	---------	d-----w	C:\Users	of\AppData\Roaming\Roxio
2008-09-11 23:00	---------	d-----w	C:\Program Files\Trend Micro
2008-09-11 12:11	---------	d-----w	C:\Users	of\AppData\Roaming\InstallShield
2008-09-11 10:55	---------	d-----w	C:\Users
anas\AppData\Roaming\LimeWire
2008-09-11 10:22	---------	d-----w	C:\Program Files\TF1Vision
2008-09-11 10:14	---------	d-----w	C:\Program Files\Microsoft Games
2008-09-11 10:14	---------	d-----w	C:\Program Files\Common Files\Microsoft Games
2008-09-11 10:09	---------	d-----w	C:\Program Files\MaxiMemo
2008-09-11 10:08	---------	d-----w	C:\Program Files\DreamCatcher
2008-09-11 10:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-11 10:07	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-09-10 14:49	---------	d-----w	C:\Program Files\Ahriman's Prophecy
2008-09-10 09:32	---------	d-----w	C:\Program Files\Microsoft Works
2008-09-09 22:04	38,528	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03	17,200	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-09-08 21:13	---------	d-----w	C:\Users	of\AppData\Roaming\LimeWire
2008-09-03 18:17	---------	d-----w	C:\Users
anas\AppData\Roaming\AVS4YOU
2008-08-27 19:06	---------	d-----w	C:\Program Files\IncrediMail
2008-08-13 22:18	---------	d-----w	C:\Program Files\Windows Mail
2008-07-31 03:34	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-07-30 23:47	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe
2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll
2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll
2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll
2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll
2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll
2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll
2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll
2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe
2008-07-18 13:04	416	----a-w	C:\Users\Invité\AppData\Roaming\wklnhst.dat
2008-07-15 23:48	2,048	----a-w	C:\Windows\System32	zres.dll
2008-07-10 07:52	174	--sha-w	C:\Program Files\desktop.ini
2008-06-27 03:54	826,368	----a-w	C:\Windows\System32\wininet.dll
2008-06-27 03:54	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34	7,964,672	----a-w	C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25	61,440	----a-w	C:\Windows\System32\winipsec.dll
2008-06-19 03:25	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25	272,896	----a-w	C:\Windows\System32\polstore.dll
2008-04-23 19:05	292	----a-w	C:\Users
anas\AppData\Roaming\wklnhst.dat
2008-04-20 17:39	94	----a-w	C:\Users	of\AppData\Roaming\wklnhst.dat
2008-02-25 21:36	41,361,984	----a-w	C:\Users	of\AVSDVDPlayer.exe
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-13 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 155648]
"Google Update"="C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OBealsched.exe" [2008-01-31 180269]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2346861648-3178644550-1028001680-1001]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35EB7929-C8A3-4EE4-B314-074ADB30EB89}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F7312925-167C-4E83-8D3A-9C9F83A743EA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1CE0515C-581B-49A6-BE9A-068AD32918AA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CEEF71FB-6CAB-4C0D-B93B-EEE97EAC56CF}"= Disabled:UDP:C:\Users
anas\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{5BF43B12-7A46-4FB0-8B0D-97BBA38A683A}"= Disabled:TCP:C:\Users
anas\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{B94002AE-D093-4516-B9D0-A8744BDEB503}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2A035590-9811-457B-9090-61C1C2276DCC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{828EA224-8386-4FDA-822B-9E84288CB800}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F6FCDC22-5BF6-4F06-97BD-01D03A0EEE75}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E97083C7-8524-430D-9010-2265E2BA7206}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7C70C80B-8E89-48FD-859E-86B37DEA5BF5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A5F115CA-4028-4767-9159-1C7FB624D9B5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CD53703E-A7A7-4C34-9D17-A533D76079DF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{78599E81-AD9C-43A3-B5E3-EBDF639B5E52}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F838CF1-4885-4841-AF00-CC04A60E3BCA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D21A0ACE-E5BB-48FF-84A5-A2BFD97741AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B481DD9D-590C-4791-AC71-78B69F1DB175}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{87AB9D68-1EC7-4D5D-B998-8A6E322C4719}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{614B635F-0E46-4932-B56E-BCB894780054}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C24F5E6B-5ECA-463F-98F7-A1D1FAF913FB}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{4FEF0690-87B8-4BCB-8C27-1EC6BB46CBE1}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{7E14E50C-6BF5-43D6-A0A8-6281E885EA05}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-11-29 431776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d7c098-07d4-11dd-a9f2-001bb9ba0f70}]
\shell\AutoRun\command - J:\EmDesk.exe
\shell\EmDesk\command - J:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df71e38-0b0c-11dd-b083-001bb9ba0f70}]
\shell\AutoRun\command - J:\EmDesk.exe
\shell\EmDesk\command - J:\EmDesk.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users	of\AppData\Roaming\Mozilla\Firefox\Profiles\eh77czi6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://mystart.incredimail.com/french/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 14:52:56
Windows 6.0.6000  NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-13 14:54:17
ComboFix-quarantined-files.txt  2008-09-13 12:54:12

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 306,650,107,904 octets libres

174	--- E O F ---	2008-09-13 08:49:40

Salut. Voila le rapport.
Windows Defender était activé, est-ce un anti-virus ou une "option" que je peux utiliser sans entraver Avast?

anadic10 · Answer

hou hou???

anthony5151 · Answer

Un peu de patience stp, il y a du monde à aider sur ce forum, et analyser un rapport de combofix prend du temps...
Je vais regarder

anadic10 · Answer

désolée, tiens pas compte du message précèdent, alors.

anthony5151 · Answer

Le rapport Combofix est bon, à deux exceptions prêt :

- Incredimail
Lis ceci pour t'informer un peu sur ce logiciel : http://assiste.com.free.fr/p/logitheque/incredimail.html
Si tu souhaites le désinstaller, suis cette procédure (et n'hésite pas à demander de l'aide en cas de problème) : http://assiste.com.free.fr/p/logitheque/incredimail.html#desinstaller_incredimail


- Infection des supports amovibles

Télécharge l'outil Flash_Disinfector (de sUBs) : 
ici http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
ou ici download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Enregistre Flash_Disinfector.exe sur ton bureau. 
Double clique sur Flash_Disinfector.exe pour l'exécuter. 
Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra : 
Connecte au pc, clés USB, Disques durs externes et autres supports amovibles susceptibles d'avoir été infectés (sans les ouvrir). 
Puis clique sur OK 
Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!] 
Appuie ensuite sur OK, pour faire réapparaître le bureau.

anadic10 · Answer

J'ai bien Flash-Desinfect sur le bureau mais impossible de l'executer.
 on me demande si j'autorise ce programme, je mets OK, mais ensuite, je retourne direct sur le bureau sans rien qui ne se passe.

anthony5151 · Answer

Ok alors fais plutôt ça : 1) Télécharge VaccinUSB.exe depuis cette adresse : http://perso.orange.fr/-Gof/DL/VaccinUSB.exe (si ton antivirus le détecte comme virus, ignore le, c'est une fausse alerte). Copie/colle ce ficher sur ta clé USB (à la racine du disque, pas dans un dossier), puis ouvre le à partir de là. Il créera ainsi les répertoires aux noms suivants : ravmon.exe, ravmon.log, winfile.exe, copy.exe, host.exe, autorun.inf, msvcr71.dll, adober.exe, found.000, comment.htt, desktop.ini à la racine du volume (c'est à dire les fichiers de propagation des infections les plus rencontrées). Une fois ces répertoires créés, tu peux supprimer VaccinUSB.exe. ==> Si un fichier portant l'un des noms mentionnés était déja présent, ce dernier sera effacé. Et une nouvelle infection ne pourra pas remplacer ces dossiers et ne pourra donc pas s'installer. En quelque sorte, vous désinfectez la clé, et la vaccinez. Ces explications viennent du site malekal.com Si tu souhaites des explications détaillées sur les infections sur clés USB, suis ce lien vers l'excellent article de malekal_morte : https://forum.malekal.com/viewtopic.php?f=45&t=5544 2) Télécharge RavAntivirus (d'Evosla) : http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Double-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection, un rapport s'établira, sinon un message affichera (très rapide) ==> Votre Ordinateur est sain. # Retire tes disques amovibles et redémarre ton ordinateur. # Si infection : poste le rapport !

anadic10 · Answer

je ne trouve pas ce qu'est la racine du disque 
J'ai essayé d'aller sur em desk application, j'ai collé sans entrer dans la plate-forme, mais je vois pas où est vaccin usb ensuite.

anadic10 · Answer

oublie le précedent message, j'y suis arrivée

anadic10 · Answer

ça fait 12 heures que rav scan une cle usb avec 8 films et un disque dur externe rempli avec 320 go, ça me paraît un peu long... le message "ordinateur sain" est là mais la barre de scan continue à defilée.je continue ou pas?

anadic10 · Answer

Bon aprés +de 30 h de scan et prise de tête avec mon homme (qui craignais pour la survie de son disque externe, due à une "éventuelle" surchauffe), j'ai capitulé et arreter Rav.
Pour pas perdre de temps, je vais essayer de chercher un autre anti virus pour le disque et t'enverrais le résultat.
Si tu lis ce post avant, peux-tu me dire si tu en connait un autre ou si la temps que passe Rav à analyser est normal et qu'il faut que je le réinstalle?
Désolée pour la bourde.

anthony5151 · Answer

Non ça n'aurait pas dû durer aussi longtemps... As-tu utilisé VaccinUSB sur ce lecteur ?  Si oui, ça devrait suffire pour l'instant ;)  Pour vérifier qu'il n'est plus infecté, il faudra le scanner avec un antivirus classique (pas Avast que je te recommande de changer, voir ci dessous).

Il me reste quelques conseils à te donner pour sécuriser ton ordinateur, si tu le souhaites ?  (notamment en te recommandant des logiciels de protection et en t'aidant à combler des failles de sécurité)

anadic10 · Answer

j'etais deja en train d'installer antivir mais je galere pour la mise à jour. sur le lien de makale-morte, ils expliquent comment faire avec vista, donc je suis pas à pas. Mais c'est dommage qu'il ne soit pas en francais, je vais en ch....
J'ai utilisé vaccin usb
je te scanne tout ca quand j'aurai fait les mises à jour

anthony5151 · Answer

La version payante d'Antivir vient d'être traduite en français.
Sinon pour la version gratuite en français, ça devrait arriver bientôt, il y a déja une pré-version ici :
http://dl1.avgate.net/down/windows/antivir_workstation_winu_en_h.exe

anadic10 · Answer

je n'arrive pas a l'installer quand meme.
tu vois un truc qui cloche?

18.09.2008 21:26:07 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
18.09.2008 21:26:07 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
18.09.2008 21:26:07 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_48d2ab4f\
18.09.2008 21:26:08 - Start the Update GUI... Displaymode: 0

18.09.2008 21:26:07 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
18.09.2008 21:26:07 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
18.09.2008 21:26:07 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_48d2ab4f\
18.09.2008 21:26:08 - Start the Update GUI... Displaymode: 0

18.09.2008 21:26:09 - Keyfile: Key expired [DEMO Mode]

18.09.2008 21:26:09 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

18.09.2008 21:26:09 - Critical error: No valid license file available.

anadic10 · Answer

attends, j'avais pas vu ta réponse. J'enlève tout et je mets la version francaise.

anadic10 · Answer

Avira AntiVir Personal Report file date: jeudi 18 septembre 2008 22:11 Scanning for 1624929 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: tof Computer name: PC-DE-TOF Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 19:49:59 ANTIVIR3.VDF : 7.0.6.180 188416 Bytes 18/09/2008 19:50:00 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 19:50:05 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 19:50:05 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 19:50:04 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 19:50:03 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 18/09/2008 19:50:02 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 18/09/2008 19:50:01 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18/09/2008 19:50:01 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 18 septembre 2008 22:11 Starting search for hidden objects. '94238' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned Scan process 'WMIADAP.exe' - '0' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned Scan process 'ieuser.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '0' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '0' Module(s) have been scanned Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'MDM.EXE' - '0' Module(s) have been scanned Scan process 'LSSrvc.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'sched.exe' - '0' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'avguard.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '0' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'SLsvc.exe' - '0' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'lsm.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'wininit.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned 16 processes with 16 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD5 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD6 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Boot sector 'D:\' [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Boot sector 'F:\' [INFO] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [INFO] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [INFO] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [INFO] In the drive 'I:\' no data medium is inserted! Boot sector 'J:\' [INFO] No virus was found! Boot sector 'K:\' [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Starting to scan the registry. The registry was scanned ( '43' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'J:\' Begin scan in 'K:\' End of the scan: jeudi 18 septembre 2008 23:02 Used time: 50:39 Minute(s) The scan has been done completely. 22846 Scanning directories 491149 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 491147 Files not concerned 2917 Archives were scanned 12 Warnings 0 Notes 94238 Objects were scanned with rootkit scan 0 Hidden objects were found

anadic10 · Answer

Avira AntiVir Personal Report file date: jeudi 18 septembre 2008 22:11 Scanning for 1624929 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: tof Computer name: PC-DE-TOF Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 19:49:59 ANTIVIR3.VDF : 7.0.6.180 188416 Bytes 18/09/2008 19:50:00 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 19:50:05 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 19:50:05 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 19:50:04 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 19:50:03 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 18/09/2008 19:50:02 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 18/09/2008 19:50:01 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18/09/2008 19:50:01 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 18 septembre 2008 22:11 Starting search for hidden objects. '94238' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned Scan process 'WMIADAP.exe' - '0' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned Scan process 'ieuser.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '0' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '0' Module(s) have been scanned Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'MDM.EXE' - '0' Module(s) have been scanned Scan process 'LSSrvc.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'sched.exe' - '0' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'avguard.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '0' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'SLsvc.exe' - '0' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'lsm.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'wininit.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned 16 processes with 16 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD5 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD6 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Boot sector 'D:\' [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Boot sector 'F:\' [INFO] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [INFO] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [INFO] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [INFO] In the drive 'I:\' no data medium is inserted! Boot sector 'J:\' [INFO] No virus was found! Boot sector 'K:\' [INFO] No virus was found! [WARNING] System error [5]: Accès refusé. [INFO] Please restart the search with Administrator rights Starting to scan the registry. The registry was scanned ( '43' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'J:\' Begin scan in 'K:\' End of the scan: jeudi 18 septembre 2008 23:02 Used time: 50:39 Minute(s) The scan has been done completely. 22846 Scanning directories 491149 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 491147 Files not concerned 2917 Archives were scanned 12 Warnings 0 Notes 94238 Objects were scanned with rootkit scan 0 Hidden objects were found

anthony5151 · Answer

Antivir n'a rien trouvé, c'est bon :)

Pour les 12 "Warnings" : ça indique juste les éléments qu'il n'a pas réussi à lire.
Une partie parce que tu n'es apparemment pas sur une session administrateur, et pour cette alerte là, elle est normale :
C:\pagefile.sys
[WARNING] The file could not be opened! 


Sinon, peux-tu poster un dernier rapport hijackthis stp ?

anadic10 · Answer

Voilà le rapport. Apparement, je n'avais pas scanner antivir entierement, mais peut-être que Hajicthis te suffit.
Pour répondre à ta question, j'etais bien administrateur.
Pour les conseils pour sécuriser l'ordi, c'est avec plaisir...

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:54:22, on 12/09/2008Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32	askeng.exeC:\Windows\Explorer.EXEC:\Windows\System32\mobsync.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\QuickTime\qttask.exeC:\Windows\ehome\ehmsas.exeC:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\IncrediMail\bin\IMApp.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Windows\system32	askeng.exeC:\Program Files\Trend Micro\HijackThis\Jack.exe.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/frenchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/... - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/?ref=go - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/... - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exeO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRunO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [limixhe] c:\users	of\appdata\local\limixhe.exe limixheO4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [Google Update] "C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users	of\AppData\Local\Temp\fccApqRk.dll,cO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO13 - Gopher Prefix: O15 - Trusted Zone: *.canalplay.comO15 - Trusted Zone: *.canalplusactive.comO15 - Trusted Zone: *.canalplay.com (HKLM)O15 - Trusted Zone: *.canalplusactive.com (HKLM)O16 - DPF: CANALPLAY Installer - https://www.canalplus.com/canalplay/ - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exeO23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe--End of file - 7267 bytes

anthony5151 · Answer

Le rapport apparaissait comme ça ?
Est-ce que tu pourrais le refaire stp, là c'est illisible :(

anadic10 · Answer

Je l'ai retrouvé. Desolée pour tout ces scans à regarder. Avira AntiVir Personal Report file date: jeudi 18 septembre 2008 23:07 Scanning for 1624929 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-TOF Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 19:49:59 ANTIVIR3.VDF : 7.0.6.180 188416 Bytes 18/09/2008 19:50:00 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 19:50:05 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 19:50:05 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 19:50:04 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 19:50:03 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 18/09/2008 19:50:02 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 18/09/2008 19:50:01 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18/09/2008 19:50:01 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 18 septembre 2008 23:07 Starting search for hidden objects. '107840' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'mobsync.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'ieuser.exe' - '1' Module(s) have been scanned Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '41' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Users anas\AppData\Local\Temp\sqsqfghx.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4945ca8d.qua'! Begin scan in 'D:\' End of the scan: vendredi 19 septembre 2008 00:03 Used time: 56:36 Minute(s) The scan has been done completely. 23052 Scanning directories 407818 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine Avira AntiVir Personal Report file date: jeudi 18 septembre 2008 23:07 Scanning for 1624929 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-TOF Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 19:49:59 ANTIVIR3.VDF : 7.0.6.180 188416 Bytes 18/09/2008 19:50:00 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 19:50:05 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 19:50:05 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 19:50:04 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 19:50:03 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 18/09/2008 19:50:02 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 18/09/2008 19:50:01 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18/09/2008 19:50:01 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 18 septembre 2008 23:07 Starting search for hidden objects. '107840' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'mobsync.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'ieuser.exe' - '1' Module(s) have been scanned Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '41' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Users anas\AppData\Local\Temp\sqsqfghx.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4945ca8d.qua'! Begin scan in 'D:\' End of the scan: vendredi 19 septembre 2008 00:03 Used time: 56:36 Minute(s) The scan has been done completely. 23052 Scanning directories 407818 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 407815 Files not concerned 2137 Archives were scanned 2 Warnings 1 Notes 107840 Objects were scanned with rootkit scan 0 Hidden objects were found 0 files were renamed 2 Files cannot be scanned 407815 Files not concerned 2137 Archives were scanned 2 Warnings 1 Notes 107840 Objects were scanned with rootkit scan 0 Hidden objects were found

anadic10 · Answer

Je vois incredimail qui traine, comment puis-je supprimer juste cette ligne?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:22, on 12/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\ehome\ehmsas.exe
C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\Jack.exe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [limixhe] c:\users	of\appdata\local\limixhe.exe limixhe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users	of\AppData\Local\Temp\fccApqRk.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CANALPLAY Installer - https://www.canalplus.com/canalplay/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

anthony5151 · Answer

Pour Incredimail, je t'ai donné un lien qui expliquait comment le désinstaller :
http://assiste.com.free.fr/p/logitheque/incredimail.html#desinstaller_incredimail

Apparemment il y a un bug avec hijackthis, il affiche un rapport datant du 12... 

Télécharge ToolsCleaner sur ton bureau : ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe 
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer. 
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).

Puis réinstalle hijackthis :
Télécharge hijackthis sur ton bureau :  https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/ 

Installe le, puis lance le et clique sur "Do a system scan and save a logfile". 
Fais un copier-coller du rapport entier sur le forum

anadic10 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:46, on 20/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Jack.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users	of\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CANALPLAY Installer - https://www.canalplus.com/canalplay/
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

anadic10 · Answer

Bonjour. Je te le refait au cas tu m'avais oublié et j'ai sécurisé l'ordi aussi, comme conseillé. Spybot m'informe que j'ai le trojan Virtumondo


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:35, on 23/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [olpiyw] c:\users
anas\appdata\local\olpiyw.exe olpiyw
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CANALPLAY Installer - https://www.canalplus.com/canalplay/
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

Trojan-gen reste malgré les scans

41 réponses

Votre réponse

Discussions similaires

Newsletters