BV:AutoRun-E [Wrm] [Fermé]

Signaler
-
 Utilisateur anonyme -
Bonjour,


j'ai un virus qui s'appelle BV:AutoRun-E [Wrm] qui revient sans cesse malgré mon anti virus

Nom du fichier : C:\autorun.inf
Nom du logiciel malveillant : BV:AutoRun-E [Wrm]
Type de logiciel malveillant : Virus/Ver
Version VPS : 081129-0, 29/11/2008

Nom du fichier : D:\autorun.inf
Nom du logiciel malveillant : BV:AutoRun-E [Wrm]
Type de logiciel malveillant : Virus/Ver
Version VPS : 081129-0, 29/11/2008

J'ai en effet un disque dur partitionné

Quelque soit l'option que je choisis, Supprimer ou mettre en quarantaine le virus revient.

Merci d'avance pour votre aide

13 réponses


Salut,


Télécharge HijackThis (outils de dignostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> HijackThis

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:46, on 30/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Users\Josselin\AppData\Local\Temp\jah32974.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\temp\9AB.tmp
C:\Windows\System32\mobsync.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7205C53F-464E-4DF3-94D8-D6ABF2C7ACF0} - C:\Users\Josselin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOM75HJT\3077ahntdksr[1].dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9EE6036A-50C0-4AB6-8A3D-037098E21965} - C:\Windows\system32\qoMdEWol.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [873.tmp] C:\Windows\temp\873.tmp
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C040A7-8E89-49F0-B028-AB9713E5054D}: NameServer = 85.255.112.174;85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C040A7-8E89-49F0-B028-AB9713E5054D}: NameServer = 85.255.112.174;85.255.112.109
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdfnh.exe

commence par ceci :


Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1437
Windows 6.0.6000

30/11/2008 15:11:11
mbam-log-2008-11-30 (15-11-11).txt

Type de recherche: Examen rapide
Eléments examinés: 47725
Temps écoulé: 22 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 64

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7205c53f-464e-4df3-94d8-d6abf2c7acf0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7205c53f-464e-4df3-94d8-d6abf2c7acf0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\873.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14c040a7-8e89-49f0-b028-ab9713e5054d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.174;85.255.112.109 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14c040a7-8e89-49f0-b028-ab9713e5054d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.174;85.255.112.109 -> Delete on reboot.

Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Josselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\dvnofdak.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\kadfonvd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pmNFwvVP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\PVvwFNmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\PVvwFNmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xxYOecaw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\waceOYxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\waceOYxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\Josselin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOM75HJT\3077ahntdksr[1].dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Windows\System32\apeegbwt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\bhmyol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\bwqyipig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dcfruwvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dsgqtyci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dwdxpmwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ebdcjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fqplyosj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fyquhxss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\giejutlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gldbshmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGyvwUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ieycyebb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iyjwbusn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jnkeba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kinlkswl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kkrhmehs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ksagyrmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ktbalm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\lmnokeje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mcjptojn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mqiwlywq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\niaggxce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nijtfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xbjhgv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nobaroja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nvladofm.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oyyvkjfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pguvhfwr.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qrfnmtqd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rcxgnhcj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rmwuxrbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rtgvni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ruyggsax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\shkofmwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\sqisrphq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ulfqihko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\unockxbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uqtbfaju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urqRkIcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vlqqpqxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wfpnufaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wrxugvlo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nvrtjrgl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xlfqbgow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xokkrwjr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xumnif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xvejpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xwtcbgmp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ydgoqa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Temp\873.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

réouvre malewarebyte
va sur quarantaine
supprime tout


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Fais un clic droit sur le raccourci UsbFix sur ton bureau et choisi executer en tant qu administrateur

-->choisi l option 1 (nettoyage)

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
-------------- UsbFix V2.413.2 ---------------

* User : Josselin - JOSSELIN
* Outils mis a jours le 29/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:27:24 le 30/11/2008
* Windows Vista - Internet Explorer 7.0.6000.16681


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josselin\AppData\Local\Temp\B817.tmp\b2e.exe
C:\Windows\system32\DllHost.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM

+- Contenu de l'autorun : C:\autorun.inf

[autorun]
shellexecute="resycled\boot.com c:"
shell\Open\command="resycled\boot.com c:"
shell=Open


+- Contenu de l'autorun : D:\autorun.inf

[autorun]
shellexecute="resycled\boot.com d:"
shell\Open\command="resycled\boot.com d:"
shell=Open


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=launcher.exe
icon=autorun.ico


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[18/09/2006 22:43][--a------] C:\autoexec.bat
[30/11/2008 15:13][-r-hs----] C:\autorun.inf
[30/11/2008 15:27][--a------] C:\UsbFix.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

[30/11/2008 15:13][-r-hs----] D:\autorun.inf

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM

+- Listing des fichiers présents :

[17/12/2007 12:01][-r-------] E:\launcher.exe
[17/12/2007 12:01][-r-------] E:\setup.exe
[17/12/2007 12:01][-r-------] E:\launcher.ini
[17/12/2007 12:01][-r-------] E:\setup.ini
[17/12/2007 12:01][-r-------] E:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
Steam="d:\jeux\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl=RtHDVCpl.exe
ccApp="c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck="c:\Program Files\Norton Internet Security\osCheck.exe"
Acer Tour=
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
PlayMovie="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
Apanel=C:\ACERSW\config\NewSetApanel.cmd
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
WatchDog=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
Symantec PIF AlertEng="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

C:\autorun.inf ~> fichier appelé : "C:\"resycled\boot.com c:"" ( absent ! )
D:\autorun.inf ~> fichier appelé : "D:\"resycled\boot.com d:"" ( absent ! )
Supprimé ! - [30/11/2008 15:13][-r-hs----] C:\autorun.inf
Supprimé ! - [30/11/2008 15:13][-r-hs----] D:\autorun.inf
Supprimé ! - [26/11/2008 18:03][-r-hs----] D:\resycled\boot.com
Supprimé ! - [30/11/2008 15:27][dr-hs----] D:\resycled
Echec de la supression !! - [17/12/2007 12:01] E:\autorun.inf
Echec de la supression !! - [17/12/2007 12:01] E:\autorun.inf
Echec de la supression !! - [17/12/2007 12:01] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[18/09/2006 22:43][--a------] C:\autoexec.bat
[17/12/2007 12:01][-r-------] E:\launcher.exe
[17/12/2007 12:01][-r-------] E:\setup.exe
[17/12/2007 12:01][-r-------] E:\launcher.ini
[17/12/2007 12:01][-r-------] E:\setup.ini
[17/12/2007 12:01][-r-------] E:\autorun.inf

--------------- ! Fin du rapport ! ----------------

fais un clic droit sur hijackthis
choisi executer en tant qu administrateur

fais do a system scan and save a logfile et post le rapport stp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:30, on 30/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9EE6036A-50C0-4AB6-8A3D-037098E21965} - C:\Windows\system32\qoMdEWol.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

ton infection >> detournement de DNS (c ok)


tu as 2 antivirus , avast et norton (non actif)

dis moi lequel tu veux garder par ailleurs je peux t en proposer un autre plus performant et gratuit (en anglais)

dis moi ..
en effet j'ai 2 antivirus

j'avais d'abord Norton, installé de base sur l'ordinateur mais à la fin de la période gratuite je n'ai pas renouvelé mon abonnement car je ne veux pas payer d'antivirus. J'ai donc installé Avast que je connaissais déjà par contre j'ai pas réussi à désactiver Norton et encore moins à le supprimer.

Quel est ton antivirus que tu proposes?

Merci pour ton aide

Je te propose antivir :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

->Antivir le telecharger

-> http://www.commentcamarche.net/telecharger/telecharger 55 antivir

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

---------------------------------


commenece par désinstaller norton :

pour désinstaller norton proprement telecharge cet outil


http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20050414110429924?OpenDocument&seg=hm&lg=fr&ct=fr

---------------------------------

si tu decide d installer antivir il fau désinstaller avast aussi :

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility


----------------

une fois tout ceci fait :

désinstal java car pas a jours et telecharge et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite :

fais un clic droit sur hijackthis
choisi executer en tant qu administrateur

fais do a system scan and save a logfile et post le rapport stp

j'ai réussi à désinstaller Norton mais je n'arrive pas à désinstaller Avast

Le message suivant apparait :

The avast! self protection module is enable.For this reason, the operation cannot be completed

ok

le mieux que tu puisse faire pour le virer est de passer l outil en mode sans echec:


Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

-> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/