Trojan/virus help!

Résolu
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   -  
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Depuis un bon moment j'ai un pc qui est rempli de virus, trojan, spyware qui lance des pub à chaque fois que j'utilise un navigateur. C'était supportable tant que j'y touchais pas, mais les pubs et les nombreux ralentissements ont eu raison de ma patience (j'utilise ccleaner régulièrement, j'ai antivir et spyware terminator). Alors j'ai décidé de supprimer tout ça une bonne fois pour toute, je suis passé en mode sans echec avec prise en charge réseau, j'ai d'abord effectué un nettoyage avec ccleaner, ensuite un scan en ligne avec bitdefender puis antivir, s'en est suivit un scan avec spybott, et enfin un ultime nettoyage avec ccleaner. Inutile de préciser qu'il y avait beaucoup de fichiers suspects supprimés. Je suis alors revenu au mode normal et là les alertes redondantes d'antivir se déchaînent: tr/cryptxpack.gen avec 3 dll bizarres: fizelugo.dll woyadolu.dll (plus sur de l'orthographe exact pour celui-ci) et ronuruso.dll toutes situées dans le systeme32.

Je suis sous windows xp home sp3 Aidez moi svp!
A voir également:

76 réponses

Précédent
Réponse 41 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
J'ai fait des recherche, j'ai rentré l'adresse, mais je trouve pas le pref.js :-/
0
Réponse 42 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Oui, pardon, il faut afficher les fichiers et dossiers cachés :
http://pitcatsite.ovh.org/php/dossierwindows.php
0
Réponse 43 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Thx là c'est bon lo.st est parti ^^ , mais dès que j'ouvre firefox il y a une alerte avec un autre trojan: tr/crypt... zenafasi.dll

Je refais la manip avec malware bystes?!
0
Réponse 44 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Vundo, le retour.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
voilà les deux rapports:

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Propriétaire at 2008-12-20 12:07:45
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (11%) free of 186 GB
Total RAM: 511 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:56, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 46 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

---> Mets à jour Adobe Reader :
https://get2.adobe.com/reader/otherversions/

---> Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Clique sur Search For Updates.
* Sélectionne Update Using jucheck.exe puis clique sur Search.
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
0
Réponse 47 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Alors quand j'ai fait combofix /u j'ai eu un message d'erreur dans une toute petite boîte de dialogue, j'espère que ça n'a pas influencé le processus.


JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 21 16:21:01 2008

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

------------------------------------

Finished reporting.
0
Réponse 48 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Supprime JavaRa.

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Outils puis Programmes de désinstallations.
* Sélectionne Crawler Toolbar with Web Security Guard puis clique sur Efface l'Entrée.
* Fais de même pour eoEngine 6.3.

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0
Réponse 49 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Alors j'avais déjà Cclener, mais il n'a pas trouvé les programmes que tu as énoncés, je pense qu'ils ont été supprimé à travers toutes les autres manip. Ensuite l'alerte trojan qui s'ouvrait à chaque lancement de Firefox s'était arrêté juste après les maj de Adobe et Java, et là juste après avoir redémarrer pour usbfix j'ai eu l'alerte qui est revenue, quoi qu'il en soit voilà le rapport:



-------------- UsbFix V2.413.5 ---------------

* User : HP_Propriétaire - NOM-641695C7437
* Outils mis a jours le 17/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 18:51:35 le 21/12/2008
* Windows Xp - Internet Explorer 6.0.2900.5512


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\4.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

K: - Lecteur fixe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[01/01/2004 21:06][--a------] C:\AUTOEXEC.BAT
[04/08/2004 20:00][-rahs----] C:\NTDETECT.COM
[21/12/2008 16:10][--a------] C:\Start_.cmd
[13/12/2008 19:57][-rahs----] C:\boot.ini
[21/12/2008 16:10][--a------] C:\Bug.txt
[21/12/2008 16:10][--a------] C:\ComboFix.txt
[21/12/2008 16:10][--a------] C:\FINIS_IT.TXT
[21/12/2008 16:10][--a------] C:\lopR.txt
[21/12/2008 16:10][--a------] C:\palsound.txt
[21/12/2008 16:10][--a------] C:\PIPIKOKO.TXT
[21/12/2008 16:10][--a------] C:\TB.txt
[21/12/2008 16:10][--a------] C:\UsbFix.txt
[21/12/2008 16:10][--a------] C:\YServer.txt
[01/01/2004 21:06][--a------] C:\CONFIG.SYS
[01/01/2004 21:06][--a------] C:\hiberfil.sys
[01/01/2004 21:06][--a------] C:\IO.SYS
[01/01/2004 21:06][--a------] C:\MSDOS.SYS
[01/01/2004 21:06][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :

[27/07/2001 22:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 14:00][---hs----] D:\NTDETECT.COM
[30/04/2004 14:00][---hs----] D:\Info.exe
[09/01/2002 11:52][---hs----] D:\BOOT.INI
[09/01/2002 11:52][---hs----] D:\Desktop.ini
[09/01/2002 11:52][---hs----] D:\WINBOM.INI
[10/09/2002 01:21][---hs----] D:\Folder.htt
[27/07/2001 22:07][---hs----] D:\CONFIG.SYS
[27/07/2001 22:07][---hs----] D:\IO.SYS
[27/07/2001 22:07][---hs----] D:\MSDOS.SYS
[27/07/2001 22:07][---hs----] D:\HPCD.sys
[27/07/2001 22:07][---hs----] D:\RCBoot.sys

--------------- [ Lecteur K ] ----------------

K: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" -quiet
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SpywareTerminator="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
TrojanScanner=C:\Program Files\Trojan Remover\Trjscan.exe /boot
Alcmtr=ALCMTR.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b21859-7907-11dd-9ef0-00112f78332b}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [21/12/2008 18:51][--a------] "C:\WINDOWS\system32\drivers\mrxdavv.sys"
Supprimé ! - [10/09/2002 01:21][---hs----] D:\Folder.htt
Supprimé ! - [30/04/2004 14:00][---hs----] D:\info.exe

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[01/01/2004 21:06][--a------] C:\AUTOEXEC.BAT
[04/08/2004 20:00][-rahs----] C:\NTDETECT.COM
[21/12/2008 16:10][--a------] C:\Start_.cmd
[13/12/2008 19:57][-rahs----] C:\boot.ini
[27/07/2001 22:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 14:00][---hs----] D:\NTDETECT.COM
[09/01/2002 11:52][---hs----] D:\BOOT.INI
[09/01/2002 11:52][---hs----] D:\Desktop.ini
[09/01/2002 11:52][---hs----] D:\WINBOM.INI

--------------- ! Fin du rapport ! ----------------
0
Réponse 50 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Désinstalle UsbFix.

Tu as Symantec et Antivir comme antivirus, tu dois n'en garder qu'un seul.
0
Réponse 51 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
J'ai désinstallé Norton il y a pas mal de temps, mais il y a encore effetivement pas mal de ses composants sur le pc, dont certains qui nécessitent un cd de norton pour la désinstallation hors je n'ai pas eu de cd avec. Sinon je n'utilise plus norton ça c'est sûr.
0
Réponse 52 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
0
Réponse 53 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà cette fois ci Norton est bel et bien supprimé thx ^^; Par contre j'ai toujours l'alerte ><
0
Réponse 54 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Passe un coup de MBAM et poste le rapport.
0
Réponse 55 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Turlututu ?
0
Réponse 56 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Dsl c'est les vacances et ma soeur ne lâche pas le pc lol, le scan est en progression je posterai le rapport sous peu ^^;
0
Réponse 57 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà le rapport, durant le scan il y a eu pas mal d'alertes mais ce qui me surprend c'est qu'il y a eu aucune détection, donc aucune suppression:

Malwarebytes' Anti-Malware 1.31
Database version: 1535
Windows 5.1.2600 Service Pack 3

23/12/2008 13:56:58
mbam-log-2008-12-23 (13-56-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 282696
Time elapsed: 3 hour(s), 28 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0
Réponse 58 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

---> Dans Antivir, choisis Outils puis Configuration.

---> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

---> Fais un scan complet et poste le rapport.
0
Réponse 59 / 76
Togusa Messages postés 52 Date d'inscription   Statut Membre Dernière intervention  
 
Avira AntiVir Personal
Report file date: mardi 23 décembre 2008 19:36

Scanning for 1113533 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: HP_Propriétaire
Computer name: NOM-641695C7437

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:58:56
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 20:02:57
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 20:02:58
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 20:02:58
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 00:46:31
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 18:00:46
ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 18/12/2008 18:09:20
ANTIVIR3.VDF : 7.1.1.25 194560 Bytes 23/12/2008 12:59:00
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 17:57:32
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 23:52:14
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 17:58:22
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 08:35:44
AEPACK.DLL : 8.1.3.4 393591 Bytes 13/11/2008 09:30:00
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 23:52:11
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 23:52:10
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 17:57:25
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 23:52:06
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 17:57:25
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 17:58:27
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 17:57:23
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 20:02:57
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 20:02:57
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 20:01:45
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 20:02:57
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 20:02:57
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 20:02:59
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 20:02:53
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 20:02:53

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 23 décembre 2008 19:36

Starting search for hidden objects.
'129926' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\admparse.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\advpack.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\browseui.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\corpol.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\custsat.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\dxtmsft.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\dxtrans.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\extmgr.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\hmmapi.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\icardie.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ie4uinit.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieakeng.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieaksie.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieakui.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieapfltr.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iedkcs32.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iedw.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieencode.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieframe.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iepeers.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieproxy.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iernonce.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iertutil.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iesetup.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieudinit.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\ieui.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\iexplore.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\imgutil.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\inseng.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\jscript.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\jsproxy.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\licmgr10.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\msfeeds.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\msfeedsbs.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\msfeedssync.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\mshta.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\mshtml.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\mshtmled.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\mshtmler.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\msls31.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\msrating.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\mstime.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\occache.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\pngfilt.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\shdocvw.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\shlwapi.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\spmsg.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\spuninst.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\spupdsvc.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\url.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\urlmon.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\vbscript.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\vgx.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\webcheck.dll
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\winfxdocobj.exe
[WARNING] The file could not be opened!
C:\21399cc7f6b0c15c8b17\wininet.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\asferror.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\legitlibm.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\mpvis.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\setup_wm.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\spuninst.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\spupdsvc.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\unregmp2.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmccds.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmccfg.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmccpl.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmcsci.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmdbexport.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmerror.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmlaunch.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmp.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpasf.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpband.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpdxm.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpeffects.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpenc.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpencen.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmplayer.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmploc.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpmde.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpnetwk.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpnscfg.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpnssci.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpps.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpshare.exe
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpshell.dll
[WARNING] The file could not be opened!
C:\4052c18bad4efb3fd4\wmpsrcwp.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\Océa.ane\Bureau\InstallAVv_770522170802.exe
[DETECTION] Is the TR/FraudPack.hhe Trojan
[NOTE] The file was moved to '49c43a42.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nujamizi.dll.vir
[DETECTION] Is the TR/Dldr.Agent.awdq Trojan
[NOTE] The file was moved to '49bb4a14.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\viveveno.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c74a0f.qua'!
C:\WINDOWS\system32\nubutafi.dll.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b35720.qua'!
C:\WINDOWS\system32\zenafasi.dll.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49bf5854.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: mardi 23 décembre 2008 22:36
Used time: 2:59:24 Hour(s)

The scan has been done completely.

19348 Scanning directories
737705 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
90 Files cannot be scanned
737610 Files not concerned
20384 Archives were scanned
94 Warnings
5 Notes
129926 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 60 / 76
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Bien.

---> Supprime le dossier RSIT situé dans C:\

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

PS : Ne poste pas les deux rapports dans le même message.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses