VIRUS TROJANS ET CHEVAL DE TROIE

Résolu/Fermé

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008 - 5 août 2008 à 12:14
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 7 août 2008 à 19:26

Bonjour,
Mon ordinateur est infecté opar des virus.
Pouvez-vous m'aider à éradiquer ces virus?
Merci.
PS : Voici le rapport que j'ai tiré avec hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13, on 05/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AAV\aav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Applications\iebtmm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {27796771-8D05-4EE6-B478-43CE759F2106} - (no file)
O2 - BHO: (no name) - {37B0C9BC-834F-4767-9303-EF3A10D141D8} - (no file)
O2 - BHO: (no name) - {88B155F4-255F-4AA9-B394-77F1D13AFBB3} - (no file)
O2 - BHO: (no name) - {A1603912-AFF1-4335-ABDB-FD443A363C26} - (no file)
O2 - BHO: (no name) - {CCE74BE9-1AD2-4A46-90D9-8E38EC889505} - (no file)
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Applications\iebt.dll
O2 - BHO: (no name) - {F5AEDE1D-BD46-4D25-8005-146BCA8071F8} - (no file)
O2 - BHO: (no name) - {F845C251-2959-447B-869E-BD9E511F0399} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {0FAAC4A8-2E74-4D58-9AC0-95201C69185A} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\AAV\aav.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: urqQjKdA - urqQjKdA.dll (file missing)
O22 - SharedTaskScheduler: ceroxylon - {c96395b8-ab09-46a4-b539-7ddf6e061808} - C:\WINDOWS\system32\jkqvjzl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

A voir également:

VIRUS TROJANS ET CHEVAL DE TROIE
Cheval de troie virus download - Télécharger - Antivirus & Antimalwares
Svchost.exe virus - Guide
Vérificateur de lien virus - Guide
Produkey virus ✓ - Forum Windows 10
Lien virus à envoyer - Forum Virus

12 réponses

Réponse 1 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 12:27

Salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post un new hijack this egalement

@+

Réponse 2 / 12

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 12:50

Voici le rapport de combofix
ComboFix 08-08-04.01 - A 2008-08-05 12:42:50.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.648 [GMT 2:00]
Endroit: C:\Documents and Settings\A\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
.

2008-08-04 21:42 . 2008-08-04 21:42 <REP> d-------- C:\Program Files\Trend Micro
2008-08-04 21:38 . 2008-08-04 21:38 <REP> d-------- C:\Program Files\Panda Security
2008-08-04 21:38 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-04 19:40 . 2008-08-04 19:40 <REP> d-------- C:\Program Files\Alwil Software
2008-08-04 16:07 . 2008-08-04 12:49 118,784 --a------ C:\WINDOWS\system32\aav.cpl
2008-08-04 15:16 . 2008-08-04 21:09 <REP> d-------- C:\WINDOWS\system32\804031
2008-08-04 15:15 . 2008-08-04 15:16 <REP> d-------- C:\Program Files\Applications
2008-08-03 12:51 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-03 12:51 . 2008-08-03 12:51 385 --a------ C:\WINDOWS\ODBC.INI
2008-08-03 12:49 . 2008-08-03 12:50 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-08-03 12:49 . 2008-08-03 12:49 <REP> d-------- C:\Program Files\Microsoft.NET
2008-08-03 12:49 . 2008-08-03 21:30 <REP> d-------- C:\Program Files\Microsoft Works
2008-08-03 12:47 . 2008-08-03 12:47 <REP> dr-h----- C:\MSOCache
2008-07-30 21:27 . 2008-07-30 21:27 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 21:26 . 2008-08-01 06:11 <REP> d-------- C:\Documents and Settings\A\Application Data\uTorrent
2008-07-29 17:13 . 2008-07-29 17:13 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2008-07-29 00:18 . 2008-07-29 00:18 <REP> d-------- C:\Program Files\Veoh Networks
2008-07-29 00:17 . 2008-07-29 00:17 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-07-26 20:29 . 2008-07-26 20:35 <REP> d-------- C:\Program Files\PhotoFiltre

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 14:39 --------- d-----w C:\Documents and Settings\A\Application Data\Xfire
2008-08-04 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-03 10:40 --------- d-----w C:\Documents and Settings\A\Application Data\OpenOffice.org2
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 12:08 --------- d-s---w C:\Program Files\Xfire
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 10:14 --------- d-----w C:\Program Files\Webteh
2008-06-16 10:09 --------- d-----w C:\Program Files\The KMPlayer
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 11:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-06-13 21:32 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-13 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 21:18 --------- d-----w C:\Program Files\THQ
2008-06-13 21:12 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-12 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-12 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 14:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-12 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-12 14:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-12 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 09:40 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 09:40 --------- d-----w C:\Program Files\CCleaner
2008-06-11 23:55 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-06-07 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-07 17:36 --------- d-----w C:\Program Files\Lavasoft
2008-05-23 16:59 507,658 ----a-w C:\WINDOWS\java\Packages\848ACGQ7.ZIP
2008-05-21 22:01 155,995 ----a-w C:\WINDOWS\java\Packages\TR1RHV9J.ZIP
2008-05-19 11:43 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:34 1695232]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 17:22 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-03 10:56 16126464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\French\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-03 11:25]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Start Page = about:blank
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
O8 -: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Yahoo! Chess - hxxp://origin.games.yahoo.net/games/clients/y/ct5_x.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Chess.osd

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_30.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf

O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxps://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 12:43:56
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Temps d'accomplissement: 2008-08-05 12:44:29
ComboFix-quarantined-files.txt 2008-08-05 10:44:26
ComboFix2.txt 2008-08-05 10:37:49
ComboFix3.txt 2008-06-12 12:18:46

Pre-Run: 162,692,075,520 octets libres
Post-Run: 162,680,033,280 octets libres

174 --- E O F --- 2008-08-04 13:21:18

Réponse 3 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 13:01

Salut,

tu l´as passé trois fois ?

post un nouveau rapport hijack this stp

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 13:52

le voici.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50, on 05/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 4 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 13:56

ok

plus long maintenant :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 14:51

voici le rapport

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1026
Windows 5.1.2600 Service Pack 3

14:41:15 05/08/2008
mbam-log-8-5-2008 (14-41-15).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 77791
Temps écoulé: 16 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\atfxqogp.bbsl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{06ebda5c-bd3d-451d-9bf2-fde4cd98e56b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ed4ca03d-dba9-4403-9c0d-917b29aca380} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e86df3e-c145-4823-960c-991d53e5ded1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a3adaeaf-e0a0-42a1-9f29-9a19d3c3087c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5138cdcc-49b0-4fac-a76e-d855dc00847c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1ae22bce-b554-4803-bae3-2eff740aff44} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{56e90faa-6f19-44fd-8197-0c08388c2632} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{182fcc02-5b76-4fe2-90a5-ba88906cad3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\804031 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0022962.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aav.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 14:53

ok jojo

passe ceci stp

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[*]Double-clique sur Lop S&D.exe pour lancer l'installation,
[*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
[*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
[*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
[*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 15:04

Voici le rapport Lop S&d

--------------------\\ Lop S&D 4.2.2-5 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
[ USER : A ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 05/08/2008 | 15:00:52,85 ] [ PC : A-5375D103B7974 ]
[ MAJ : 01-08-2008 | 01:40 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[22/05/2008|00:38] C:\DOCUME~1\A\APPLIC~1\Adobe
[17/05/2008|21:16] C:\DOCUME~1\A\APPLIC~1\desktop.ini
[22/05/2008|01:49] C:\DOCUME~1\A\APPLIC~1\Help
[17/05/2008|19:43] C:\DOCUME~1\A\APPLIC~1\Identities
[21/05/2008|20:34] C:\DOCUME~1\A\APPLIC~1\InfraRecorder
[19/05/2008|13:09] C:\DOCUME~1\A\APPLIC~1\InstallShield
[20/05/2008|11:26] C:\DOCUME~1\A\APPLIC~1\Macromedia
[05/08/2008|14:18] C:\DOCUME~1\A\APPLIC~1\Malwarebytes
[21/05/2008|20:30] C:\DOCUME~1\A\APPLIC~1\Media Player Classic
[03/08/2008|13:47] C:\DOCUME~1\A\APPLIC~1\Microsoft
[22/05/2008|00:11] C:\DOCUME~1\A\APPLIC~1\Motive
[03/08/2008|12:40] C:\DOCUME~1\A\APPLIC~1\OpenOffice.org2
[29/05/2008|18:02] C:\DOCUME~1\A\APPLIC~1\Symantec
[01/08/2008|06:11] C:\DOCUME~1\A\APPLIC~1\uTorrent
[22/05/2008|22:58] C:\DOCUME~1\A\APPLIC~1\Winamp
[19/05/2008|16:26] C:\DOCUME~1\A\APPLIC~1\WinRAR
[04/08/2008|16:39] C:\DOCUME~1\A\APPLIC~1\Xfire

[17/05/2008|21:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[12/06/2008|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[22/05/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/06/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[04/08/2008|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[29/05/2008|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
[22/05/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[17/05/2008|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[12/06/2008|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[07/06/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[20/05/2008|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[05/08/2008|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/08/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/05/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[12/06/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[12/06/2008|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/05/2008|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[19/05/2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/05/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/06/2008|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[17/05/2008|21:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[17/05/2008|19:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/05/2008|00:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[20/05/2008|11:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
[12/06/2008|17:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[19/05/2008|14:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander
[14/06/2008|13:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

[12/06/2008|17:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[13/06/2008|23:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/08/2008 14:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[23/07/2008|01:33] C:\Program Files\Adobe
[04/08/2008|19:40] C:\Program Files\Alwil Software
[05/08/2008|14:41] C:\Program Files\Applications
[29/05/2008|18:08] C:\Program Files\CA
[12/06/2008|11:40] C:\Program Files\CCleaner
[22/05/2008|00:04] C:\Program Files\Common Files
[17/05/2008|19:27] C:\Program Files\ComPlus Applications
[22/05/2008|01:49] C:\Program Files\declic
[05/08/2008|12:43] C:\Program Files\Fichiers communs
[19/05/2008|14:45] C:\Program Files\InfraRecorder
[13/06/2008|23:18] C:\Program Files\InstallShield Installation Information
[19/05/2008|13:28] C:\Program Files\Intel
[12/06/2008|16:11] C:\Program Files\Internet Explorer
[20/05/2008|11:36] C:\Program Files\K-Lite Codec Pack
[07/06/2008|19:36] C:\Program Files\Lavasoft
[20/05/2008|11:35] C:\Program Files\ma-config.com
[05/08/2008|14:18] C:\Program Files\Malwarebytes' Anti-Malware
[19/05/2008|13:59] C:\Program Files\Messenger
[28/05/2008|22:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/05/2008|19:35] C:\Program Files\microsoft frontpage
[03/08/2008|12:49] C:\Program Files\Microsoft Office
[20/05/2008|11:58] C:\Program Files\Microsoft Silverlight
[03/08/2008|12:49] C:\Program Files\Microsoft Visual Studio
[03/08/2008|21:30] C:\Program Files\Microsoft Works
[03/08/2008|12:49] C:\Program Files\Microsoft.NET
[19/05/2008|13:59] C:\Program Files\Movie Maker
[17/05/2008|19:22] C:\Program Files\MSN
[17/05/2008|19:23] C:\Program Files\MSN Gaming Zone
[19/05/2008|13:57] C:\Program Files\NetMeeting
[22/05/2008|00:10] C:\Program Files\Numericable
[17/05/2008|19:27] C:\Program Files\Online Services
[19/05/2008|13:44] C:\Program Files\OpenOffice.org 2.3
[19/05/2008|13:57] C:\Program Files\Outlook Express
[04/08/2008|21:38] C:\Program Files\Panda Security
[26/07/2008|20:35] C:\Program Files\PhotoFiltre
[19/05/2008|13:43] C:\Program Files\Realtek
[17/05/2008|19:33] C:\Program Files\Services en ligne
[12/06/2008|16:43] C:\Program Files\Spybot - Search & Destroy
[16/06/2008|12:09] C:\Program Files\The KMPlayer
[13/06/2008|23:18] C:\Program Files\THQ
[04/08/2008|21:42] C:\Program Files\Trend Micro
[17/05/2008|19:43] C:\Program Files\Uninstall Information
[30/07/2008|21:27] C:\Program Files\uTorrent
[29/07/2008|00:18] C:\Program Files\Veoh Networks
[16/06/2008|12:14] C:\Program Files\Webteh
[22/05/2008|19:46] C:\Program Files\Winamp
[22/05/2008|19:46] C:\Program Files\Winamp Remote
[22/05/2008|19:46] C:\Program Files\Winamp Toolbar
[20/05/2008|11:39] C:\Program Files\Windows Live
[17/05/2008|19:34] C:\Program Files\Windows Media Player
[19/05/2008|13:57] C:\Program Files\Windows NT
[17/05/2008|19:27] C:\Program Files\Windows Plus
[17/05/2008|19:33] C:\Program Files\WindowsUpdate
[19/05/2008|13:41] C:\Program Files\WinRAR
[20/05/2008|11:27] C:\Program Files\X10 Hardware
[17/05/2008|19:35] C:\Program Files\xerox
[20/06/2008|14:08] C:\Program Files\Xfire
[12/06/2008|11:40] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/05/2008|00:46] C:\Program Files\Fichiers communs\Adobe
[03/08/2008|12:49] C:\Program Files\Fichiers communs\DESIGNER
[19/05/2008|13:41] C:\Program Files\Fichiers communs\InstallShield
[03/08/2008|21:29] C:\Program Files\Fichiers communs\Microsoft Shared
[17/05/2008|19:32] C:\Program Files\Fichiers communs\MSSoap
[29/07/2008|17:13] C:\Program Files\Fichiers communs\NSV
[17/05/2008|21:16] C:\Program Files\Fichiers communs\ODBC
[29/05/2008|18:08] C:\Program Files\Fichiers communs\Scanner
[17/05/2008|19:32] C:\Program Files\Fichiers communs\Services
[17/05/2008|21:16] C:\Program Files\Fichiers communs\SpeechEngines
[12/06/2008|16:22] C:\Program Files\Fichiers communs\Symantec Shared
[03/08/2008|12:49] C:\Program Files\Fichiers communs\System
[20/05/2008|11:39] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 38 Processus )

iexplore.exe ~ [3312]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 15:01:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\DOCUME~1\A\Cookies\a@www.inthecrack[1].txt

[F:27][D:1]-> C:\DOCUME~1\A\LOCALS~1\Temp
[F:110][D:0]-> C:\DOCUME~1\A\Cookies
[F:174][D:8]-> C:\DOCUME~1\A\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 15:02:19,23

Réponse 6 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 15:09

ok

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\DOCUME~1\A\Cookies\a@www.inthecrack[1].txt

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 15:26

Voici le rapport OTMoveIt

< C:\DOCUME~1\A\Cookies\a@www.inthecrack[1].txt >
C:\DOCUME~1\A\Cookies\a@www.inthecrack[1].txt moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_152238

Réponse 7 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 15:30

ok

post un nouveau rapport hijack this

precise tes soucis

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 15:36

Voici le rapport hijack this
je vais voir si je rencontre des problèmes sur mon ordi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33, on 05/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 8 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 15:49

ok

coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: Yahoo! Chess - http://origin.games.yahoo.net/games/clients/y/ct5_x.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

tu n´as pas de par feu :

installes :

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

ou

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://www.malekal.com/tutorial-online-armor-free/

ou zone alarm plus facil a configurer mais moins performant

https://www.malekal.com/tutoriel-zonealarm-firewall/

bonus :

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

et

spyware gard :

https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

et

pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins : ad block plus, no script ect...

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

Reglages :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

pour supprimer les outils installés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
5 août 2008 à 17:27

voici le rapport.
Si ce n'est pas celui-ci merci de bien vouloir m'indiquer plus précisément l'emplacement de ce rapport.

ALERT! (25501) Log file started
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (00000) "C:\DOCUME~1\A\LOCALS~1\Temp\pft9~tmp\setup.exe" /Key=EHX8Y-ECYXL-XY1ML-4IGKW /NoReboot
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25546) Running in install mode.
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25531) Checking external module versions ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25530) Checking installation version ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25529) Checking for conflicting software ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25508) Checking installation requirements for eTrust PestPatrol Anti-Spyware ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25509) Checking operating system - Result = Windows XP (5.01.2600) + Service Pack 3
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25530) Checking installation version ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25529) Checking for conflicting software ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:07: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25527) Installing to 'C:\Program Files\CA\eTrust Internet Security Suite'.
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25532) Installing eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25516) Creating directory: C:\Program Files\CA\eTrust Internet Security Suite
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25526) Antivirus application is still active: caiss.exe - Result = 9023
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25526) Antivirus application is still active: caissdt.exe - Result = 9023
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25532) Installing eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25533) Updating registry ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25536) Copying product files ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25538) Adding applications to trusted program list ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25515) Adding 'C:\Program Files\CA\eTrust Internet Security Suite\caiss.exe' to trusted application list - Result = 1
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25515) Adding 'C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe' to trusted application list - Result = 1
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25515) Adding 'C:\Program Files\CA\eTrust Internet Security Suite\licreg.exe' to trusted application list - Result = 1
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25532) Installing eTrust PestPatrol Anti-Spyware ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25527) Installing to 'C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware'.
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25516) Creating directory: C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (00000) "C:\DOCUME~1\A\LOCALS~1\Temp\pft9~tmp\pp\PestPatrol.exe" /v"INSTALLDIR=\"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\" NOUPDATE=Yes REBOOT=ReallySuppress /qn"
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25533) Updating registry ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25534) Writing uninstall information ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25543) Removing uninstall information ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25539) Writing license data ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25037) Error E9035: Unable to store license key for eTrust PestPatrol Anti-Spyware.
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25032) Error E9035: Installation of eTrust PestPatrol Anti-Spyware has not completed successfully.
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25535) Copying shared files ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: calic.dll - Result = 2
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: license.dll - Result = 2
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: cavprod.dll - Result = 2
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: license.txt - Result = 2
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: calic.dll - Result = 9028
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25536) Copying product files ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: eisspp.chm - Result = 2
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25033) Error copying file: eisspp.chm - Result = 9028
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25537) Creating shortcuts on Start Menu ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25538) Adding applications to trusted program list ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25515) Adding 'C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\ppv5updater.exe' to trusted application list - Result = 1
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25515) Adding 'C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\pestpatrol5.exe' to trusted application list - Result = 1
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25515) Adding 'C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\ppactivedetection.exe' to trusted application list - Result = 1
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25549) Updating antivirus signatures ...
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\ppv5updater.exe" /noninteractive
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\pestpatrol5.exe" /scan
jeudi 29 mai 2008, 18:08: VIRUS ALERT! (25502) Log file finished - Result = 9035

+++ --- +++ --- +++

jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25501) Log file started
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25039) No products are installed.
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25501) Log file started
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25039) No products are installed.
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 29 mai 2008, 18:10: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25501) Log file started
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25039) No products are installed.
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25501) Log file started
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25039) No products are installed.
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 29 mai 2008, 18:11: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25501) Log file started
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25039) No products are installed.
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 29 mai 2008, 18:12: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25501) Log file started
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25039) No products are installed.
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 29 mai 2008, 19:11: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

mercredi 11 juin 2008, 11:32:38 (25501) Log file started
mercredi 11 juin 2008, 11:32:38 (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
mercredi 11 juin 2008, 11:32:38 (25547) Running in uninstall mode.
mercredi 11 juin 2008, 11:32:39 (25006) Unable to open application framework. - Result = 9004
mercredi 11 juin 2008, 11:32:39 (25039) No products are installed.
mercredi 11 juin 2008, 11:32:39 (25508) Checking installation requirements for eTrust Internet Security Suite ...
mercredi 11 juin 2008, 11:32:39 (25510) Checking permissions on registry keys ...
mercredi 11 juin 2008, 11:32:39 (25511) Checking permissions on directories ...
mercredi 11 juin 2008, 11:32:39 (25528) Checking for other user sessions ...
mercredi 11 juin 2008, 11:32:39 (25006) Error E9004: Unable to open application framework.
mercredi 11 juin 2008, 11:32:40 (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25501) Log file started
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25547) Running in uninstall mode.
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25039) No products are installed.
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25510) Checking permissions on registry keys ...
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25511) Checking permissions on directories ...
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25528) Checking for other user sessions ...
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
mercredi 11 juin 2008, 17:33: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 12 juin 2008, 09:38:37 (25501) Log file started
jeudi 12 juin 2008, 09:38:37 (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 12 juin 2008, 09:38:37 (25547) Running in uninstall mode.
jeudi 12 juin 2008, 09:38:37 (25006) Unable to open application framework. - Result = 9004
jeudi 12 juin 2008, 09:38:37 (25039) No products are installed.
jeudi 12 juin 2008, 09:38:38 (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 09:38:38 (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 09:38:38 (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 09:38:38 (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 09:38:38 (25006) Error E9004: Unable to open application framework.
jeudi 12 juin 2008, 09:38:41 (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25501) Log file started
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25039) No products are installed.
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 12 juin 2008, 09:47: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25501) Log file started
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe"
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25039) No products are installed.
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25501) Log file started
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\cauninst.exe"
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25039) No products are installed.
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25039) Error E9037: No products are installed.
jeudi 12 juin 2008, 09:50: VIRUS ALERT! (25502) Log file finished - Result = 9037

+++ --- +++ --- +++

jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25501) Log file started
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25547) Running in uninstall mode.
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25006) Unable to open application framework. - Result = 9004
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25039) No products are installed.
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25006) Error E9004: Unable to open application framework.
jeudi 12 juin 2008, 09:59: VIRUS ALERT! (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 12 juin 2008, 14:25 (25501) Log file started
jeudi 12 juin 2008, 14:25 (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 12 juin 2008, 14:25 (25547) Running in uninstall mode.
jeudi 12 juin 2008, 14:25 (25006) Unable to open application framework. - Result = 9004
jeudi 12 juin 2008, 14:25 (25039) No products are installed.
jeudi 12 juin 2008, 14:25 (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 14:25 (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 14:25 (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 14:25 (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 14:25 (25006) Error E9004: Unable to open application framework.
jeudi 12 juin 2008, 14:25 (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

jeudi 12 juin 2008, 14:25 (25501) Log file started
jeudi 12 juin 2008, 14:25 (00000) "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
jeudi 12 juin 2008, 14:25 (25547) Running in uninstall mode.
jeudi 12 juin 2008, 14:25 (25006) Unable to open application framework. - Result = 9004
jeudi 12 juin 2008, 14:25 (25039) No products are installed.
jeudi 12 juin 2008, 14:25 (25508) Checking installation requirements for eTrust Internet Security Suite ...
jeudi 12 juin 2008, 14:25 (25510) Checking permissions on registry keys ...
jeudi 12 juin 2008, 14:25 (25511) Checking permissions on directories ...
jeudi 12 juin 2008, 14:25 (25528) Checking for other user sessions ...
jeudi 12 juin 2008, 14:25 (25006) Error E9004: Unable to open application framework.
jeudi 12 juin 2008, 14:25 (25502) Log file finished - Result = 9004

+++ --- +++ --- +++

Réponse 9 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 août 2008 à 17:32

re,

oui c´est pas celui ci...

ouvre antivir click sur reports en dessous de overview > dans la fenêtre des rapports trouve la ligne qui correspond a scan ouvre le fichier et copie et colle le ici

@+

jojo101011 Messages postés 9 Date d'inscription mardi 5 août 2008 Statut Membre Dernière intervention 6 août 2008
6 août 2008 à 19:38

voici le rapport;
J'espère que c'est le bon

AntiVir PersonalEdition Classic
Report file date: mardi 5 août 2008 19:45

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Username: SYSTEM
Computer name: A-5375D103B7974

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mardi 5 août 2008 19:45

Starting search for hidden objects.
'50428' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'cssurf.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Réponse 10 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
6 août 2008 à 19:47

salut,

cette fois ci c´est le bon mais il est pas entier, lol

@+

jojo101011
7 août 2008 à 11:23

Voici le rapport que j'ai copié en intégralité.C'est tout ce que j'ai.
Autre Pb: je n'arrive pas à mettre à jour antivir.Comment faire?

AntiVir PersonalEdition Classic
Report file date: mardi 5 août 2008 19:45

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Username: SYSTEM
Computer name: A-5375D103B7974

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mardi 5 août 2008 19:45

Starting search for hidden objects.
'50428' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'cssurf.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023163.cpl
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48c89840.qua'!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023164.dll
[DETECTION] Is the Trojan horse TR/Killav.28714
[INFO] The file was moved to '48c89844.qua'!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023165.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48c89846.qua'!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023166.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48c8984a.qua'!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023167.exe
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[INFO] The file was deleted!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023168.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48c89857.qua'!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023169.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48c89859.qua'!
C:\System Volume Information\_restore{968A21E7-A998-4FF0-B986-FCD15909C6BB}\RP70\A0023170.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48c8985b.qua'!

End of the scan: mardi 5 août 2008 20:25
Used time: 39:55 min

The scan has been done completely.

3903 Scanning directories
284690 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
284682 Files not concerned
1552 Archives were scanned
1 Warnings
0 Notes
50428 Objects were scanned with rootkit scan
0 Hidden objects were found

Réponse 11 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 août 2008 à 16:52

ok jojo,

fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

pour supprimer les outils utilisés

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

le pc va bien, non ?

@+

jojo101011
7 août 2008 à 19:14

j'ai utilisé Toolscleaner (que j'avais déjà sur mon pc) mais il n'y a aucun élément dans le rapport (après avoir bien sur cliqué sur recherche).
le PC va bien. Merci beaucoup pour l'ensemble de ces conseils.
Que dois-je faire pour avoir la mise à jour automatique d'antivir?
J'ai peur que si cette mise à jour ne se fait pas je rencontre encore des problèmes de virus.

Réponse 12 / 12

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 août 2008 à 19:26

salut jojo,

normalement la mise a jour est automatique.

supprime les outils manuellement si tool cleaner ne les supprime pas...

@+

Discussions similaires

Est ce que le site tlauncher est dangereux ?

Comment savoir si j'ai attrapé un virus sur mon téléphone ?

Virus Altruistic

je viens de recevoir une alerte aux virus sur mon iphone

problême Opéra est ce un virus??

Discussions similaires

Newsletters