Stratgab

Salut apollo, j'ai tout fait mes devoirs ; ) Voivi le log complet de malaware Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3970 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-04-08 19:28:01 mbam-log-2010-04-08 (19-28-01).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 179565 Temps écoulé: 31 minute(s), 23 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 60 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\FOUND.005\FILE0100.CHK (Trojan.Dropper) -> Quarantined and deleted successfully. C:\FOUND.005\FILE0789.CHK (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\!KillBox\urpprot.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\!KillBox\urpext.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\!KillBox\urphook.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\!KillBox\urpprot.exe( 1) (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\!KillBox\urpext.dll( 2) (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\!KillBox\urphook.dll( 3) (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.006\FILE0000.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.006\FILE0003.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.006\FILE0004.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.006\FILE0007.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.007\FILE0000.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.007\FILE0006.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.007\FILE0015.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.007\FILE0023.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.010\FILE0002.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.010\FILE0003.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.010\FILE0005.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.010\FILE0006.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.010\FILE0022.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0000.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0024.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0028.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0030.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0031.CHK (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0034.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0035.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0077.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0078.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0079.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0092.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0095.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0099.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0101.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0102.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0103.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.011\FILE0104.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.012\FILE0000.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.012\FILE0001.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.012\FILE0002.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.012\FILE0007.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.013\FILE0001.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.013\FILE0002.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.013\FILE0003.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.013\FILE0004.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.013\FILE0006.CHK (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\FOUND.014\FILE0007.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.014\FILE0008.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.014\FILE0024.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.015\FILE0000.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.015\FILE0001.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.015\FILE0003.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.015\FILE0004.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.015\FILE0012.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.015\FILE0013.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.017\FILE0003.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.017\FILE0008.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. C:\FOUND.017\FILE0009.CHK (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\FOUND.017\FILE0010.CHK (Trojan.Downloader) -> Quarantined and deleted successfully. Par contre quand je veux désinstaller Avast, il y a un problème, voici le log 10.04.2010 15:11:30 general: Started: 10.04.2010, 15:11:30 10.04.2010 15:11:30 general: Running setup_ais-1ce (462) 10.04.2010 15:11:30 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [service Pack 3] 10.04.2010 15:11:30 system: Memory: 51% load. Phys:502964/1038380K free, Page:2061616/2497636K free, Virt:2067428/2097024K free 10.04.2010 15:11:30 system: Computer WinName: GABGET 10.04.2010 15:11:30 system: Windows Net User: GABGET\Gab 10.04.2010 15:11:30 general: Cmdline: /uninstwiz 10.04.2010 15:11:30 general: Old version: 1ce (462) 10.04.2010 15:11:30 system: Using temp: C:\DOCUME~1\Gab\LOCALS~1\Temp\_asw_aisI.tm~a03552 (16703M free) 10.04.2010 15:11:30 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1 10.04.2010 15:11:30 general: DldSrc set to inet 10.04.2010 15:11:30 internet: SYNCER: Agent=Syncer/5.00 (ais-462;p) 10.04.2010 15:11:30 system: Computer DnsName: Gabget 10.04.2010 15:11:30 system: Computer Ip Addr: 192.168.0.177 10.04.2010 15:11:30 system: Installed in: C:\Program Files\Alwil Software\Avast5 (16703M free) 10.04.2010 15:11:30 internet: SYNCER: Type: use IE settings 10.04.2010 15:11:30 internet: SYNCER: Auth: another authentication, use WinInet 10.04.2010 15:11:30 package: Part prg_ais-1ce is installed 10.04.2010 15:11:30 package: Part vps_win32-10041000 is installed 10.04.2010 15:11:30 package: Part setup_ais-1ce is installed 10.04.2010 15:11:30 package: Part jrog-92 is installed 10.04.2010 15:11:30 general: LoadState: Edition=1 10.04.2010 15:11:30 general: Old version: 1ce (462) 10.04.2010 15:11:30 file: SetExistingFilesBitmap: 304->86->86 10.04.2010 15:11:30 general: GUID: b4104372-65cd-4931-babe-4cc57285a9b5 10.04.2010 15:11:31 general: Server definition(s) loaded for 'main': 334 (maintenance:0) 10.04.2010 15:11:31 general: SelectCurrent: selected server 'Limelight AVAST5 Server' from 'main' 10.04.2010 15:11:31 internet: SYNCER: Type: use IE settings 10.04.2010 15:11:31 internet: SYNCER: Auth: another authentication, use WinInet 10.04.2010 15:11:37 general: Operation set to INST_OP_UNINSTALL 10.04.2010 15:11:37 general: Entered SetupProcessAIS::Do( INST_OP_UNINSTALL ) 10.04.2010 15:11:37 general: Entered SetupProcessWin32Avast::Do( INST_OP_UNINSTALL ) 10.04.2010 15:11:38 package: Transferred: files 0, bytes 0, time 0 ms 10.04.2010 15:11:38 package: Retries: total 0, files 0, servers 1 10.04.2010 15:11:38 internet: Sending stats 'http://stats5.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204 10.04.2010 15:11:38 file: NeedReboot=false 10.04.2010 15:11:38 general: Return code: 0x000004C7 [L'opération a été annulée par l'utilisateur.] 10.04.2010 15:11:38 general: Stopped: 10.04.2010, 15:11:38 Merci! J'ai mis à jour tous les logiciels tel que recommandés dans le lien de ton «post» précédent.

Salut Apollo, il y a effectivement 6 heures de décallage entre le Québec et la France... voici le bloc-note de high-jack this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:55, on 2010-04-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\Gab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\Gab\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F8A039CF-5C0F-4F9E-93AA-47680E1B8C12} - C:\WINDOWS\system32\iifdaaYQ.dll (file missing) O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189008363359 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Gab/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 12161 bytes Je reconnais les processus, j'imagine que ce logiciel me dit à quoi chaque processus est relié? J'ai fait aussi le complet de malaware, je l'ai fait après le premier (plus rapide) et je ne crois pas que j'aie conservé le rapport désolé... Je le refais? Merci encore pour ton aide.

Merci grandement Apollo! Je trouve absurde que des gens prennent le temps à faire des virus comme ça... Au moins il y en a d'autres comme toi qui aide les gens à s'en sortir. J'ai réussi hier soir finalement à le faire en utilisant un mélange de ta méthode et d'une autre que j'ai trouvé sur un site anglophone qui me disait de créer un .reg ou un .inf file puis de runner malaware. J'y suis parvenu finalement. Voici le log Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3970 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-04-08 18:46:49 mbam-log-2010-04-08 (18-46-49).txt Type d'examen: Examen rapide Elément(s) analysé(s): 103558 Temps écoulé: 5 minute(s), 12 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 29 Valeur(s) du Registre infectée(s): 16 Elément(s) de données du Registre infecté(s): 9 Dossier(s) infecté(s): 7 Fichier(s) infecté(s): 18 Processus mémoire infecté(s): C:\Documents and Settings\Gab\Local Settings\Application Data\ave.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtukhhaw (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\your protection (Rogue.YourProtection) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mplay32xe.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Worm.Spambot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Gab\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Gab\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Gab\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\Gab\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\vtUkhHaW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Local Settings\Application Data\ave.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Local Settings\Application Data\3441069269.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Update.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\About.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Activate.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Buy.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Scan.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Settings.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Menu Démarrer\Programmes\Your Protection\Your Protection Support.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favoris\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\Application Data\Microsoft\Internet Explorer\Quick Launch\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Gab\csrss.exe (Trojan.Agent) -> Delete on reboot. J'ai cherché tous les processus en cours sur mon ordi et aucun n'est associé à un virus, sauf les potentiels «vols-noms» des processus système de Windows. En tout cas je pense que tout est réglé et ce en grande partie grâce à ton aide. Voici le .reg qui a pu m'aider Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Classes\.exe] [-HKEY_CURRENT_USER\Software\Classes\secfile] [-HKEY_CLASSES_ROOT\secfile] [-HKEY_CLASSES_ROOT\.exe\shell\open\command] [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" Le .inf [Version] Signature="$Chicago$" Provider=Myantispyware.com [DefaultInstall] DelReg=regsec AddReg=regsec1 [regsec] HKCU, Software\Classes\.exe HKCU, Software\Classes\secfile HKCR, secfile HKCR, .exe\shell\open\command [regsec1] HKCR, exefile\shell\open\command,,,"""%1"" %*" HKCR, .exe,,,"exefile" HKCR, .exe,"Content Type",,"application/x-msdownload" Je clicke droit et appuie sur install pour le deuxième... Je dois avouer ne pas trop comprendre ce que ça fait... mais chacun ses forces ; ) Merci encore! P.S. Est-ce que tu penses que le téléchargement de Highjackthis est toujours nécessaire? P.P.S. Tu dis à ce soir dans le courriel, je suis par certain que c'est en même temps pour nous deux, car je suis au Québec et non en France...

Bonjour, merci pour votre réponse détaillé. J'ai fait ce que vous avez dit, mais je ne suis pas certain que tout est fonctionné. Voici les résultats donnés au redémarrage. All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder C:\Documents and Settings\frichard\local settings\application data\ave.exe not found. ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33505 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gab ->Temp folder emptied: 7385363 bytes ->Temporary Internet Files folder emptied: 779227 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 8930885 bytes ->Flash cache emptied: 434 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 208896 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 17,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 04082010_172756 Files moved on Reboot... File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found! Registry entries deleted on Reboot... Quand j'ai redémarré, il y avait ce résultat que j'ai sauvegardé et les logiciels de «protection» qui s'ouvrait, mais je ne voyais que mon fond d'écran et rien d'autre. J'ai réussi à downloader chrome ce qui me permet d'écrire, car avant mozilla ne fonctionnait pas. Xp security tool 2010 est toujours ouvert dans le coin en bas à droite... Je ne m'y connais pas très bien en informatique, mais je ne suis pas un total nul non plus... Merci de me répondre j'ai vraiment besoin de mon ordi pour terminer ma session d'université... J'oubliais je n'arrive pas à ouvrir le mbam-setup.exe pour l'antivirus suggéré.