Problème de .exe avec Avast

[restanco]

Tu as bien passé le script.

On n'a pas fini.

 

Tu peux désinstaller combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ces dossiers s'ils existent encore.

C:\QooBox

C:\ComboFix

 

Je te recommande ensuite un scan complet avec Antivir. Mets-le à jour d'abord (clic droit, start update sur l'icône près de l'horloge).

Une fois à jour, double-clique sur son icône près de l'horloge, cela ouvre l'interface principale, puis clique sur "Scan system now" à droite de "Last complete system scan".

 

/!\ Cela peut être long.

Tu peux sauvegarder le rapport en fin de parcours (bouton "Report").

 

Si Antivir détecte des fichiers infectés, mets en quarantaine (choisis "Move to quarantine" dans la liste des actions. Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

Cela permet de ne pas rester à la surveiller.

 

 

Ok je vais le faire.

Que pense tu de antivir par rapport à avast ?

 

Je ne t'envoies pas le rapport après antivir ?

 

Merci du dépannage.

[Falkra]

Avast est à la traîne depuis des mois, et 9 machines sur 10 infectées ici ont avast, qui ne voit rien.

Antivir n'a pas ce problème (AVG non plus, mais plus lourd), tout en étant gratuit => Antivir.

Je peux te passer une url pour plus de détails si tu le souhaites.

 

Si si, poste le rapport Antivir après le scan (récupérable si tu as fermé antivir : il les stocke, donc pas besoin de rescanner).

[restanco]

Avast est à la traîne depuis des mois, et 9 machines sur 10 infectées ici ont avast, qui ne voit rien.

Antivir n'a pas ce problème (AVG non plus, mais plus lourd), tout en étant gratuit => Antivir.

Je peux te passer une url pour plus de détails si tu le souhaites.

 

Si si, poste le rapport Antivir après le scan (récupérable si tu as fermé antivir : il les stocke, donc pas besoin de rescanner).

 

 

Voici le rapport d'antivir :

 

 

 

Avira AntiVir Personal

Report file date: mercredi 19 novembre 2008 12:02

 

Scanning for 1040492 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: MESUREUX-9A93E3

 

Version information:

BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:52:41

ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:52:44

ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:52:46

ANTIVIR3.VDF : 7.1.0.104 80384 Bytes 18/11/2008 16:52:48

Engineversion : 8.2.0.34

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56

AESCRIPT.DLL : 8.1.1.15 332156 Bytes 18/11/2008 16:53:04

AESCN.DLL : 8.1.1.5 123251 Bytes 18/11/2008 16:53:02

AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 16:53:01

AEPACK.DLL : 8.1.3.4 393591 Bytes 18/11/2008 16:52:59

AEOFFICE.DLL : 8.1.0.30 196986 Bytes 18/11/2008 16:52:57

AEHEUR.DLL : 8.1.0.71 1487222 Bytes 18/11/2008 16:52:56

AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 16:52:52

AEGEN.DLL : 8.1.1.4 319861 Bytes 18/11/2008 16:52:51

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56

AECORE.DLL : 8.1.5.0 172407 Bytes 18/11/2008 16:52:49

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 18/11/2008 16:52:48

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: f:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:, F:, G:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mercredi 19 novembre 2008 12:02

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned

Scan process 'WL-8316 Configuration Utility.exe' - '1' Module(s) have been scanned

Scan process 'TruDirectTray.exe' - '1' Module(s) have been scanned

Scan process 'TMMonitor.exe' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'defragTaskBar.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'defragActivityMonitor.exe' - '1' Module(s) have been scanned

Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned

Scan process 'Apache.exe' - '1' Module(s) have been scanned

Scan process 'NBService.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned

Scan process 'Apache.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'aDefragService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

44 processes with 44 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Boot sector 'G:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '74' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <VIDEOS>

Begin scan in 'E:\' <DONNÉES>

E:\System Volume Information\_restore{151BD613-ADE3-40C9-A6AB-40FEECC7C4DF}\RP2\A0000090.exe

[DETECTION] Contains HEUR/Crypted suspicious code

[NOTE] The file was moved to '4953f5c0.qua'!

E:\System Volume Information\_restore{151BD613-ADE3-40C9-A6AB-40FEECC7C4DF}\RP2\A0000091.exe

[0] Archive type: RAR SFX (self extracting)

--> TopRank.exe

[DETECTION] Is the TR/Buzus.xuu Trojan

[NOTE] The file was moved to '4953f5c1.qua'!

Begin scan in 'F:\' <PROGRAMMES>

F:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'G:\' <DIVERS>

G:\System Volume Information\_restore{151BD613-ADE3-40C9-A6AB-40FEECC7C4DF}\RP2\A0000089.exe

[0] Archive type: ZIP SFX (self extracting)

--> Mosaic - Tomb of Mystery Deluxe\mosaictombofmystery.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '49540e75.qua'!

 

 

End of the scan: mercredi 19 novembre 2008 14:15

Used time: 2:13:33 Hour(s)

 

The scan has been done completely.

 

18829 Scanning directories

1117346 Files were scanned

2 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

3 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

1117342 Files not concerned

15490 Archives were scanned

1 Warnings

3 Notes

 

Je veux bien url

 

Merci et bonne soirée

[Falkra]

Oki, impec.

 

Poste un rapport HijackThis dans ta prochaine réponse stp.

 

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

 

Double-clique sur l'icône HijackThis :

 

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

 

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.

[restanco]

Bonjour

 

Voici le rapport HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:13:40, on 20/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

F:\Program Files\a-squared Free\a2service.exe

F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

F:\Program Files\Bonjour\mDNSResponder.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

F:\WINDOWS\System32\FTRTSVC.exe

F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\svchost.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

G:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Program Files\Analog Devices\Core\smax4pnp.exe

F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Program Files\MSN Messenger\msnmsgr.exe

F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

F:\Program Files\Logitech\SetPoint\SetPoint.exe

F:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

F:\Program Files\TruDirect\TruDirectTray.exe

F:\Program Files\PLANET\PLANET WL-8316\WL-8316 Configuration Utility.exe

F:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

F:\Program Files\MSN Messenger\usnsvc.exe

F:\Program Files\eMule\emule.exe

G:\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - F:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DefragTaskBar] "g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [soundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [iSUSScheduler] "F:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TMMonitor.lnk = F:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

O4 - Global Startup: TruDirectTray.lnk = F:\Program Files\TruDirect\TruDirectTray.exe

O4 - Global Startup: WL-8316 Configuration Utility.lnk = F:\Program Files\PLANET\PLANET WL-8316\WL-8316 Configuration Utility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Program Files\IEPro\iepro.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/e/37.09/Hbo...o/uploader2.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Droppix Service - Droppix - F:\Program Files\Fichiers communs\Droppix\DxService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - F:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - F:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - F:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - F:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

 

--

End of file - 11555 bytes

 

 

Bonne journée.

[Falkra]

Ca va mieux.

 

Désinstalle combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ces dossiers s'ils existent encore :

C:\QooBox

C:\ComboFix

 

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

 

A-squared n'est pas d'une très grande efficacité, tu pourrais t'en passer, MBAM le remplace plus efficacement.

 

Il faut mettre Internet Explorer à jour, là tu as IE6, qui est très vulnérable. Même si on ne l'utilise pas, son moteur peut être utilisé par d'autres logiciels et IE6 n'est plus suffisant côté sécurité. On trouve encore des failles, qui ne seront pas corrigées. IE7 s'installe librement, même sur les windows non authentiques, tout le monde devrait avoir au minimum IE7 donc. Il arrivera par les mises à jour de windows update, sinon on peut le télécharger ici :

http://www.microsoft.com/windows/products/...ie/default.mspx

(bouton "get it now")

 

Je te poste la suite après ça.

[restanco]

Bonjour

 

Voici le nouveau rapport Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:45:49, on 21/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

F:\Program Files\a-squared Free\a2service.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

F:\Program Files\Bonjour\mDNSResponder.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

F:\WINDOWS\System32\FTRTSVC.exe

F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

F:\WINDOWS\system32\nvsvc32.exe

G:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

F:\WINDOWS\system32\svchost.exe

g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Program Files\Analog Devices\Core\smax4pnp.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Program Files\MSN Messenger\msnmsgr.exe

F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

F:\Program Files\Logitech\SetPoint\SetPoint.exe

F:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

F:\Program Files\TruDirect\TruDirectTray.exe

F:\Program Files\PLANET\PLANET WL-8316\WL-8316 Configuration Utility.exe

F:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

F:\Program Files\MSN Messenger\usnsvc.exe

G:\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - F:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DefragTaskBar] "g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [soundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [iSUSScheduler] "F:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TMMonitor.lnk = F:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe

O4 - Global Startup: TruDirectTray.lnk = F:\Program Files\TruDirect\TruDirectTray.exe

O4 - Global Startup: WL-8316 Configuration Utility.lnk = F:\Program Files\PLANET\PLANET WL-8316\WL-8316 Configuration Utility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Program Files\IEPro\iepro.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/e/37.09/Hbo...o/uploader2.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - F:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - g:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Droppix Service - Droppix - F:\Program Files\Fichiers communs\Droppix\DxService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - F:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - F:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - F:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - F:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

 

--

End of file - 11453 bytes

 

D'autre part je vais installer ie7.

 

Bonne journée

[restanco]

Re bonjour

 

J'ai voulu installer ie7 et maintenant je n'ai plus accès à internet explorer après avoir désinstaller l'ancienne version.

 

Pourquoi ?

 

Merci d'avance.

[restanco]

Re

 

J'ai voulu faire une restauration et il est impossible de faire une restauration à la date indiquée.

[Falkra]

Huh, tu as essayé de désinstaller quoi ?

 

Pas accès comment, est-ce qu'il y a un message d'erreur ?