je cherche à retirer AntiSpyware de mon IE
Forum Sécurité - Virus : je cherche à retirer AntiSpyware de mon IE
bonjour
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport. 
Désinstalle correctement Avast!
Pour le remplacer par Antivir.
-->Tuto<--
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
j'ai bien lanceé Hijackthis “Do a system scan only” puis coché les ligne R0 et O22
j'ai bien retiré Avast puis installé Antivir
j'ai scanné en SafeMode avec Antivir (et effacé qlq fichiers)
là je voulais relancer un SmitfraudFix mais il me mets un message d'erreur: "Fichier restart.exe absent ! Dezippez la totalité de l'archive dans un dossier" ..j'ai du effacer ce fichier
J'ai voulu re-downloader SmitfraudFix..mais le message est toujours le même..
J'aimerai faire tourner SmitfraudFix
Sinon voici les rapports (le 1er en SafeMode et le 2ème lorsque j'ai rebooté le PC en mode normal..sans que je lui demande)
le 1er:
Avira AntiVir Personal
Report file date: samedi, 6. septembre 2008 20:42
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Save mode
Username: Administrator
Computer name: HARPE-PBDS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi, 6. septembre 2008 20:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '57' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\WINNT\Downloaded Program Files\fx.exe
[DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.138 dropper
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '492bd59d.qua'!
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935d5fb.qua'!
C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[0] Archive type: MS Outlook Mailbox
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Foldereleted Items][Subject
lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Foldereleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Stop looking for a new part-time job - here it is.][Fromina.Bowman665@atlanta.com]6267.html
[DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Foldereleted Items][SubjectayPal. Account Review Department][From:support@paypal.com]6474.html
[DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\Documents and Settings\pbds\My Documents\Calvi_07_08\PhotoShop\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar
[0] Archive type: RAR
--> Crack et Keygen\Keygen Photoshop CS2 Fr.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[NOTE] The file was moved to '4931dbc8.qua'!
C:\Program Files\fx\fx.exe
[DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
[NOTE] The file was deleted!
C:\Recycled\Dc41.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
C:\Recycled\Dc41.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48f6f0aa.qua'!
C:\Recycled\Dc44.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
C:\Recycled\Dc44.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48f6f0b8.qua'!
C:\Recycled\Dc42\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935f0c8.qua'!
C:\Recycled\Dc45\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935f0d0.qua'!
End of the scan: samedi, 6. septembre 2008 23:05
Used time: 2:23:01 Hour(s)
The scan has been done completely.
3752 Scanning directories
251859 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
251837 Files not concerned
8186 Archives were scanned
2 Warnings
9 Notes
..et le 2ème
Avira AntiVir Personal
Report file date: samedi, 6. septembre 2008 23:10
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HARPE-PBDS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi, 6. septembre 2008 23:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'DashBoardS.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'SecMIPService.e' - '1' Module(s) have been scanned
Scan process 'MSTask.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned
Scan process 'hidserv.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
21 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '55' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[0] Archive type: MS Outlook Mailbox
--> Mailbox_[Foldereleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Foldereleted Items][Subjectlease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Foldereleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Stop looking for a new part-time job - here it is.][Fromina.Bowman665@atlanta.com]6267.html
[DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Foldereleted Items][SubjectayPal. Account Review Department][From:support@paypal.com]6474.html
[DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
--> Mailbox_[Foldereleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
End of the scan: dimanche, 7. septembre 2008 00:03
Used time: 53:36 Minute(s)
The scan has been done completely.
3754 Scanning directories
248128 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248117 Files not concerned
8177 Archives were scanned
3 Warnings
0 Notes
bonsoir
oui, le pop up adobe, c'est normal
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
