Forum Clubic

Virus Crypt.Xpack.gen + probleme mises a jour automatiques

Bonjour à tous ,

Je vous ecris car je commence à devenir fou.
Je rencontre plusieurs problemes sur mon pc depuis bientot une semaine maintenant , et je ne sais pas si ils sont liés les uns aux autres.
Je vous explique :

Initialement , tout allait bien.
Puis , il y a quelques jours , l’icone sécurité (drapeau avec croix blanche) est apparu en bas à droite , me disant que les mises à jour automatiques étaient désactivées.
N’écoutant que mon courage , je suis allé dans panneau de configuration pour les réactiver mais rien n’y fait , elles restent toujours désactivées.
Par ailleurs , en surfant sur internet , plusieurs pubs se sont mises à apparaitre régulièrement (toutes les minutes en gros) sans que je puisse les bloquer (beaucoup de pubs pour la sécurité notamment).
J’ai continué à farfouiller des solutions sur des forums pour ce souci et hier soir , j’ai désinstallé Avast pour installé Antivir
Depuis , il me detecte , des que je veux ouvrir quoi que ce soit (une page web, un fichier quelconque , une fenetre…) un Trojan Horse répondant au doux nom de Crypt.Xpack.gen, ce qui ralentit par ailleurs le PC.
La je n’en peux plus du tout.
J’ai trouvé des trucs déja sur ce forum , mais j’ai l’impression que le probleme avec ce virus n’est pas le meme pour chaque PC.
Si vous pouviez m’aider ou me donner des pistes , car la , j’atteins bientot le point de rupture.
Merci d’avance pour votre aide.

Tu sembles sérieusement infecté.
Télécharge tous ces logiciels :
Spybot search and destroy, antivir, avast cleaner, www.clubic.com… aware, hijack this, ccleaner et glary utilities. Met à jour les tous à jour si nécessaire et fais un scan avec hijack this et post un premier rapport ici. Ensuite fait une analyse avec antivir (garde le comme antivirus), ad aware, spybot (si possible en mode sans echec), avec ad aware et avec avast cleaner. Je te dirai que faire après… :wink: Bon courage tu en as pour un moment

Merci beaucoup tout d’abord por t’interresser à mon probleme…
J’ai telechargé les logiciels comme tu le conseilles…voici le rapport de hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:31, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\deborah dehan\Bureau\Reglage probleme\Clubic\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5071223
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5071223
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU “C:\WINDOWS\TEMP\E_S119.tmp” /EF “HKLM”
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [584959fa] rundll32.exe “C:\WINDOWS\system32\yorfrkqf.dll”,b
O4 - HKLM…\Run: [BM5b7a6a66] Rundll32.exe “C:\WINDOWS\system32\hybsqnii.dll”,s
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 - HKCU…\Run: [Windows Update Services] “C:\Documents and Settings\deborah dehan\Local Settings\Application Data\Microsoft\Windows Update\services.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE…
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O17 - HKLM\System\CCS\Services\Tcpip…{16080EE9-9CD2-45AD-9F72-B1A6AD581E24}: NameServer = 86.64.145.145 84.103.237.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


End of file - 8160 bytes


Sur glary utilities , ca me donne 227 erreurs de registre...j'ai demandé la reparation

Avast me dit ca :

Création du fichier journal : C:\Documents and Settings\deborah dehan\Bureau\Reglage probleme\Clubic\aswclnr.log

20/05/2008, 23:58:14
Analyse de la mémoire démarrée…
Aucun corps de virus trouvé en mémoire.
Analyse de la mémoire terminée (75,4s).

Analyse des fichiers démarrée…
C:\Documents and Settings\deborah dehan\Local Settings\Temp\Perflib_Perfdata_c24.dat… le fichier n’a pas pu être analysé !
C:\WINDOWS\system32\rqRIXoND.dll… le fichier n’a pas pu être analysé !
C:\WINDOWS\system32\CatRoot2\edb.log… le fichier n’a pas pu être analysé !
C:\WINDOWS\system32\CatRoot2\tmp.edb… le fichier n’a pas pu être analysé !
C:\WINDOWS\system32\CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb… le fichier n’a pas pu être analysé !
C:\WINDOWS\system32\CatRoot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb… le fichier n’a pas pu être analysé !
Aucun corps de virus trouvé.
Analyse des fichiers terminée (78778 fichiers, 0 infectés, 3417,5s).
Lecteurs analysés : C: E:


AntiVir me donne ça :

Avira AntiVir Personal
Report file date: mercredi 21 mai 2008 00:09

Scanning for 1281002 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DEBORAH

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 21:53:56
ANTIVIR3.VDF : 7.0.4.69 76288 Bytes 20/05/2008 22:08:15
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 19/05/2008 21:54:19
AESCN.DLL : 8.1.0.18 119156 Bytes 19/05/2008 21:54:18
AERDL.DLL : 8.1.0.20 418165 Bytes 19/05/2008 21:54:17
AEPACK.DLL : 8.1.1.5 364918 Bytes 19/05/2008 21:54:14
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/05/2008 21:54:12
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 19/05/2008 21:54:10
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/05/2008 21:54:03
AEGEN.DLL : 8.1.0.21 303477 Bytes 19/05/2008 21:54:02
AEEMU.DLL : 8.1.0.6 430451 Bytes 19/05/2008 21:54:00
AECORE.DLL : 8.1.0.29 168311 Bytes 19/05/2008 21:53:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: delete
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:, E:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Use file extension list
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: high

Start of the scan: mercredi 21 mai 2008 00:09

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘aswclnr.tmp’ - ‘1’ Module(s) have been scanned
Scan process ‘aswclnr.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘mbam.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘SpybotSD.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘TeaTimer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WLLoginProxy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘IEXPLORE.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘alg.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wscntfy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WLSetupSvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sprtsvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘BTStackServer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘DLG.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘BTTray.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘rundll32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘rundll32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sprtcmd.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘RoxWatch9.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘nvsvc32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘MDM.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘btwdins.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘BCMWLTRY.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘WLTRYSVC.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!
Boot sector ‘E:’
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\rqRIXoND.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file could not be deleted!

The registry was scanned ( ‘27’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\rqRIXoND.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file could not be deleted!
Begin scan in ‘E:’
Search path E:\ could not be opened!
Le chemin d’accès spécifié est introuvable.

End of the scan: mercredi 21 mai 2008 00:56
Used time: 46:52 min

The scan has been done completely.

5322 Scanning directories
147835 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
147833 Files not concerned
1025 Archives were scanned
4 Warnings
0 Notes

Dans hijack this coche et fix les lignes :

O4 - HKLM…\Run: [584959fa] rundll32.exe “C:\WINDOWS\system32\yorfrkqf.dll”,b
O4 - HKLM…\Run: [BM5b7a6a66] Rundll32.exe “C:\WINDOWS\system32\hybsqnii.dll”,s

O4 - HKCU…\Run: [Windows Update Services] “C:\Documents and Settings\deborah dehan\Local Settings\Application Data\Microsoft\Windows Update\services.exe”

Télécharge et mets à jour : www.clubic.com…

Nettoie avec.
Fais un scan avec antivir (2h), avec spybot (en mode sans echec F8 au démarrage)(30 minutes) et avec navilog : www.clubic.com… (30 minutes).

Ensuite je te dirais que faire. On y est presque. :wink:

Merci de ton aide
Voici le nouveau scan d’antivir :

Avira AntiVir Personal
Report file date: mercredi 21 mai 2008 19:07

Scanning for 1281002 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DEBORAH

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 21:53:56
ANTIVIR3.VDF : 7.0.4.69 76288 Bytes 20/05/2008 22:08:15
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 19/05/2008 21:54:19
AESCN.DLL : 8.1.0.18 119156 Bytes 19/05/2008 21:54:18
AERDL.DLL : 8.1.0.20 418165 Bytes 19/05/2008 21:54:17
AEPACK.DLL : 8.1.1.5 364918 Bytes 19/05/2008 21:54:14
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/05/2008 21:54:12
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 19/05/2008 21:54:10
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/05/2008 21:54:03
AEGEN.DLL : 8.1.0.21 303477 Bytes 19/05/2008 21:54:02
AEEMU.DLL : 8.1.0.6 430451 Bytes 19/05/2008 21:54:00
AECORE.DLL : 8.1.0.29 168311 Bytes 19/05/2008 21:53:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: delete
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Use file extension list
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: high

Start of the scan: mercredi 21 mai 2008 19:07

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘IEXPLORE.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘IEXPLORE.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘WLLoginProxy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘IEXPLORE.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘BTStackServer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘DLG.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘BTTray.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘TeaTimer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sprtcmd.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wscntfy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘alg.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WLSetupSvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sprtsvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘RoxWatch9.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘nvsvc32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘MDM.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘btwdins.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘BCMWLTRY.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘WLTRYSVC.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘20’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: mercredi 21 mai 2008 19:27
Used time: 19:47 min

The scan has been done completely.

5320 Scanning directories
150761 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
150761 Files not concerned
1034 Archives were scanned
2 Warnings
0 Notes

Parfait. Finis tous les tests et donne de tes nouvelles :jap:

Bonjour ,

Ca a l’air de bien fonctionner maintenant , je te remercie infiniment…le seul souci maintenant c’est qu’en cas de soucis divers , je vais te harceler…
En gros spybot m’a trouver deux trois trucs que j’ai corrigé ensuite.J’ai relancé spybot derriere qui n’a plus rien trouvé puis navilog n’a rien relevé de particulier.
Les mises a jour automatiques sont a nouveaux activées.
Merci mille fois en tout cas.

Pas de souci je suis content que ce soit réglé. Eh puis tu pourras me joindre quand tu voudras. Contacte moi par message personnel et je te donnerai ma adresse mail personnelle. @+ francosa. :wink: