Se connecter / S'enregistrer
Votre question

Help ! Infecté par Trojan Hotbar A

Tags :
  • Ad aware
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Septembre 2007 11:24:08

Bonjour,

Mon ordinateur est infecté par Trojan Hotbar A d'après le rapport de bit défender. Impossible à supprimer ni à déplacer. Que dois-je faire ? Merci de votre aide, car mon ordi rame à mort.
Je vous joins le rapport de bit defender ainsi que le scan Hijack this.



//-----------------------------------------------------------------
//
// BitDefender report file
//
// Created on: 10/09/2007 12:27:05
//
//-----------------------------------------------------------------


Summary:

C:\Documents and Settings\Docteur PARISOT\Local Settings\Temp\HbToolsU.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>zlib_nsis0001 Infected Trojan.Hotbar.A
C:\Documents and Settings\Docteur PARISOT\Local Settings\Temp\HbToolsU.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>zlib_nsis0001 Disinfection failed - Trying second action
C:\Documents and Settings\Docteur PARISOT\Local Settings\Temp\HbToolsU.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>zlib_nsis0001 Move failed
C:\Documents and Settings\Docteur PARISOT\Local Settings\Temp\HbToolsU.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001 Infected Trojan.Hotbar.A
C:\Documents and Settings\Docteur PARISOT\Local Settings\Temp\HbToolsU.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001 Disinfection failed - Trying second action
C:\Documents and Settings\Docteur PARISOT\Local Settings\Temp\HbToolsU.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001 Move failed
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>Ad-Aware SE Default.skn Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>arrow1.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>arrow2.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bck1.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt11.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt12.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt13.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt21.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt22.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt23.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt31.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt32.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt33.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt41.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt42.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt43.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt51.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt52.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt53.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt61.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>bt62.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>checkbox1.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>checkbox2.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>checkbox3.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>checkbox4.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>defbtn1.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>defbtn2.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>defbtn3.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph1.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph2.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph3.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph4.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph5.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph6.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>glyph7.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>main.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>preview.bmp Password protected
C:\Documents and Settings\Docteur PARISOT\Mes documents\aawsepersonal.exe=>wise0021=>sprite1.bmp Password protected
C:\Program Files\HbTools\HBTV\uninstaller.exe=>(NSIS o)=>zlib_nsis0001 Infected Trojan.Hotbar.A
C:\Program Files\HbTools\HBTV\uninstaller.exe=>(NSIS o)=>zlib_nsis0001 Disinfection failed - Trying second action
C:\Program Files\HbTools\HBTV\uninstaller.exe=>(NSIS o)=>zlib_nsis0001 Move failed
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>Ad-Aware SE Default.skn Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp Password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp Password protected
C:\Program Files\Softwin\BitDefender Professional Edition\Infected\TVEngineCommand.dll Infected Trojan.Hotbar.A
C:\Program Files\Softwin\BitDefender Professional Edition\Infected\TVEngineCommand.dll Disinfection failed - Trying second action
C:\Program Files\Softwin\BitDefender Professional Edition\Infected\TVEngineCommand.dll

Statistics

Scan path : C:\
Folders : 4649
Files : 134249
Archives : 7030
Packed files : 8618
Identified viruses : 1
Infected files : 4
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 32
Scan time : 01:28:50
Scan speed (files/sec) : 25

Virus definitions : 800292
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 7
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report





Voici le Hijack This :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:13, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hbtools\HBTV\HBTV.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Softwin\BITDEF~1\upgrepl.exe
C:\DOCUME~1\DOCTEU~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D777597F442A36C0 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6796 bytes

Autres pages sur : help infecte trojan hotbar

a b 8 Sécurité
13 Septembre 2007 13:30:42

Bonjour,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
17 Septembre 2007 12:45:21

Bonjour,

Voici le rapport :


17/09/2007 a 12:43:03,14

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\Documents and Settings\Docteur PARISOT\Application Data\hbtools\" FOUND
"C:\Documents and Settings\Docteur PARISOT\Application Data\ShopperReports\" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\HbTools\" FOUND
"C:\Program Files\HbTools_Icons\" FOUND
"C:\Program Files\Hotbar\" FOUND
"C:\Program Files\ShopperReports" FOUND
*** Fin du rapport !
a b 8 Sécurité
17 Septembre 2007 17:51:33

Re,

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)

Redémarre en mode sans échec

Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

Redémarre normalement.
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

Poste le rapport clean : C:\rapport_clean.txt
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS