Il en reste un, qui n'a pas été supprimé.
On tient le bon bout, relance la même procédure depuis le mode sans échec et poste le rapport.

Courage, c'est le bout du tunnel.

Clean Navipromo version 2.0.5 commencé le 28.07.2007 à 19:07:46.56

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO


Mode suppression par méthode manuelle

Nom du fichier saisi : fmdcabfxew

*** Recherche, Creation backups et suppression ***

C:\WINDOWS\system32\fmdcabfxew_nav.dat absent !
C:\WINDOWS\system32\fmdcabfxew_navup.dat absent !
C:\WINDOWS\system32\fmdcabfxew_navtmp.dat absent !
C:\WINDOWS\system32\fmdcabfxew_m2s.xml absent !

C:\WINDOWS\System32\fmdcabfxew.exe trouvé !
Copie C:\WINDOWS\system32\fmdcabfxew.exe réalise avec succes !
C:\WINDOWS\system32\fmdcabfxew.exe supprimé !

C:\WINDOWS\System32\fmdcabfxew.dat trouvé !
Copie C:\WINDOWS\system32\fmdcabfxew.dat réalise avec succes !
C:\WINDOWS\system32\fmdcabfxew.dat supprimé !

C:\WINDOWS\System32\fmdcabfxew_navps.dat trouvé !
Copie C:\WINDOWS\system32\fmdcabfxew_navps.dat réalise avec succes !
C:\WINDOWS\system32\fmdcabfxew_navps.dat supprimé !

C:\WINDOWS\prefetch\fmdcabfxew*.pf trouvé !
Copie C:\WINDOWS\prefetch\fmdcabfxew*.pf réalise avec succes !
C:\WINDOWS\prefetch\fmdcabfxew*.pf supprimé !


*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Vah‚\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Vah‚\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :


*** Nettoyage termine le 28.07.2007 à 21:12:05.14 ***

Normalement, ça doit être réglé :
- plus de messages spyware secure
- pas de pub intempestive
- pas de popups
- pas de messages kerio anormaux
- on peut redémarrer et ça ne revient pas

J'ai fais un scan d'antivirus et il trouve 2 choses Hiberfil.sys et Pagefile.sys est-ce qu'ils sont dangereux. En tout cas pour le reste il n'y a rien qui revient.

AntiVir PersonalEdition Classic
Report file date: samedi, 28. juillet 2007 21:25

Scanning for 990526 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000*****6-A***E-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Vahé
Computer name: VMG

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:16
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:56
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:06
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:19:00
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 10:15:54
ANTIVIR2.VDF : 6.39.0.177 762368 Bytes 23/07/2007 10:15:04
ANTIVIR3.VDF : 6.39.0.193 212480 Bytes 27/07/2007 13:25:38
AVEWIN32.DLL : 7.4.0.50 2650624 Bytes 26/07/2007 13:15:58
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 23/07/2007 10:15:54
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:10
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:06
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:28
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:20
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:44

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi, 28. juillet 2007 21:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'icone_amigo.exe' - '1' Module(s) have been scanned
Scan process 'NetAppel.exe' - '1' Module(s) have been scanned
Scan process 'WMPNSCFG.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MemOptimizer.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned
Scan process 'POINT32.EXE' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'J:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '19' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'J:\' <IOMEGA_HDD>


End of the scan: samedi, 28. juillet 2007 21:32
Used time: 06:36 min

The scan has been done completely.

1015 Scanning directories
38342 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
38342 Files not concerned
55 Archives were scanned
2 Warnings
0 Notes
0 Hidden objects were found

Hyberfil et pagefile sont des fichiers système de windows, c'est normal que l'antivirus ne puisse y accéder (mémoire virtuelle et fichier d'hibernation).

Si tu n'installes pas les softs suivants

* go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer
* Sur le site http://www.games-desktop.com (n'allez pas dessus!!)

Il ne doit plus revenir, avec les protections préconisées ici :
http://www.libellules.ch/phpBB2/prevention-comment-eviter-bien-des-infections-t24540.html

Ne restaure aucun backup (via amigo, il faudra les refaire quand tu seras sûr qu'il n'y a pas de problème).

Un tout grand merci pour ta compétence et surtout pour ta patience.

Je t’en dois une.

Bonne soirée et bon dimanche

vmg

Salut Falkra,

Juste pour me rassurer, j’ai refais un scan avec AntiVir Guard et il a chopé de nouveau 3 virus je te mets le log mais tout va bien, il n’y a rien qui s’ouvre sans le vouloir.

Si jamais tu vois quelque chose dans le log dis moi s’il te plait ce qu’il faut que je fasse j’ai tout mis en Quarantaine est-ce que c’est mieux de les éliminer complètement ?


AntiVir PersonalEdition Classic
Report file date: dimanche, 29. juillet 2007 19:56

Scanning for 991574 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Vahé
Computer name: VMG

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:16
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:56
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:06
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:19:00
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 10:15:54
ANTIVIR2.VDF : 6.39.0.194 975360 Bytes 28/07/2007 13:26:06
ANTIVIR3.VDF : 6.39.0.195 2048 Bytes 28/07/2007 13:26:06
AVEWIN32.DLL : 7.4.0.50 2650624 Bytes 26/07/2007 13:15:58
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 23/07/2007 10:15:54
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:10
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:06
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:28
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:20
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:44

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche, 29. juillet 2007 19:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4GUI.EXE' - '1' Module(s) have been scanned
Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned
Scan process 'icone_amigo.exe' - '1' Module(s) have been scanned
Scan process 'NetAppel.exe' - '1' Module(s) have been scanned
Scan process 'WMPNSCFG.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MemOptimizer.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned
Scan process 'POINT32.EXE' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'J:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP681\A0191392.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '46ddddbc.qua'!
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP681\A0191448.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '46ddddcd.qua'!
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP681\A0191475.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '477c82f2.qua'!
Begin scan in 'J:\' <IOMEGA_HDD>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche, 29. juillet 2007 20:44
Used time: 47:52 min

The scan has been done completely.

7852 Scanning directories
320907 Files were scanned
3 viruses and/or unwanted programs were found
3 classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
320901 Files not concerned
7329 Archives were scanned
2 Warnings
0 Notes
0 Hidden objects were found

Merci d’avance pour ta patience et ton aide.

Bonne soirée

vmg

CE ne sont pas des virus (voir posts précédents), ce sont les résultats heuristiques (scan à partir de code jugé suspect) sur le fichier navilog1.bat, ceux-là tu peux les effacer, et désinstaller navilog1, pas de problème.

Salut Falkra,

J’ai fais avec le Navilog1 et il a tout enlevé.

Merci beaucoup encore et encore pour ton aide et ta compétence.

Bonne journée

vmg