Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

MS ANTIVIRUS

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

MS ANTIVIRUS

Prévenir les modérateurs en cas d'abus 
vioreynaud
vioreynaud
  1. Posté le 20/09/2008 à 18:06:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 je suis envahie par MS ANTIVIRUS
 des fenetres apparaissent toutes les deux minutes
 que dois je faire
 merci de votre réponse
 cordialement

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 20/09/2008 à 18:10:48  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut vioreynaud


 On va vérifier cela, télécharge Hijackthis V 2.02 sur le bureau :

 http://www.trendsecure.com/por [...] nstall.exe


 - Double clique sur HJTInstall.exe sur le bureau

 - Clique sur Install ensuite sur I Accept

 - ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

 - double clique sur le raccourci d'HijackThis sur ton Bureau
 (Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
 - et clique sur sur Do a system scan and save a logfile pour lancer le scan

 Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.

 Dans ta prochaine réponse, faire un clic droit et coller, je procéderai a son analyse.
 Ferme le bloc note et la fenêtre de HJT


 Aide : http://forum.telecharger.01net [...] ges-1.html


 @++

(Publicité)
vioreynaud
  1. Posté le 21/09/2008 à 08:32:56  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici le rapport merci de ta reponse


 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 09:30:07, on 21/09/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16705)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\WINDOWS\eHome\ehRecvr.exe
 C:\WINDOWS\eHome\ehSched.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
 C:\Program Files\CA\eTrust Antivirus\InoRT.exe
 C:\Program Files\CA\eTrust Antivirus\InoTask.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\dllhost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\ehome\ehtray.exe
 C:\WINDOWS\eHome\ehmsas.exe
 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 C:\WINDOWS\system32\RunDll32.e​xe
 C:\WINDOWS\AGRSMMSG.exe
 C:\WINDOWS\Dit.exe
 C:\WINDOWS\zHotkey.exe
 C:\PROGRA~1\CA\ETRUST~1\realmo​n.exe
 C:\Program Files\CyberLink\PowerDVD\PDVDS​erv.exe
 C:\WINDOWS\system32\GSICON.EXE
 C:\WINDOWS\system32\dslagent.e​xe
 C:\Program Files\eoRezo\EoEngine.exe
 C:\PROGRA~1\FICHIE~1\XCPCSync\​TRANSL~1\ErPhn2\ErTray.exe
 C:\Program Files\QuickTime\QTTask.exe
 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe
 C:\Program Files\Microsoft IntelliType Pro\type32.exe
 C:\Program Files\Microsoft IntelliPoint\point32.exe
 C:\WINDOWS\system32\LVCOMSX.EX​E
 C:\Program Files\Logitech\Video\LogiTray.​exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe
 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
 C:\Program Files\MSA\MSA.exe
 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
 C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.ex​e
 C:\Program Files\Pinnacle\InstantCDDVD\In​stantWrite\iwctrl.exe
 C:\Program Files\Skype\Phone\Skype.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Garmin\gStart.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\Windows Media Player\WMPNSCFG.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 C:\Program Files\Logitech\Video\FxSvr2.ex​e
 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolum​eWatcher.exe
 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
 C:\Program Files\Java\jre1.6.0_05\bin\juc​heck.exe
 C:\WINDOWS\system32\HPZipm12.e​xe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R1 - HKLM\Software\Microsoft\Intern​et Explorer,SearchURL = http://internetsearchservice.com
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.yahoo.com
 R1 - HKCU\Software\Microsoft\Intern​et Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
 R1 - HKCU\Software\Microsoft\Intern​et Connection Wizard,ShellNext = http://www.club-internet.fr/na [...] tem9.phtml
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723​696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.d​ll
 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn0\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn0\yt.dll
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: 158117 helper - {427B1FD8-2123-4334-A7D8-7A497​363914B} - C:\WINDOWS\system32\158117\158​117.dll (file missing)
 O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723​696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.d​ll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - (no file)
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn0\yt.dll
 O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE​4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.D​LL (file missing)
 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - (no file)
 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
 O4 - HKLM\..\Run: [Dit] Dit.exe
 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
 O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
 O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmo​n.exe -s
 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDS​erv.exe"
 O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck​.exe
 O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
 O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FICHIE~1\XCPCSync\​TRANSL~1\ErPhn2\ErTray.exe
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
 O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
 O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOne​MessageCenter.exe"  -osboot
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe"
 O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EX​E
 O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.e​xe
 O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.​exe
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
 O4 - HKLM\..\Run: [Sys7.exe] C:\Sys7.exe
 O4 - HKLM\..\Run: [Sys8.exe] C:\Sys8.exe
 O4 - HKLM\..\Run: [\YUR6B.exe] C:\Windows\system32\YUR6B.exe
 O4 - HKLM\..\Run: [\YUR6C.exe] C:\Windows\system32\YUR6C.exe
 O4 - HKLM\..\Run: [\YUR6D.exe] C:\Windows\system32\YUR6D.exe
 O4 - HKLM\..\Run: [\YUR6E.exe] C:\Windows\system32\YUR6E.exe
 O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
 O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
 O4 - HKLM\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe
 O4 - HKLM\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.ex​e
 O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\In​stantWrite\iwctrl.exe /DropDisc
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Back​Web-8876480.exe
 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestE​ngine.exe" boot
 O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
 O4 - HKCU\..\Run: [Sys7.exe] C:\Sys7.exe
 O4 - HKCU\..\Run: [Sys8.exe] C:\Sys8.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
 O4 - HKCU\..\Run: [\YUR6B.exe] C:\Windows\system32\YUR6B.exe
 O4 - HKCU\..\Run: [\YUR6C.exe] C:\Windows\system32\YUR6C.exe
 O4 - HKCU\..\Run: [\YUR6D.exe] C:\Windows\system32\YUR6D.exe
 O4 - HKCU\..\Run: [\YUR6E.exe] C:\Windows\system32\YUR6E.exe
 O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
 O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
 O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
 O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe
 O4 - HKCU\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\la​nceur.exe
 O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
 O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolum​eWatcher.exe
 O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
 O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWay\bar\2.bin\MWSOEMON​.EXE.vir
 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFF​ICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\​REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14​556272C} (Checkers Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC​3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telech [...] loader.cab
 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215​F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6​333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {5C051655-FCD5-4969-9182-770EA​5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ [...] E_UNO1.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://update.microsoft.com/wi [...] 0740655421
 O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10​E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telech [...] loader.cab
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD​1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} (ZoneIntro Class) - http://messenger.zone.msn.com/ [...] b32846.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6​B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F3855​91623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9​B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPl​ugProtocol-8876480.dll
 O21 - SSODL: RomVoidDrive - {861c24f3-c8c9-4be0-a5a2-b7260​4a10422} - C:\WINDOWS\Resources\RomVoidDr​ive.dll (file missing)
 O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b17​7bcd193} - (no file)
 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​150\Intel 32\IDriverT.exe
 O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
 O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
 O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
 O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe

 --
 End of file - 17461 bytes
 CI LE RAPPORT

fyaaah
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 21/09/2008 à 08:56:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour Vioreynaud !

 Vous êtes joliment infecté.

 EDIT MODO : merci de laisser dédétraqué finir la désinfection.


---------------
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 21/09/2008 à 13:08:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut vioreynaud


 Je voie que tu as utilisé Combofix sur ton PC déjà, refais-moi un scan selon la procédure ci-dessous :

 Important Déconnecte toi de l’internet et désactive ton Antivirus et antispyware avant le scan avec Combofix :
 http://forum.pcastuces.com/des [...] -f31s4.htm


 Télécharge combofix.exe (de sUBs) sur le bureau :

 http://download.bleepingcomput [...] mboFix.exe
 http://www.techsupportforum.co [...] mboFix.exe
 http://www.forospyware.com/sUBs/ComboFix.exe


 ==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

 Double clique sur combofix.exe, clique sur OUI et valide par Entrée pour lancer le scan

 Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

 Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


 @++

(Publicité)
vioreynaud
  1. Posté le 21/09/2008 à 17:58:22  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
VOICI LE RAPPORT DE HIJACKTHIS APRES AVOIR LANCER MALWAREBYTES qui a duré plus de 7 heures et aussi de le rapport de ce dernier
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 18:51:04, on 21/09/2008
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16705)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\WINDOWS\eHome\ehRecvr.exe
 C:\WINDOWS\eHome\ehSched.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
 C:\Program Files\CA\eTrust Antivirus\InoRT.exe
 C:\Program Files\CA\eTrust Antivirus\InoTask.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
 C:\WINDOWS\system32\HPZipm12.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\dllhost.ex​e
 C:\WINDOWS\ehome\ehtray.exe
 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 C:\WINDOWS\eHome\ehmsas.exe
 C:\WINDOWS\system32\RunDll32.e​xe
 C:\WINDOWS\AGRSMMSG.exe
 C:\WINDOWS\Dit.exe
 C:\WINDOWS\zHotkey.exe
 C:\PROGRA~1\CA\ETRUST~1\realmo​n.exe
 C:\Program Files\CyberLink\PowerDVD\PDVDS​erv.exe
 C:\WINDOWS\system32\GSICON.EXE
 C:\WINDOWS\system32\dslagent.e​xe
 C:\Program Files\eoRezo\EoEngine.exe
 C:\PROGRA~1\FICHIE~1\XCPCSync\​TRANSL~1\ErPhn2\ErTray.exe
 C:\Program Files\QuickTime\QTTask.exe
 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe
 C:\Program Files\Microsoft IntelliType Pro\type32.exe
 C:\Program Files\Microsoft IntelliPoint\point32.exe
 C:\WINDOWS\system32\LVCOMSX.EX​E
 C:\Program Files\Logitech\Video\LogiTray.​exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe
 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
 C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.ex​e
 C:\Program Files\Pinnacle\InstantCDDVD\In​stantWrite\iwctrl.exe
 C:\Program Files\Skype\Phone\Skype.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Garmin\gStart.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\Windows Media Player\WMPNSCFG.exe
 C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 C:\Program Files\Logitech\Video\FxSvr2.ex​e
 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolum​eWatcher.exe
 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.yahoo.com
 R1 - HKCU\Software\Microsoft\Intern​et Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
 R1 - HKCU\Software\Microsoft\Intern​et Connection Wizard,ShellNext = http://www.club-internet.fr/na [...] tem9.phtml
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723​696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.d​ll
 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn0\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn0\yt.dll
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723​696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.d​ll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn0\yt.dll
 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
 O4 - HKLM\..\Run: [Dit] Dit.exe
 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
 O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
 O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmo​n.exe -s
 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDS​erv.exe"
 O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck​.exe
 O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
 O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FICHIE~1\XCPCSync\​TRANSL~1\ErPhn2\ErTray.exe
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
 O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
 O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOne​MessageCenter.exe"  -osboot
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.e​xe"
 O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EX​E
 O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.e​xe
 O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.​exe
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.ex​e
 O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\In​stantWrite\iwctrl.exe /DropDisc
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Back​Web-8876480.exe
 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestE​ngine.exe" boot
 O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\la​nceur.exe
 O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
 O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolum​eWatcher.exe
 O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
 O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe
 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFF​ICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv​.dll
 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\​REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14​556272C} (Checkers Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC​3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telech [...] loader.cab
 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215​F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6​333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {5C051655-FCD5-4969-9182-770EA​5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ [...] E_UNO1.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://update.microsoft.com/wi [...] 0740655421
 O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10​E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telech [...] loader.cab
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD​1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} (ZoneIntro Class) - http://messenger.zone.msn.com/ [...] b32846.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6​B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F3855​91623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9​B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPl​ugProtocol-8876480.dll
 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​150\Intel 32\IDriverT.exe
 O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
 O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
 O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
 O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e​xe

 --
 End of file - 15041 bytes

 RAPPORT MALWAREBYTES :
 Malwarebytes' Anti-Malware 1.28
 Version de la base de données: 1184
 Windows 5.1.2600 Service Pack 3

 21/09/2008 18:45:08
 RAPPORT.txt

 Type de recherche: Examen complet (C:\|D:\|E:\|)
 Eléments examinés: 208196
 Temps écoulé: 7 hour(s), 33 minute(s), 37 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 46
 Valeur(s) du Registre infectée(s): 3
 Elément(s) de données du Registre infecté(s): 2
 Dossier(s) infecté(s): 4
 Fichier(s) infecté(s): 63

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 HKEY_CLASSES_ROOT\acm.acmfacto​ry (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\TypeLib\{df9​01432-1b9f-4f5b-9e56-301c553f9​095} (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{4​3382522-a846-46f4-ac57-1f71ae6​e1086} (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{5​72fb162-c0ba-4edf-8cff-e384615​3b9b0} (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{7​2a836d1-bc00-43c0-a941-17960e4​fb842} (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\CLSID\{a9aae​1ab-9688-42c5-86f5-c12f6b9015a​d} (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\acm.acmfacto​ry.1 (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.htmlmenu (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\funwebproduc​ts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\mywebsearch.​outlookaddin (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\mywebsearch.​outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\mywebsearcht​oolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\mywebsearcht​oolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{0​7b18eaa-a523-4961-b6bb-170de44​75cca} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{0​7b18eac-a523-4961-b6bb-170de44​75cca} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{3​e1656ed-f60e-4597-b6aa-b6a58e1​71495} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{4​2bc572d-89a0-4b8e-9eb4-ad40fb7​1d7c3} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{6​3d0ed2b-b45b-4458-8b3b-60c69bb​bd83c} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{6​3d0ed2d-b45b-4458-8b3b-60c69bb​bd83c} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{6​e74766c-4d93-4cc0-96d1-47b8e07​ff9ca} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{7​41de825-a6f0-4497-9aa6-8023cf9​b0fff} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{7​473d291-b7bb-4f24-ae82-7e2ce94​bb6a9} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Interface\{d​e38c398-b328-4f4c-a3ad-1b5e4ed​93477} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\CLSID\{07b18​ea9-a523-4961-b6bb-170de4475cc​a} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\CLSID\{07b18​eab-a523-4961-b6bb-170de4475cc​a} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\CLSID\{1E0DE​227-5CE4-4ea3-AB0C-8B03E1AA76B​C} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\CLSID\{a4730​ebe-43a6-443e-9776-36915d323ad​3} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Typelib\{07b​18ea0-a523-4961-b6bb-170de4475​cca} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Typelib\{747​3d290-b7bb-4f24-ae82-7e2ce94bb​6a9} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Typelib\{8e6​f1830-9607-4440-8530-13be7c4b1​d14} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Typelib\{e47​caee0-deea-464a-9326-3f2801535​a4d} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\Typelib\{f42​228fb-e84e-479e-b922-fbbd096e7​92c} (Adware.MyWebSearch) -> No action taken.
 HKEY_CLASSES_ROOT\AppID\{127df​9b4-d75d-44a6-af78-8c3a8ceb03d​b} (Adware.WhenUSave) -> No action taken.
 HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\contim (Trojan.Vundo) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
 HKEY_CURRENT_USER\SOFTWARE\MyW​ebSearch (Adware.MyWebSearch) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\SaveNow (Adware.WhenUSave) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Wh​enUSave (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\AppID\ACM.DL​L (Adware.WhenUSave) -> No action taken.
 HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.

 Valeur(s) du Registre infectée(s):
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​ADP (Rogue.Multiple) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Main\searchmigratedde​faulturl (Trojan.Zlob) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.

 Elément(s) de données du Registre infecté(s):
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.​com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Main\SearchMigratedDe​faultURL (Hijack.Search) -> Bad: (http://internetsearchservice.​com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.

 Dossier(s) infecté(s):
 C:\Program Files\SpyShredder (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
 C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
 C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.

 Fichier(s) infecté(s):
 C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> No action taken.
 C:\a (Trojan.FakeAlert) -> No action taken.
 C:\x (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\MSA\MSA.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder.​exe (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder1​.dll (Rogue.Multiple) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder2​.dll (Rogue.Multiple) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder3​.dll (Rogue.Multiple) -> No action taken.
 C:\QooBox\Quarantine\C\WINDOWS​\xpupdate.exe.vir (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0152314.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0152315.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0152316.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0152317.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0152318.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0152319.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0153314.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0153315.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0153316.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P711\A0153317.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P712\A0154335.exe (Trojan.FakeAlert) -> No action taken.
 C:\System Volume Information\_restore{429DAC60-​4770-4A36-9BC7-BCA56715DA5D}\R​P714\A0156335.exe (Trojan.FakeAlert) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder.​lic (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder.​rar (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder0​.ss (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\SpyShredder\SpyShredder1​.ss (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\SpyShredder\Uninstall.ex​e (Rogue.SpyShredder) -> No action taken.
 C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\save.cch (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> No action taken.
 C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
 C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
 C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
 C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
 C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
 C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
 C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> No action taken.
 C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> No action taken.
 C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> No action taken.
 C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> No action taken.
 C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> No action taken.
 C:\WINDOWS\system32\1.ico (Malware.Trace) -> No action taken.
 C:\WINDOWS\system32\2.ico (Malware.Trace) -> No action taken.
 C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
 C:\Documents and Settings\violette\Local Settings\temp\lwpwer.exe (Trojan.FakeAlert) -> No action taken.
 C:\Documents and Settings\violette\Local Settings\temp\sfsrv.exe (Trojan.FakeAlert) -> No action taken.

 je vous remercie de votre aide
 ai je fini ????
 cordialement
 a tous

 Page :
1

Aller à :
 

Sujets relatifs
antivirus XP 2008 antivirus
Antivirus bloqué lors du scan Antivirus XP 2008 infection? [résolu]
antivirus instalation impossible d'antivirus
Mon antivirus se désactive / desinstallation impossible Dossier : Neuf Antivirus testés et notés, génial !
ANtivirus gratuit??  
Plus de sujets relatifs à : MS ANTIVIRUS

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
virus virus et encore virus! 13
ComboFix Résolu 6
Infecté par Navipromo et Spyware secure 10
Virus Remover 2008 12
malwarebyte trouve une erreur dans le registre [Résolu] 8