Maudus

En effet, ca va beaucoup mieux...Antirvir xp 2008 n'apparait plus..et tout est redevenu normal..Ouf, je respire, j'ai eu très peur..Merci infiniment! Par contre, je n'ai trouvé nul part précision time. Donc c'est bon maintenant?

Merci infiniment de me répondre, la panique commençait à monter... Voila les rapports demandés: ----------->MBAM Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1147 Windows 5.1.2600 Service Pack 3 13/09/2008 22:47:26 mbam-log-2008-09-13 (22-47-26).txt Type de recherche: Examen rapide Eléments examinés: 51424 Temps écoulé: 4 minute(s), 3 second(s) Processus mémoire infecté(s): 3 Module(s) mémoire infecté(s): 4 Clé(s) du Registre infectée(s): 10 Valeur(s) du Registre infectée(s): 8 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 18 Fichier(s) infecté(s): 28 Processus mémoire infecté(s): C:\Program Files\rhcahjj0et5c\rhcahjj0et5c.exe (Rogue.Multiple) -> Unloaded process successfully. C:\WINDOWS\system32\lphcehjj0et5c.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\system32\pphcehjj0et5c.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Program Files\rhcahjj0et5c\MFC71.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\rhcahjj0et5c\msvcp71.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\rhcahjj0et5c\msvcr71.dll (Rogue.Multiple) -> Delete on reboot. C:\WINDOWS\system32\blphcehjj0et5c.scr (Trojan.FakeAlert) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af5e333c-92f9-4eee-b253-d146bc32c582} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{af5e333c-92f9-4eee-b253-d146bc32c582} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcahjj0et5c (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhcahjj0et5c (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcahjj0et5c (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcehjj0et5c (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\rhcahjj0et5c (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Application Data\rhcahjj0et5c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\polstorf.dll (Trojan.BHO.H) -> Delete on reboot. C:\Program Files\rhcahjj0et5c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\rhcahjj0et5c.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\rhcahjj0et5c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcahjj0et5c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080706194128453.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\blphcehjj0et5c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcehjj0et5c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcehjj0et5c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pphcehjj0et5c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\formation\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. --------> Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:50:14, on 13/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Documents and Settings\formation\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe -s O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149051643562 O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photoprintit.de/microsite/115...geUploader3.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sogeti.dom O17 - HKLM\Software\..\Telephony: DomainName = sogeti.dom O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sogeti.dom O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sogeti.dom O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sogeti.dom O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe O23 - Service: Cegid eAGL Service (PGIService) - Unknown owner - C:\CEGIDAPP\PGIService.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8335 bytes

Bonjour, Ce soir, une fenêtre s'est ouverte brutalement et antivir xp 2008 a commencé a scanner mon pc sans que je n'ai rien demandé...J'ai fermé, essayé de le désinstaller : impossible! Le problème est que mon fond d'écran et mes icones sur le bureau sont devenues blanches et SURTOUT quand je vais sur internet pour aller sur un site, il me redirige tout droit sur un autre site.. Impossible d'accéder à votre site de ce pc, c'est pourquoi je vous contacte de mon pc portable car je ne vois pas comment m'en sortir surtout que le pc fixe "atteint" n'est pas la mien.. S'il vous plait, aidez moi!!