Zbeu

suite et fin apparemment Malwarebytes à eu raison des mes soucis ^^ comme quoi -- désolé du post

Après avoir un peu plus lu voici le rapport via MDBA Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1343 Windows 5.1.2600 Service Pack 3 31/10/2008 10:49:04 mbam-log-2008-10-31 (10-48-53).txt Type de recherche: Examen rapide Eléments examinés: 50199 Temps écoulé: 10 minute(s), 20 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 5 Fichier(s) infecté(s): 49 Processus mémoire infecté(s): C:\Program Files\TinyProxy\TinyProxy.exe (Trojan.Proxy) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\machine debug manager (mdm) (Trojan.Proxy) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\machine debug manager (mdm) (Trojan.Proxy) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\machine debug manager (mdm) (Trojan.Proxy) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\dynamic toolbar (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> No action taken. C:\Program Files\TinyProxy (Trojan.Proxy) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\pbfrv2.dll (Adware.2020Search) -> No action taken. C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\Thumbs.db (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\ErrorLog.txt (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\PBFRV2TB0200.cfg (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> No action taken. C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> No action taken. C:\Program Files\TinyProxy\TinyProxy.exe (Trojan.Proxy) -> No action taken. C:\WINDOWS\fmark2.dat (Malware.Trace) -> No action taken.

Bonjour ici Je suis victime malgré moi de redirection intempestive sous Firefox ou IE En effet quand je clique sur un lien google une fois sur deux je suis orienté vers : http://lightask.com/search/ c'est assez ennuyeux .... de plus souvent quand j'ouvre une page mon navigateur indique que le chargement de la page est terminé alors que rien n'apparait.... bref ... Spybot n'as rien fait - CC cleaner non plus - et pas mieux avec Ad-aware.... voici le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:42, on 31/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\TinyProxy\TinyProxy.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\TEMP\VF524C.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot\TeaTimer.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Citrix\Client ICA\pn.exe C:\PROGRA~1\Citrix\CLIENT~1\Wfcrun32.exe C:\PROGRA~1\Citrix\CLIENT~1\WFICA32.EXE C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8181 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\TinyProxy\TinyProxy.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pare-feu personnel Trend Micro Client/Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 10143 bytes