Aller au contenu

JJRR

Membres
  • Compteur de contenus

    5
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    F, GB, (D)

JJRR's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Résolu ! Avant d'effectuer la procédure recommandée, j'ai changé d'Antivirus en installant Avast à la place d'Antivir. Il a trouvé la première fois 3 virus, puis plus rien. Il me semble que cette meilleure effficacité du scan vient de la procédure au redémarrage qui implique moins d'exe que le mode sans échec. En tout cas, merci beaucoup de aide trés réactive. Cordialement.
  2. Hello Voici le rapport MBAM. Pendant la recherche, mon Antivir a déclenché 4 fois. J'ai répondu d'abord par ignore puis par deny access (je sais, c'est pas fûté). Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1370 Windows 5.1.2600 Service Pack 3 07/11/2008 08:58:36 mbam-log-2008-11-07 (08-58-36).txt Type de recherche: Examen complet (C:\|M:\|N:\|) Eléments examinés: 303590 Temps écoulé: 9 hour(s), 38 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 19 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c80b7ff6-ce60-4079-935e-520c045c30a6} (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Save\Saveupdate.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
  3. Merci de votre réponse et excusez l'envoi de 14:18 (le 2e passage de toolbar a fermé IE). Voici les résultats: 1. recherche -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz ) BIOS : BIOS Date: 06/21/05 16:05:41 Ver: 08.00.10 USER : PERSO ( Administrator ) BOOT : Normal boot Antivirus : AntiVir PersonalEdition Classic Virus Protection 0.0.0.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:186 Go (Free:68 Go) D:\ (CD or DVD) E:\ (CD or DVD) J:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [1] ( 06/11/2008|14:09 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\GamesBar C:\Program Files\GamesBar\Localization-French.ini C:\Program Files\Need2Find C:\Program Files\Need2Find\bar C:\Program Files\RXToolbar C:\Program Files\RXToolbar\CacheCatolog.rx C:\WINDOWS\iun6002.exe C:\WINDOWS\smdat32m.sys -----------\\ Extensions (PERSO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com"'>http://www.google.com" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "Start Page"="about:blank" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\PERSO\Application Data\Microsoft\Office\R‚cents\Installer une version crack‚e de Aoe3 pour les nuls.lnk C:\DOCUME~1\PERSO\Bureau\aoeII\crack.zip C:\DOCUME~1\PERSO\Recent\sibelius3crack.txt.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 06/11/2008|14:10 - Option : [1] -----------\\ Fin du rapport a 14:10:51,85 2. suppression -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz ) BIOS : BIOS Date: 06/21/05 16:05:41 Ver: 08.00.10 USER : PERSO ( Administrator ) BOOT : Normal boot Antivirus : AntiVir PersonalEdition Classic Virus Protection 0.0.0.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:186 Go (Free:68 Go) D:\ (CD or DVD) E:\ (CD or DVD) J:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [2] ( 06/11/2008|14:18 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\GamesBar\Localization-French.ini Supprime! - C:\Program Files\Need2Find\bar Supprime! - C:\Program Files\RXToolbar\CacheCatolog.rx Supprime! - C:\WINDOWS\iun6002.exe Supprime! - C:\WINDOWS\smdat32m.sys Supprime! - C:\Program Files\GamesBar Supprime! - C:\Program Files\Need2Find Supprime! - C:\Program Files\RXToolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (PERSO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Start Page"="about:blank" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\PERSO\Application Data\Microsoft\Office\R‚cents\Installer une version crack‚e de Aoe3 pour les nuls.lnk C:\DOCUME~1\PERSO\Bureau\aoeII\crack.zip C:\DOCUME~1\PERSO\Recent\sibelius3crack.txt.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 06/11/2008|14:10 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 06/11/2008|14:20 - Option : [2] -----------\\ Fin du rapport a 14:20:29,95
  4. Bonjour Je n'arrive pas à me débarasser de cette saleté. J'ai pourtant suivi la procédure suivie par mégataupe en configuration Antivir, affichage des dossiers, nettoyage du disque, et en refaisant par dessus un activescan de Panda. Le système volume information est systématiquement infecté, mais pas uniquement lui. Pouvez vous m'aider svp ? Voici le rapport HijackThis, suivi du rapport ActiveScan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:48:48, on 05/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Corel Print Office Registration.lnk = C:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173728795140 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement...geUploader4.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (file missing) O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O24 - Desktop Component 0: (no name) - http://pubs.lemonde.fr/0/default/empty.gif -- End of file - 10616 bytes ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2008-11-05 16:05:48 PROTECTIONS: 172 MALWARE: 15 SUSPECTS: 3 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 No Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes Avira AntiVir PersonalEdition 8.0.1.30 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 No Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes AntiVir PersonalEdition Classic Virus Protect0.0.0.0 Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00000431 adware/ist.istbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} 00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wusn.1 00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\whenusave 00027660 adware/savenow Adware No 0 Yes No c:\program files\save 00027660 adware/savenow Adware No 0 Yes No hkey_classes_root\wusn.1 00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} 00064489 adware/rxtoolbar Adware No 1 Yes No c:\program files\rxtoolbar 00064489 adware/rxtoolbar Adware No 1 Yes No hkey_current_user\software\rx toolbar 00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\PERSO\Cookies\[email protected][1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\PERSO\Cookies\[email protected][1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\PERSO\Cookies\[email protected][1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\PERSO\Cookies\[email protected][1].txt 00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find 00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find 00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find 00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys 00294874 Adware/SaveNow Adware No 0 Yes No C:\Program Files\Save\ffext.mod 00294875 Adware/SaveNow Adware No 0 No No C:\Program Files\Save\ffext.mod[{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar][content/overlay.js] 00294876 Adware/SaveNow Adware No 0 No No C:\Program Files\Save\ffext.mod[{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll] 02887700 W32/Tenga.A Virus No 0 Yes No C:\Fichiers programme\Corel\Print Office 2000\Printhse.exe 02887700 W32/Tenga.A Virus No 0 Yes No C:\Documents and Settings\PERSO\Local Settings\Temporary Internet Files\Content.IE5\H89PQAWW\WindowsXP-KB823980-x86-ENU[1].exe 02887700 W32/Tenga.A Virus No 0 Yes No C:\Fichiers programme\Corel\Print Office 2000\photohse.exe 02887700 W32/Tenga.A Virus No 0 Yes No C:\Documents J&B\Jean\informatique\Windows supp malwares\windows-kb890830-v2.3.exe 02887700 W32/Tenga.A Virus No 0 Yes No C:\System Volume Information\_restore{AC951F80-725A-4108-A008-E812D5C5DF80}\RP446\A0082336.exe 02887700 W32/Tenga.A Virus No 0 Yes No C:\System Volume Information\_restore{AC951F80-725A-4108-A008-E812D5C5DF80}\RP446\A0082337.exe 02887700 W32/Tenga.A Virus No 0 Yes No C:\System Volume Information\_restore{AC951F80-725A-4108-A008-E812D5C5DF80}\RP446\A0082414.exe ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location j- ;=============================================================================== ================================================================================= =================== No C:\System Volume Information\_restore{AC951F80-725A-4108-A008-E812D5C5DF80}\RP446\A0082413.EXE j- No C:\System Volume Information\_restore{AC951F80-725A-4108-A008-E812D5C5DF80}\RP458\A0085022.exe j- No C:\System Volume Information\_restore{AC951F80-725A-4108-A008-E812D5C5DF80}\RP462\A0085485.exe j- ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description j-
×
×
  • Créer...