Aller au contenu

Zoliviera

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Zoliviera

  1. Zoliviera
    Bonsoir, J'ai fait les mises à jour windows update. Je n'ai pas encore réussi à faire celles de Microsoft (le site web était indisponible ?...). Les symptomes initiaux qui me génaient le plus ( à savoir redirection des adresses de sites cherchés via les moteurs de recherche google et mozilla vers des sites non désirés et souvent à caractère porno) se sont estompés. En tout cas je n'ai qu'un ou deux cas cette semaine. J'ai refait une analyse KAV et ai demandé la suppression des fichiers dans lesquels il était indiqué le virus Trojan.Win32.StartPage qui n'était plus sur C:\program files\Services en ligne\Sunrise\freesurf.exe mais sur un autre chemin. Je referais demain une nouvelle analyse pour voir s'il apparait encore. Je ne pense pas m'être débarassé totalement du problème mais je ne voudrais pas abuser de ton temps et de ta patience. Merci encore pour tout. Ci-dessous, la dernière analyse KAV. Analyse complète: terminée le 25/03/2009 23:03:39 (événements : 27, objets : 370442, durée : 01:38:02) 25/03/2009 21:25:37 Lancement de la tâche 25/03/2009 21:27:04 Détectés: http://www.viruslist.com/fr/advisories/31453 c:\program files\microsoft office\office10\powerpnt.exe 25/03/2009 21:27:10 Détectés: http://www.viruslist.com/fr/advisories/31593 c:\program files\microsoft office\office10\excel.exe 25/03/2009 21:27:20 Détectés: http://www.viruslist.com/fr/advisories/30285 c:\program files\microsoft office\office10\winword.exe 25/03/2009 21:31:02 Détectés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1232\A0967663.exe 25/03/2009 21:31:03 Non réparés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1232\A0967663.exe Reporté 25/03/2009 21:31:26 Détectés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1236\A0967823.exe 25/03/2009 21:31:26 Non réparés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1236\A0967823.exe Reporté 25/03/2009 21:31:43 Détectés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1237\A0967909.exe 25/03/2009 21:31:43 Non réparés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1237\A0967909.exe Reporté 25/03/2009 21:31:43 Détectés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1237\A0967914.exe 25/03/2009 21:31:43 Non réparés: HEUR:Trojan.Win32.StartPage c:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP1237\A0967914.exe Reporté 25/03/2009 21:46:37 Détectés: http://www.viruslist.com/fr/advisories/26027 c:\hp\recovery\wizard\SWR_Wizard.exe/# 25/03/2009 21:46:37 Erreur de traitement: http://www.viruslist.com/fr/advisories/26027 c:\hp\recovery\wizard\SWR_Wizard.exe/# 25/03/2009 21:49:06 Détectés: http://www.viruslist.com/fr/advisories/26201 c:\program files\Adobe\Acrobat 6.0\Reader\AcroRd32.bak 25/03/2009 21:49:06 Détectés: http://www.viruslist.com/fr/advisories/26201 c:\program files\Adobe\Acrobat 6.0\Reader\AcroRd32602.bak 25/03/2009 21:49:17 Détectés: http://www.viruslist.com/fr/advisories/30832 c:\program files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll 25/03/2009 21:55:37 Détectés: http://www.viruslist.com/fr/advisories/32991 c:\program files\DK\Become a Science Explorer\_jvm\bin\java.exe 25/03/2009 21:55:47 Détectés: http://www.viruslist.com/fr/advisories/26027 c:\program files\Fichiers communs\AOL\Flasha.ocx 25/03/2009 21:56:53 Détectés: http://www.viruslist.com/fr/advisories/31744 c:\program files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 25/03/2009 22:08:45 Détectés: http://www.viruslist.com/fr/advisories/31593 c:\program files\microsoft office\office10\excel.exe 25/03/2009 22:10:32 Détectés: http://www.viruslist.com/fr/advisories/31453 c:\program files\microsoft office\office10\powerpnt.exe 25/03/2009 22:10:36 Détectés: http://www.viruslist.com/fr/advisories/30285 c:\program files\microsoft office\office10\winword.exe 25/03/2009 22:51:52 Détectés: http://www.viruslist.com/fr/advisories/23655 c:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll 25/03/2009 22:51:52 Détectés: http://www.viruslist.com/fr/advisories/23655 c:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll 25/03/2009 22:51:53 Détectés: http://www.viruslist.com/fr/advisories/23655 c:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll 25/03/2009 23:03:39 Fin de la tâche
  2. Zoliviera
    Bonsoir, Ci-dessous résultat de l'analyse VT Fichier freesurf.exe reçu le 2009.03.21 22:17:28 (CET)Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.21 - AhnLab-V3 5.0.0.2 2009.03.21 - AntiVir 7.9.0.120 2009.03.21 - Authentium 5.1.2.4 2009.03.21 - Avast 4.8.1335.0 2009.03.20 - AVG 8.5.0.283 2009.03.21 - CAT-QuickHeal 10.00 2009.03.21 - ClamAV 0.94.1 2009.03.21 - Comodo 1078 2009.03.21 Unclassified Malware DrWeb 4.44.0.09170 2009.03.21 - eSafe 7.0.17.0 2009.03.19 - eTrust-Vet 31.6.6409 2009.03.20 - F-Prot 4.4.4.56 2009.03.20 - F-Secure 8.0.14470.0 2009.03.21 - Fortinet 3.117.0.0 2009.03.21 - GData 19 2009.03.21 - Ikarus T3.1.1.48.0 2009.03.21 - K7AntiVirus 7.10.678 2009.03.21 - Kaspersky 7.0.0.125 2009.03.21 - McAfee 5560 2009.03.21 - McAfee+Artemis 5560 2009.03.21 - McAfee-GW-Edition 6.7.6 2009.03.21 - Microsoft 1.4502 2009.03.21 - NOD32 3953 2009.03.21 - Norman 6.00.06 2009.03.20 - nProtect 2009.1.8.0 2009.03.21 - Panda 10.0.0.10 2009.03.21 - Prevx1 V2 2009.03.21 - Rising 21.21.52.00 2009.03.21 - Sophos 4.39.0 2009.03.21 - Sunbelt 3.2.1858.2 2009.03.21 - Symantec 1.4.4.12 2009.03.21 - TheHacker 6.3.3.1.287 2009.03.21 - TrendMicro 8.700.0.1004 2009.03.20 - VBA32 3.12.10.1 2009.03.20 - ViRobot 2009.3.20.1658 2009.03.20 - VirusBuster 4.6.5.0 2009.03.21 - Information additionnelle File size: 634935 bytes MD5...: f47116154d9b55f106a5cb9e2dcbc060 SHA1..: 95ebfa57fd81473657f70d17b1ae3bfb39386957 SHA256: fe7a98c8a2dc4fcb92f629aa736aff1b85783a39022eb1558d32fe7f67d4d068 SHA512: d15ba9976fb61c5ad7c1c427a281740e836289c00745bf9eb1abebfe95180d2e<BR>95e75191d6dace2a2b2519c0cdf7d67a7329b1a46c021b0a2b5e4324528ee7a3 ssdeep: 12288:xot3a6yeSsnPop9XnZM4rSOg7FxdsBLeaB0evPefy3A5TcFVBC1n5t18nJ<BR>XMc:0QeS6ALrSOaxdsBLeamcmf8A5yk5zuMc<BR> PEiD..: Nullsoft Install System v1.98 TrID..: File type identification<BR>NSIS - Nullsoft Scriptable Install System (94.4%)<BR>Win32 Executable MS Visual C++ (generic) (3.6%)<BR>Win32 Executable Generic (0.8%)<BR>Win32 Dynamic Link Library (generic) (0.7%)<BR>Generic Win/DOS Executable (0.1%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4670<BR>timedatestamp.....: 0x3ccc850f (Sun Apr 28 23:26:07 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6080 0x6200 6.43 dac5457f48630a3f4093638b89a59fc6<BR>.rdata 0x8000 0x103c 0x1200 4.92 c5118d4b832709a9e548ebf4d5c28721<BR>.data 0xa000 0x18e10 0x800 4.32 d7157175e92833e8e5ef25289776f471<BR>.rsrc 0x23000 0xdd8 0xe00 3.40 8af24f0a4841da8cef5eef47b2a3a673<BR><BR>( 8 imports ) <BR>> KERNEL32.dll: GetFullPathNameA, MoveFileA, lstrcatA, lstrlenA, GetShortPathNameA, SearchPathA, lstrcpyA, Sleep, RemoveDirectoryA, CopyFileA, GetFileSize, GetModuleFileNameA, GetModuleHandleA, SetFileAttributesA, GetTempPathA, GetTempFileNameA, GetDiskFreeSpaceA, GetVersion, CreateThread, CreateProcessA, CreateFileA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetWindowsDirectoryA, CreateDirectoryA, GetSystemDirectoryA, MultiByteToWideChar, GetFileAttributesA, CompareFileTime, SetFileTime, CloseHandle, FindFirstFileA, DeleteFileA, FindNextFileA, FindClose, lstrcmpiA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, LoadLibraryA, WaitForSingleObject, GetExitCodeProcess, lstrcpynA, GetCommandLineA, GetProcAddress, GetTickCount, GlobalFree, WriteFile, GlobalAlloc, MulDiv, SetFilePointer, ReadFile, FreeLibrary, GetPrivateProfileStringA, WritePrivateProfileStringA, ExitProcess, GetCurrentProcess<BR>> USER32.dll: SetWindowPos, ScreenToClient, EnableWindow, GetDlgItem, SetClassLongA, SetFocus, GetWindowRect, CharPrevA, GetParent, SendDlgItemMessageA, LoadBitmapA, IsWindowVisible, IsWindow, GetDlgItemTextA, FindWindowExA, SendMessageA, DefWindowProcA, DialogBoxParamA, EndDialog, FillRect, GetWindowTextA, DrawTextA, EndPaint, LoadIconA, LoadCursorA, RegisterClassA, SystemParametersInfoA, GetDesktopWindow, CreateWindowExA, SetWindowTextA, SetDlgItemTextA, CharNextA, CreateDialogParamA, DestroyWindow, PostQuitMessage, ShowWindow, SetForegroundWindow, MessageBoxA, wsprintfA, IsWindowEnabled, BeginPaint, SetTimer, SetRect, PeekMessageA, ExitWindowsEx, GetClientRect, DispatchMessageA<BR>> GDI32.dll: SetBkMode, SetTextColor, CreateFontA, CreateSolidBrush, DeleteObject, BitBlt, CreateCompatibleDC, GetTextColor, LineTo, MoveToEx, CreatePen, GetStockObject, SetBkColor, GetNearestColor, CreateBrushIndirect, SelectObject<BR>> ADVAPI32.dll: RegCloseKey, RegDeleteKeyA, RegOpenKeyExA, RegDeleteValueA, RegEnumValueA, RegCreateKeyA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA<BR>> SHELL32.dll: SHGetMalloc, ShellExecuteA, SHGetPathFromIDListA, SHFileOperationA, SHBrowseForFolderA<BR>> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance<BR>> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA<BR>> COMCTL32.dll: -<BR><BR>( 0 exports ) <BR> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f47116154d9b55f106a5cb9e2dcbc060''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f47116154d9b55f106a5cb9e2dcbc060' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f47116154d9b55f106a5cb9e2dcbc060</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f47116154d9b55f106a5cb9e2dcbc060</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.21 - AhnLab-V3 5.0.0.2 2009.03.21 - AntiVir 7.9.0.120 2009.03.21 - Authentium 5.1.2.4 2009.03.21 - Avast 4.8.1335.0 2009.03.20 - AVG 8.5.0.283 2009.03.21 - CAT-QuickHeal 10.00 2009.03.21 - ClamAV 0.94.1 2009.03.21 - Comodo 1078 2009.03.21 Unclassified Malware DrWeb 4.44.0.09170 2009.03.21 - eSafe 7.0.17.0 2009.03.19 - eTrust-Vet 31.6.6409 2009.03.20 - F-Prot 4.4.4.56 2009.03.20 - F-Secure 8.0.14470.0 2009.03.21 - Fortinet 3.117.0.0 2009.03.21 - GData 19 2009.03.21 - Ikarus T3.1.1.48.0 2009.03.21 - K7AntiVirus 7.10.678 2009.03.21 - Kaspersky 7.0.0.125 2009.03.21 - McAfee 5560 2009.03.21 - McAfee+Artemis 5560 2009.03.21 - McAfee-GW-Edition 6.7.6 2009.03.21 - Microsoft 1.4502 2009.03.21 - NOD32 3953 2009.03.21 - Norman 6.00.06 2009.03.20 - nProtect 2009.1.8.0 2009.03.21 - Panda 10.0.0.10 2009.03.21 - Prevx1 V2 2009.03.21 - Rising 21.21.52.00 2009.03.21 - Sophos 4.39.0 2009.03.21 - Sunbelt 3.2.1858.2 2009.03.21 - Symantec 1.4.4.12 2009.03.21 - TheHacker 6.3.3.1.287 2009.03.21 - TrendMicro 8.700.0.1004 2009.03.20 - VBA32 3.12.10.1 2009.03.20 - ViRobot 2009.3.20.1658 2009.03.20 - VirusBuster 4.6.5.0 2009.03.21 - Information additionnelle File size: 634935 bytes MD5...: f47116154d9b55f106a5cb9e2dcbc060 SHA1..: 95ebfa57fd81473657f70d17b1ae3bfb39386957 SHA256: fe7a98c8a2dc4fcb92f629aa736aff1b85783a39022eb1558d32fe7f67d4d068 SHA512: d15ba9976fb61c5ad7c1c427a281740e836289c00745bf9eb1abebfe95180d2e<BR>95e75191d6dace2a2b2519c0cdf7d67a7329b1a46c021b0a2b5e4324528ee7a3 ssdeep: 12288:xot3a6yeSsnPop9XnZM4rSOg7FxdsBLeaB0evPefy3A5TcFVBC1n5t18nJ<BR>XMc:0QeS6ALrSOaxdsBLeamcmf8A5yk5zuMc<BR> PEiD..: Nullsoft Install System v1.98 TrID..: File type identification<BR>NSIS - Nullsoft Scriptable Install System (94.4%)<BR>Win32 Executable MS Visual C++ (generic) (3.6%)<BR>Win32 Executable Generic (0.8%)<BR>Win32 Dynamic Link Library (generic) (0.7%)<BR>Generic Win/DOS Executable (0.1%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4670<BR>timedatestamp.....: 0x3ccc850f (Sun Apr 28 23:26:07 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6080 0x6200 6.43 dac5457f48630a3f4093638b89a59fc6<BR>.rdata 0x8000 0x103c 0x1200 4.92 c5118d4b832709a9e548ebf4d5c28721<BR>.data 0xa000 0x18e10 0x800 4.32 d7157175e92833e8e5ef25289776f471<BR>.rsrc 0x23000 0xdd8 0xe00 3.40 8af24f0a4841da8cef5eef47b2a3a673<BR><BR>( 8 imports ) <BR>> KERNEL32.dll: GetFullPathNameA, MoveFileA, lstrcatA, lstrlenA, GetShortPathNameA, SearchPathA, lstrcpyA, Sleep, RemoveDirectoryA, CopyFileA, GetFileSize, GetModuleFileNameA, GetModuleHandleA, SetFileAttributesA, GetTempPathA, GetTempFileNameA, GetDiskFreeSpaceA, GetVersion, CreateThread, CreateProcessA, CreateFileA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetWindowsDirectoryA, CreateDirectoryA, GetSystemDirectoryA, MultiByteToWideChar, GetFileAttributesA, CompareFileTime, SetFileTime, CloseHandle, FindFirstFileA, DeleteFileA, FindNextFileA, FindClose, lstrcmpiA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, LoadLibraryA, WaitForSingleObject, GetExitCodeProcess, lstrcpynA, GetCommandLineA, GetProcAddress, GetTickCount, GlobalFree, WriteFile, GlobalAlloc, MulDiv, SetFilePointer, ReadFile, FreeLibrary, GetPrivateProfileStringA, WritePrivateProfileStringA, ExitProcess, GetCurrentProcess<BR>> USER32.dll: SetWindowPos, ScreenToClient, EnableWindow, GetDlgItem, SetClassLongA, SetFocus, GetWindowRect, CharPrevA, GetParent, SendDlgItemMessageA, LoadBitmapA, IsWindowVisible, IsWindow, GetDlgItemTextA, FindWindowExA, SendMessageA, DefWindowProcA, DialogBoxParamA, EndDialog, FillRect, GetWindowTextA, DrawTextA, EndPaint, LoadIconA, LoadCursorA, RegisterClassA, SystemParametersInfoA, GetDesktopWindow, CreateWindowExA, SetWindowTextA, SetDlgItemTextA, CharNextA, CreateDialogParamA, DestroyWindow, PostQuitMessage, ShowWindow, SetForegroundWindow, MessageBoxA, wsprintfA, IsWindowEnabled, BeginPaint, SetTimer, SetRect, PeekMessageA, ExitWindowsEx, GetClientRect, DispatchMessageA<BR>> GDI32.dll: SetBkMode, SetTextColor, CreateFontA, CreateSolidBrush, DeleteObject, BitBlt, CreateCompatibleDC, GetTextColor, LineTo, MoveToEx, CreatePen, GetStockObject, SetBkColor, GetNearestColor, CreateBrushIndirect, SelectObject<BR>> ADVAPI32.dll: RegCloseKey, RegDeleteKeyA, RegOpenKeyExA, RegDeleteValueA, RegEnumValueA, RegCreateKeyA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA<BR>> SHELL32.dll: SHGetMalloc, ShellExecuteA, SHGetPathFromIDListA, SHFileOperationA, SHBrowseForFolderA<BR>> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance<BR>> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA<BR>> COMCTL32.dll: -<BR><BR>( 0 exports ) <BR> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f47116154d9b55f106a5cb9e2dcbc060' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f47116154d9b55f106a5cb9e2dcbc060</a> J'ai suivi les différents liens indiqués sur le rapport KAV. La plupart menaient à des mises à jour de produits nombreux et variés. Les mises à jour bureautique (excel, word, ppt..) n'ont pas fonctionné (la réponse était que la version attendue n'était pas trouvée dans le système). Je réessayerais une seconde fois. @+
  3. Zoliviera
    Bonjour, Désolé de ne pas être revenu vers toi plus tôt mais j'ai dû m'absenter. J'ai effectué les opérations recommandées (installation nouvelle version KAV et suppression de Spybot, Adaware et Stinger) J'ai effectué une analyse complète KAV dont voici le rapport : Analyse complète: terminée le 21/03/2009 13:14:17 (événements : 27, objets : 314584, durée : 01:26:47) 21/03/2009 11:21:40 Fin de la tâche 21/03/2009 11:18:54 Lancement de la tâche Analyse complète: terminée le 21/03/2009 13:14:17 (événements : 27, objets : 314584, durée : 01:26:47) 21/03/2009 11:47:30 Lancement de la tâche 21/03/2009 11:48:22 Détectés: http://www.viruslist.com/fr/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx 21/03/2009 11:49:20 Détectés: http://www.viruslist.com/fr/advisories/31593 C:\program files\microsoft office\office10\excel.exe 21/03/2009 11:49:25 Détectés: http://www.viruslist.com/fr/advisories/31453 C:\program files\microsoft office\office10\powerpnt.exe 21/03/2009 11:49:38 Détectés: http://www.viruslist.com/fr/advisories/30285 C:\program files\microsoft office\office10\winword.exe 21/03/2009 11:50:14 Détectés: http://www.viruslist.com/fr/advisories/33632 C:\program files\quicktime\quicktimeplayer.exe 21/03/2009 12:19:21 Détectés: http://www.viruslist.com/fr/advisories/26027 C:\hp\recovery\wizard\SWR_Wizard.exe/# 21/03/2009 12:19:21 Erreur de traitement: http://www.viruslist.com/fr/advisories/26027 C:\hp\recovery\wizard\SWR_Wizard.exe/# 21/03/2009 12:22:52 Détectés: http://www.viruslist.com/fr/advisories/26201 C:\program files\Adobe\Acrobat 6.0\Reader\AcroRd32602.bak 21/03/2009 12:22:52 Détectés: http://www.viruslist.com/fr/advisories/26201 C:\program files\Adobe\Acrobat 6.0\Reader\AcroRd32.bak 21/03/2009 12:23:07 Détectés: http://www.viruslist.com/fr/advisories/30832 C:\program files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll 21/03/2009 12:26:50 Détectés: http://www.viruslist.com/fr/advisories/32991 C:\program files\DK\Become a Science Explorer\_jvm\bin\java.exe 21/03/2009 12:27:00 Détectés: http://www.viruslist.com/fr/advisories/26027 C:\program files\Fichiers communs\AOL\Flasha.ocx 21/03/2009 12:27:53 Détectés: http://www.viruslist.com/fr/advisories/31744 C:\program files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 21/03/2009 12:32:02 Détectés: http://www.viruslist.com/fr/advisories/20845 C:\program files\InterActual\InterActual Player\bin\pcfpatch 21/03/2009 12:32:04 Détectés: http://www.viruslist.com/fr/advisories/20845 C:\program files\InterActual\InterActual Player\iPlayer.exe 21/03/2009 12:36:40 Détectés: http://www.viruslist.com/fr/advisories/31593 C:\program files\microsoft office\office10\excel.exe 21/03/2009 12:38:12 Détectés: http://www.viruslist.com/fr/advisories/31453 C:\program files\microsoft office\office10\powerpnt.exe 21/03/2009 12:38:14 Détectés: http://www.viruslist.com/fr/advisories/30285 C:\program files\microsoft office\office10\winword.exe 21/03/2009 12:40:29 Détectés: http://www.viruslist.com/fr/advisories/33632 C:\program files\quicktime\quicktimeplayer.exe 21/03/2009 12:42:35 Détectés: HEUR:Trojan.Win32.StartPage C:\program files\Services en ligne\Sunrise\freesurf.exe 21/03/2009 12:43:01 Non réparés: HEUR:Trojan.Win32.StartPage C:\program files\Services en ligne\Sunrise\freesurf.exe Reporté 21/03/2009 13:06:53 Détectés: http://www.viruslist.com/fr/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx 21/03/2009 13:07:55 Détectés: http://www.viruslist.com/fr/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll 21/03/2009 13:07:55 Détectés: http://www.viruslist.com/fr/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll 21/03/2009 13:14:11 Détectés: HEUR:Trojan.Win32.StartPage C:\program files\Services en ligne\Sunrise\freesurf.exe 21/03/2009 13:14:17 Fin de la tâche J'ai relancé un scan Hijackthis que je te joins ci-dessous : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:49:34, on 21/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Propriétaire\Bureau\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110481146581 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9a014ab13261e) (gupdate1c9a014ab13261e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 8704 bytes Pour le firewall, je pensais en fait en avoir un par Windows... Si tel n'est pas le cas, lequel me conseillerais-tu d'installer ? Merci encore de ton temps, de ta patience et grande pédagogie.
  4. Zoliviera
    Bonjour, Dans l'ordre : 1 ) j'ai bien désactivé le Teatimer de Spybot 2 ) bien lancé le scan only de Hijackthis et supprimé les lignes indiquées sauf : O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe qui n'apparaissait pas dans la liste 3 ) j'ai bien coché la case demandée pour supprimer le lancement de ctfmon.exe au démarrage 4 ) j'ai bien téléchargé Ad-remover et installé après fermeture de toutes les applications. Néanmoins, j'ai le même problème que pour Navilog, à savoir que le programme ne se lance pas. Après double-clic, les icônes du bureau et la barre de tâches disparaissent quelques secondes puis reviennent et rien ne se passe. J'ai essayé en désactivant le firewall et l'antivirus, en redémarrant le PC, en réessayant de le télécharger à nouveau et réinstaller... rien n'y fait, il ne veut pas se lancer. Est-ce que la présence de nombreux programmes comme Ccleaner, Ad-aware,Kasperky, Stinger 1000, malwarebytes peut expliquer cette défaillance ??? J'ai refait un scan Hijack dont voici le rapport ci-dessous : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:10, on 18/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Propriétaire\Bureau\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [AutoTBar] tem32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22AUTOTBAR.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mappy.com'>http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr'>http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110481146581 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9a014ab13261e) (gupdate1c9a014ab13261e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 9614 bytes En le parcourant, je me suis rendu compte que les 5 lignes ci-dessous étaient toujours présentes alors qu’elles faisaient partie de celles que tu avais listées O4 - HKLM\..\Run: [AutoTBar] tem32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22AUTOTBAR.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" –osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background J'ai donc repris la procédure "scan only" afin de les supprimer et refait un nouveau scan dont voici le rapport. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:14:38, on 18/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\explorer.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Propriétaire\Bureau\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110481146581 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9a014ab13261e) (gupdate1c9a014ab13261e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 9281 bytes Une fois cette manip faite, Ad-remover n'a pas voulu démarrer pour autant.
  5. Zoliviera
    Bonsoir, Voici les 2 rapports 1 ) Rapport MBAM Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1859 Windows 5.1.2600 Service Pack 3 17/03/2009 20:13:26 mbam-log-2009-03-17 (20-13-26).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 156696 Temps écoulé: 48 minute(s), 58 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 16 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04f414e9-e352-4bc3-963d-7bfe5a5f31a9} (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201b9b37-848f-40bd-90ea-7b8f0aa89d6a} (Adware.EGDAccess) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cykuy_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vfzcwxmb_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cykuy_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vfzcwxmb_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. 2 ) Scan HiJack effectué ensuite Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:17:30, on 17/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\explorer.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Documents and Settings\Propriétaire\Bureau\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AutoTBar] tem32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22AUTOTBAR.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110481146581 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9a014ab13261e) (gupdate1c9a014ab13261e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 10091 bytes Pour info, MBAM n'a pas demandé le redémarrage du PC. Merci encore de ton aide.
  6. Zoliviera
    Bonjour, Je reprends contact suite à votre réponse à Web-Map pour une demande d'analyse de rapport Hijack This. J'ai suivi vos instructions pour le téléchargement de Navilog. Cependant, Navilog ne se déclenche pas... ni automatiquement après installation, ni après double-clic sur le raccourci et cela malgrè de longues minutes de patience. J'ai aussi désactivé mon antivirus. Comment faire ?... Merci par avance
×
×
  • Créer...