VIRUS OU PAS ??

ticlaude · le 12 août 2008

je suis totalment nul svp aider moi svp, je croit que jai un virus pas capable de mettre internet 7 +pas capable de faire fonctioner OpenOffice autre programme merci Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:41:35, on 2008-08-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Bell\Gestionnaire de securite\Fws.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Bell\Gestionnaire de securite\Rps.exe

C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Personal Vault\VaultClientUpgrade.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Administrateur.CLAUDE-B08ADD7C\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D12BDC0-90D7-4268-805F-47EC517A47ED} (McciMTThread Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217169028828

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217169487421

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe

O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe

O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--

End of file - 8453 bytes

ticlaude · le 12 août 2008

je suis totalment nul svp aider moi svp, je croit que jai un virus pas capable de mettre internet 7 +pas capable de faire fonctioner OpenOffice autre programme merci Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41:35, on 2008-08-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Bell\Gestionnaire de securite\Fws.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Bell\Gestionnaire de securite\Rps.exe

C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Personal Vault\VaultClientUpgrade.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Administrateur.CLAUDE-B08ADD7C\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D12BDC0-90D7-4268-805F-47EC517A47ED} (McciMTThread Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217169028828

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217169487421

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe

O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe

O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--

End of file - 8453 bytes

JE PEUT VOUS LAISSER LE CONTROLE MON PC SVP AIDER MOI

Apollo · le 12 août 2008

Bonjour,

N'utilise pas la fonction de citation pour faire remonter un sujet stp; un petit UP suffit, et de toute façon quelqu'un te viendra toujours en aide.

Tuto open office: http://www.tutoriaux.biz/tutoriaux-open-office.php ceci relève du forum software.

Explorer 7: ah oui il faudrait l'installer mais tu aurais dû le faire avant d'installer le SP3...

Donc il faudra sans doute désinstaller le pack 3, installer IE7 (moins dangereux que IE6) et réinstaller le SP3.

Pas grand-chose visible sur le log Hijackthis; vérification de présence de malwares avec MBAM.

Télécharger ATF Cleaner par Atribune.

Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)

Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All
Cliquer le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All
Cliquer le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

***Télécharge Malwarebytes' Anti-Malware (MBAM)

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen complet"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Après ça, poste un nouveau log Hijackthis sans utiliser de balises stp.

@+

Sacles · le 12 août 2008

Bonjour,

Explorer 7: ah oui il faudrait l'installer mais tu aurais dû le faire avant d'installer le SP3...
Donc il faudra sans doute désinstaller le pack 3, installer IE7 (moins dangereux que IE6) et réinstaller le SP3.

Tu es sûr de cette information (pas sur la dangerosité d'IE6 par rapport à IE7 évidemment, là c'est OK))?

Salut.

Modifié le 12 août 2008 par Sacles

Apollo · le 12 août 2008

Bonjour,

Il est permis de me corriger....

Je ne me sens pas "maître d'un sujet" et tu es sans nul doute plus averti que moi.

Cela ferait avancer le schmilblick.

Salut.

Apollo · le 12 août 2008

http://www.technicland.com/article.php3?sid=206

ticlaude · le 13 août 2008

Malwarebytes' Anti-Malware 1.24

Version de la base de données: 1045

Windows 5.1.2600 Service Pack 2

22:42:35 2008-08-12

mbam-log-8-12-2008 (22-42-35).txt

Type de recherche: Examen complet (C:\|)

Eléments examinés: 105855

Temps écoulé: 27 minute(s), 24 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 14

Fichier(s) infecté(s): 68

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01840C26 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01840E77 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01840F52.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01840FDF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01841137.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\0184131B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01845BAD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01845C59.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01845CA7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01845D63.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01845E6C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\01845EAB (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

ticlaude · le 13 août 2008

[ie7.log]

0.406: ================================================================================

0.406: 2008/08/11 14:21:37.921 (local)

0.406: c:\b7be078e8ab0fb018b4e10c018e09f4a\update\update.exe (version 6.2.29.0)

0.437: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS

0.437: IECUSTOM: Scanning for proper registry permissions...

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid32

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib

1.547: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

2.406: IECUSTOM: Scanning for proper registry permissions...

2.922: IECUSTOM: Scanning for proper registry permissions...

3.656: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

3.844: IECUSTOM: Backing up registry permissions...

3.859: IECUSTOM: Finished backing up registry permissions...

3.859: IECUSTOM: Setting new registry permissions...

3.875: IECUSTOM: Unable to clear DACLs HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

3.875: IECUSTOM: Finished setting new registry permissions...

3.875: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070534

3.875: DoInstallation: CustomizeCall Failed: 0x3f5

3.875: IECUSTOM: Restoring registry permissions...

3.891: IECUSTOM: Finished restoring registry permissions...

3.922: Impossible d'écrire la clé du Registre de configuration.

3.922: L'installation du Internet Explorer 7 ne s'est pas terminée.

3.922: Update.exe extended error code = 0x3f5

0.563: ================================================================================

0.563: 2008/08/11 15:26:20.687 (local)

0.563: c:\634f20a541aae18227a7de13\update\update.exe (version 6.2.29.0)

0.688: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS

0.688: IECUSTOM: Scanning for proper registry permissions...

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid32

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib

2.110: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

3.110: IECUSTOM: Scanning for proper registry permissions...

3.813: IECUSTOM: Scanning for proper registry permissions...

4.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

4.813: IECUSTOM: Backing up registry permissions...

4.828: IECUSTOM: Finished backing up registry permissions...

4.828: IECUSTOM: Setting new registry permissions...

4.844: IECUSTOM: Unable to clear DACLs HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

4.844: IECUSTOM: Finished setting new registry permissions...

4.844: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070534

4.844: DoInstallation: CustomizeCall Failed: 0x3f5

4.844: IECUSTOM: Restoring registry permissions...

4.860: IECUSTOM: Finished restoring registry permissions...

4.891: Impossible d'écrire la clé du Registre de configuration.

4.891: L'installation du Internet Explorer 7 ne s'est pas terminée.

4.891: Update.exe extended error code = 0x3f5

0.406: ================================================================================

0.422: 2008/08/11 17:00:17.656 (local)

0.422: c:\0a776c9a31a7768ca6936b\update\update.exe (version 6.2.29.0)

0.453: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS

0.453: IECUSTOM: Scanning for proper registry permissions...