Antivirus Plus

mido2 -  
 laure -
Bonjour,
Je ne sais comment un programme d'antivirus est installé dans mon PC. Chaque 2minutes il me sort un message 'Warning 32 threats found' et il me demande de scanner mon disque et s'enregistrer dans un site pour acheter un antivirus quand j'ignore il part puis il revient c vraiment fatiguant. un moment donne l'image s'est fixé et il ne me permet pas de voir ma fenetre active.
quelqu'un peut m'aider? je vous remercie d'avance.
Merci
A voir également:

30 réponses

Précédent
  • 1
  • 2
Réponse 21 / 30
mido2
 
Merci Kevin, c'est trés gentil de ta part . Demain dje te reviens sur Forum par le résultat
0
Réponse 22 / 30
mido2
 
voici le rapport de malwarebytes
---

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2383
Windows 5.1.2600 Service Pack 2

2009-07-09 10:43:18
mbam-log-2009-07-09 (10-43-18).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 213132
Temps écoulé: 54 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\InternetExplorer.dll (Rogue.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b035573a-5f43-4862-a194-87d027c63012} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b035573a-5f43-4862-a194-87d027c63012} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b035573a-5f43-4862-a194-87d027c63012} (Rogue.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f5e2da4-b0d9-1715-429d-5b5dce6535af} (Rogue.AntiVirus.Gold) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\AntiSpyGolden 5.2 (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
c:\program files\antispygolden 5.2\Logs (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\InternetExplorer.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system\rundll32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\PROGRA~1\INTERN~1\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\PROGRA~1\MSNMES~1\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\PROGRA~1\MSNMES~1\riched20.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\antivirus plus\AntivirusPlus.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP912\A0159590.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162579.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162581.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162582.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162584.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162635.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162586.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162587.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162591.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162592.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162593.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162594.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162595.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162596.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162598.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162600.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162601.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162602.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162604.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162605.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162606.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162607.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162615.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162634.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162636.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP916\A0162637.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\virusranger\sdebug.log (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\virusranger\updater.plb (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
c:\program files\antispygolden 5.2\AntiSpyGolden AntiSpyGolden.url (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
c:\program files\antispygolden 5.2\DbgHelp.Dll (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
c:\program files\antispygolden 5.2\Logs\scan_log_12162007-003204.html (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
c:\program files\antispygolden 5.2\Logs\scan_log_12162007-095345.html (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
c:\program files\antispygolden 5.2\Logs\scan_log_12162007-110812.html (Rogue.AntiSpyGolden) -> Quarantined and deleted successfully.
c:\program files\winspykiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\antivirus plus\Antivirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\antivirus plus\EULA.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\program files\antivirus plus\AntivirusPlus.grn (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\microsoft\internet explorer\quick launch\Antivirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\Antivirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmns.cfg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avp.id (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
0
Réponse 23 / 30
kevin05 Messages postés 3814 Statut Contributeur sécurité 147
 
Poste un nouveau rapport Hijackthis stp
0
Réponse 24 / 30
mido2
 
Bonjour Kevin,
Voici le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:16, on 2009-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\freecall.com\freecall\freecall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Connexions Compaq.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
kevin05 Messages postés 3814 Statut Contributeur sécurité 147
 
Ok plus rien dans le rapport hijackthis


- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- A l'écran Disclaimer Choisis "1 months" dans le menu déroulant puis clique sur <continue>.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 26 / 30
mido2
 
resultat de Rsit :
--------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-07-09 13:08:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 148 GB (81%) free of 182 GB
Total RAM: 1982 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:16, on 2009-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\freecall.com\freecall\freecall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Connexions Compaq.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 27 / 30
kevin05 Messages postés 3814 Statut Contributeur sécurité 147
 
vire ce fichier

C:\Program Files\AntiSpywareShield..


Fais un scan en ligne avec Kaspersky

CLIQUE ICI

regarde bien le tuto
0
Réponse 28 / 30
mido2
 
le scan de kaspersky a donne ca:


Nom de fichier Menace Compteur de menaces
C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix\WS2Fix.exe Infecté : Trojan-Downloader.Win32.Agent.chqe 1
C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix.exe Infecté : Trojan-Downloader.Win32.Agent.chqe 1
C:\hp\bin\wbug\CompaqPresario_Spring06.exe Infecté : not-a-virus:AdWare.Win32.WeatherBug.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0159593.exe Infecté : not-a-virus:FraudTool.Win32.AntivirusGolden.e 1
D:\I386\APPS\APP17229\src\CompaqPresario_Spring06.exe Infecté : not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP17229\src\HPPavillion_Spring06.exe Infecté : not-a-virus:AdWare.Win32.WeatherBug.a 1
0
Réponse 29 / 30
kevin05 Messages postés 3814 Statut Contributeur sécurité 147
 
D:\I386\APPS\APP17229\src\CompaqPresario_Spring06.exe
D:\I386\APPS\APP17229\src\HPPavillion_Spring06.exe

Vire ces 2 fichier stp ;)
0
Réponse 30 / 30
mido2
 
salut Kevin,
le systeme ne me permets pas de effacer ces 2 fichiers, c des fichiers systemes, le repertoire est verouille
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Échec de l'analyse anti virus.
alice1414 -
bazfile -

3 réponses