A voir également:
- De l'aide pour antivirus xp 2010
- Cle windows xp - Guide
- Clé activation office 2010 gratuit - Télécharger - Sécurité
- Comodo antivirus - Télécharger - Sécurité
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Panda antivirus - Télécharger - Antivirus & Antimalwares
4 réponses
Utilisateur anonyme
14 févr. 2010 à 12:49
14 févr. 2010 à 12:49
Bonjour,
Essayer ça, y devrait y avoir quelques suppressions dans le lot.
Réparer(registre) l'association de fichier d' .exe
• Aller dans: Menu Démarrer -> Tout les programmes -> Accessoires ..
• Ouvrir le Bloc-note
• Copier/coller le contenue de la Citation suivante dans le Bloc-note,
• Sauvegarde le Bloc-note sous RepairReg.bat
• Double cliquer sur RepairReg.bat
reg delete "HKCU\Software\Classes\.exe" /f
reg delete "HKCU\Software\Classes\secfile" /f
reg delete "HKCR\secfile" /f
reg delete "HKCR\.exe\shell\open\command" /f
Reg add "hkcr\.exe" /v @ /t REG_SZ /d exefile /f
Reg add "hkcr\.exe" /v "Content Type" /t REG_SZ /d "application/x-msdownload" /f
Arrêter le processus de l'infection.
• Ouvrir le Gestionnaire de tâche en appuyant simultanément sur Ctrl-Alt-Suppr.
• Dans [Processus]..
• Clic-droit sur av.exe -> [Arrêter le processus] (Guardian)
• Clic-droit sur psystem.exe -> [Arrêter le processus] (Sys Sec Alert)
• Clic-droit sur uninstall.exe -> [Arrêter le processus] (Sys Sec Alert)
Nettoyer le registre et disque de l'infection.(Guardian)
• Aller dans: Menu Démarrer -> Tout les programmes -> Accessoires ..
• Ouvrir le Bloc-note
• Copier/coller le contenue de la Citation suivante dans le Bloc-note,
• Sauvegarde le Bloc-note sous SuppInf.bat
• Double cliquer sur SuppInf.bat
REM antivirus xp 2010
REM -----------------------
Reg delete "HKCU\Software\Classes\.exe" /f
Reg delete "HKCU\Software\Classes\secfile" /f
Reg add "HKCR\.exe\shell\open\command" /ve /t REG_SZ /f
Reg add "HKCR\secfile\shell\open\command" /ve /t REG_SZ /f
Reg add "HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command" /ve /t REG_SZ /d "C:\Program Files\Mozilla Firefox\firefox.exe" /f
Reg add "HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command" /ve /t REG_SZ /d "\"C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode" /f
Reg add "HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command" /ve /t REG_SZ /d "C:\Program Files\Internet Explorer\iexplore.exe" /f
Reg add "HKLM\SOFTWARE\Microsoft\Security Center" /v AntiVirusOverride /t REG_WORD /d 0 /f
Reg add "HKLM\SOFTWARE\Microsoft\Security Center" /v FirewallOverride /t REG_WORD /d 0 /f
Del /F /Q /A "%UserProfile%\AppData\Local\*av.exe"
RmDir /S /Q "%UserProfile%\AppData\Local\*8464P"
Del /F /Q /A "%UserProfile%\AppData\Local\av.exe"
RmDir /S /Q "%UserProfile%\AppData\Local\WRblt8464P"
REM -----------------------
REM System Security Alert
REM -----------------------
Reg delete "HKCU\Software\Protection System" /f
reg delete "HKCR\BhoNew.BhoApp" /f
Reg delete "HKCR\BhoNew.BhoApp.1" /f
reg delete "HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" /f
reg delete "HKCR\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}" /f
reg delete "HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" /F
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Protection System" /f
Attrib -r -h -s "%ProgramFiles%\Protection System\\coreext.dll"
regsvr32.exe /u "%ProgramFiles%\Protection System\\coreext.dll"
Attrib -r -h -s "%ProgramFiles%\Protection System\\firewall.dll"
regsvr32.exe /u "%ProgramFiles%\Protection System\\firewall.dll"
Attrib -r -h -s "%ProgramFiles%\Protection System\\wingenocx.dll"
regsvr32.exe /u "%ProgramFiles%\Protection System\\wingenocx.dll"
RmDir /S /Q "c:\Documents and Settings\All Users\Start Menu\Programs\Protection System"
RmDir /S /Q "c:\Program Files\Protection System"
RmDir /S /Q "c:\Program Files\Protection System\Help"
RmDir /S /Q "c:\Program Files\Protection System\Help\images"
RmDir /S /Q "c:\Program Files\Protection System\Help\images\buttons"
del /F /Q /A "%UserProfile%\Start Menu\Programs\Protection System\Uninstall Protection System.lnk"
del /F /Q /A "%UserProfile%\Start Menu\Programs\Protection System\Protection System.lnk"
del /F /Q /A "%UserProfile%\Desktop\Protection System.lnk"
del /F /Q /A "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection System.lnk"
RmDir /S /Q "%UserProfile%\Start Menu\Programs\Protection System"
Essayer ça, y devrait y avoir quelques suppressions dans le lot.
Réparer(registre) l'association de fichier d' .exe
• Aller dans: Menu Démarrer -> Tout les programmes -> Accessoires ..
• Ouvrir le Bloc-note
• Copier/coller le contenue de la Citation suivante dans le Bloc-note,
• Sauvegarde le Bloc-note sous RepairReg.bat
• Double cliquer sur RepairReg.bat
reg delete "HKCU\Software\Classes\.exe" /f
reg delete "HKCU\Software\Classes\secfile" /f
reg delete "HKCR\secfile" /f
reg delete "HKCR\.exe\shell\open\command" /f
Reg add "hkcr\.exe" /v @ /t REG_SZ /d exefile /f
Reg add "hkcr\.exe" /v "Content Type" /t REG_SZ /d "application/x-msdownload" /f
Arrêter le processus de l'infection.
• Ouvrir le Gestionnaire de tâche en appuyant simultanément sur Ctrl-Alt-Suppr.
• Dans [Processus]..
• Clic-droit sur av.exe -> [Arrêter le processus] (Guardian)
• Clic-droit sur psystem.exe -> [Arrêter le processus] (Sys Sec Alert)
• Clic-droit sur uninstall.exe -> [Arrêter le processus] (Sys Sec Alert)
Nettoyer le registre et disque de l'infection.(Guardian)
• Aller dans: Menu Démarrer -> Tout les programmes -> Accessoires ..
• Ouvrir le Bloc-note
• Copier/coller le contenue de la Citation suivante dans le Bloc-note,
• Sauvegarde le Bloc-note sous SuppInf.bat
• Double cliquer sur SuppInf.bat
REM antivirus xp 2010
REM -----------------------
Reg delete "HKCU\Software\Classes\.exe" /f
Reg delete "HKCU\Software\Classes\secfile" /f
Reg add "HKCR\.exe\shell\open\command" /ve /t REG_SZ /f
Reg add "HKCR\secfile\shell\open\command" /ve /t REG_SZ /f
Reg add "HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command" /ve /t REG_SZ /d "C:\Program Files\Mozilla Firefox\firefox.exe" /f
Reg add "HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command" /ve /t REG_SZ /d "\"C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode" /f
Reg add "HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command" /ve /t REG_SZ /d "C:\Program Files\Internet Explorer\iexplore.exe" /f
Reg add "HKLM\SOFTWARE\Microsoft\Security Center" /v AntiVirusOverride /t REG_WORD /d 0 /f
Reg add "HKLM\SOFTWARE\Microsoft\Security Center" /v FirewallOverride /t REG_WORD /d 0 /f
Del /F /Q /A "%UserProfile%\AppData\Local\*av.exe"
RmDir /S /Q "%UserProfile%\AppData\Local\*8464P"
Del /F /Q /A "%UserProfile%\AppData\Local\av.exe"
RmDir /S /Q "%UserProfile%\AppData\Local\WRblt8464P"
REM -----------------------
REM System Security Alert
REM -----------------------
Reg delete "HKCU\Software\Protection System" /f
reg delete "HKCR\BhoNew.BhoApp" /f
Reg delete "HKCR\BhoNew.BhoApp.1" /f
reg delete "HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" /f
reg delete "HKCR\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}" /f
reg delete "HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" /F
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection System" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Protection System" /f
Attrib -r -h -s "%ProgramFiles%\Protection System\\coreext.dll"
regsvr32.exe /u "%ProgramFiles%\Protection System\\coreext.dll"
Attrib -r -h -s "%ProgramFiles%\Protection System\\firewall.dll"
regsvr32.exe /u "%ProgramFiles%\Protection System\\firewall.dll"
Attrib -r -h -s "%ProgramFiles%\Protection System\\wingenocx.dll"
regsvr32.exe /u "%ProgramFiles%\Protection System\\wingenocx.dll"
RmDir /S /Q "c:\Documents and Settings\All Users\Start Menu\Programs\Protection System"
RmDir /S /Q "c:\Program Files\Protection System"
RmDir /S /Q "c:\Program Files\Protection System\Help"
RmDir /S /Q "c:\Program Files\Protection System\Help\images"
RmDir /S /Q "c:\Program Files\Protection System\Help\images\buttons"
del /F /Q /A "%UserProfile%\Start Menu\Programs\Protection System\Uninstall Protection System.lnk"
del /F /Q /A "%UserProfile%\Start Menu\Programs\Protection System\Protection System.lnk"
del /F /Q /A "%UserProfile%\Desktop\Protection System.lnk"
del /F /Q /A "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection System.lnk"
RmDir /S /Q "%UserProfile%\Start Menu\Programs\Protection System"
Salut,
je viens d avoir ce weck end exactement le meme probleme.
j arrive encore à me connecter sur le net mais en fait les points exe ne se lancent plus.
j ai la fenetre ouvrir avec qui s ouvre et me demande avec quoi je veux ouvrir le fichier , et la j associe au point exe et ca se lance.
mais c est plutot lassant. entre temps j ai installé avast et microsoft security essentiel.
avast n a rien trouvé.
microsoft security essentieals a trouvé des cochonneries , voir ci dessous.
trojan:win32/Fakerean
softwarebundler:win32/messengerplusA.
J ai également lancé hijackthis.voir rapport ci dessous:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:21, on 15/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\M. La berrere\Mes documents\Mes fichiers reçus\HiJackThis\HijackThis.exe
C:\WINDOWS\sllights.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\DOCUME~1\MBE0B~1.LAB\LOCALS~1\Temp\E_S265.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/nordnet/orange/so-4.1/resources/fslauncher.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
je viens d avoir ce weck end exactement le meme probleme.
j arrive encore à me connecter sur le net mais en fait les points exe ne se lancent plus.
j ai la fenetre ouvrir avec qui s ouvre et me demande avec quoi je veux ouvrir le fichier , et la j associe au point exe et ca se lance.
mais c est plutot lassant. entre temps j ai installé avast et microsoft security essentiel.
avast n a rien trouvé.
microsoft security essentieals a trouvé des cochonneries , voir ci dessous.
trojan:win32/Fakerean
softwarebundler:win32/messengerplusA.
J ai également lancé hijackthis.voir rapport ci dessous:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:21, on 15/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\M. La berrere\Mes documents\Mes fichiers reçus\HiJackThis\HijackThis.exe
C:\WINDOWS\sllights.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\DOCUME~1\MBE0B~1.LAB\LOCALS~1\Temp\E_S265.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/nordnet/orange/so-4.1/resources/fslauncher.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Utilisateur anonyme
15 févr. 2010 à 19:17
15 févr. 2010 à 19:17
CRÉE UN NOUVEAU SUJET svp
PS LES INFO QUE TU DONNE ON PAS TROUVE GRAND CHOSE
PS LES INFO QUE TU DONNE ON PAS TROUVE GRAND CHOSE
14 févr. 2010 à 13:13