Infection
jfs17
Messages postés
1
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
Je pense que mon ordi est infecté. Je réalise donc la procédure affichée sur le site à l'adresse suivante : http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr .
Un programme installé sur ma machine ne peut pas être désinstallé dans"Ajout/suppression de programmes" (Ladésinstallation commence puis s'arrête en me disant que je ne dispose pas des droits suffisants). Si je vire le dossier, le raccourci bureau, le raccourci qui se met dans démarrage et que je le décoche dans msconfig puis que je vide la corbeille, passe CCleaner, cela ne change rien il revient au démarrage suivant. De plus il "pirate" le raccourci de la nouvelle version installée.
I) Rapport AVG Anti-Spyware
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:57:37 09/03/2008
+ Résultat de l'analyse:
D:\--- MAINTENANCE ---\WinZip v8.1 FR\WinZip v8.1 FR.zip/WinZip v8.1 FR/WinZip_8-1_Fr.zip/WinZip_8-1_Fr.exe -> Downloader.Small.bws : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.250:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.251:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.252:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.253:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.254:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.255:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.256:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.257:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.258:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.259:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.260:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.440:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.556:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.271:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.272:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.273:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.38:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.283:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.284:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.285:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.286:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.287:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.313:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.875:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Burstbeacon : Nettoyé.
:mozilla.876:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.877:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.805:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.806:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.807:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.808:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.809:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.185:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.441:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.442:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.482:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.483:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.47:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.601:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.904:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Safer-networking : Nettoyé.
:mozilla.116:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.117:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.118:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.119:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.120:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.121:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.122:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.814:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.815:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.816:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.241:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.242:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.243:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.246:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.247:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.108:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.112:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.113:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.114:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.115:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.692:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.709:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
:mozilla.713:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.106:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.109:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.110:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.111:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.58:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.749:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.771:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.772:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.773:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.774:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.775:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\WINDOWS\system32\1024 -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
D:\--- MAINTENANCE ---\Download\keyx.zip/XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\copie de disk dur externe 11012007\Logiciels\Utilitaires\Windows XP Service Pack 1a FR.zip/Service Pack 1a FR/XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\copie de disk dur externe 11012007\Logiciels\Utilitaires\Windows XP Service Pack 1a FR\Service Pack 1a FR\XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\copie de disk dur externe 11012007\Logiciels\Utilitaires\__rzi_37.7757/Service Pack 1a FR/XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
II) Rapport BitFinder
BitDefender Online Scanner
Rapport d'analyse généré à: Sun, Mar 09, 2008 - 15:27:09
Voie d'analyse: A:\;C:\;D:\;F:\;G:\;
Statistiques
Temps 02:24:25
Fichiers 114969
Directoires 7554
Secteurs de boot 4
Archives 1591
Paquets programmes 14273
Résultats
Virus identifiés 1
Fichiers infectés 1
Fichiers suspects 0
Avertissements 0
Désinfectés 0
Fichiers effacés 1
Info sur les moteurs
Définition virus 986182
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins 16
Archive des plugins 41
Unpack des plugins 7
E-mail plugins 6
Système plugins 5
Paramètres d'analyse
Première action Désinfecté
Seconde Action Supprimé
Heuristique Oui
Acceptez les avertissements Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails Oui
Analyse des Archives Oui
Analyser paquets programmes Oui
Analyse des fichiers Oui
Analyse de boot Oui
Fichier analysé
Statut
D:\--- MAINTENANCE ---\Codecs video\DivXPro503GAINBundle.exe=>(VISE Installer o)=>Gain_Trickler.exe
Détecté avec: Adware.Gator.C
D:\--- MAINTENANCE ---\Codecs video\DivXPro503GAINBundle.exe=>(VISE Installer o)=>Gain_Trickler.exe
Supprimé
D:\--- MAINTENANCE ---\Codecs video\DivXPro503GAINBundle.exe=>(VISE Installer o)
Echec de la mise à jour
III) Rapport Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:48, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\LVComsX.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Poker 770\casino.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\B2BPOKER\Casino Explorer\Client.exe
C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\WinamaxPoker\WinamaxPoker.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Saisie Bridge+.lnk = C:\Program Files\Bridge\SaisieBPlus\SaisieBridgePlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105958330914
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Je pense que mon ordi est infecté. Je réalise donc la procédure affichée sur le site à l'adresse suivante : http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr .
Un programme installé sur ma machine ne peut pas être désinstallé dans"Ajout/suppression de programmes" (Ladésinstallation commence puis s'arrête en me disant que je ne dispose pas des droits suffisants). Si je vire le dossier, le raccourci bureau, le raccourci qui se met dans démarrage et que je le décoche dans msconfig puis que je vide la corbeille, passe CCleaner, cela ne change rien il revient au démarrage suivant. De plus il "pirate" le raccourci de la nouvelle version installée.
I) Rapport AVG Anti-Spyware
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:57:37 09/03/2008
+ Résultat de l'analyse:
D:\--- MAINTENANCE ---\WinZip v8.1 FR\WinZip v8.1 FR.zip/WinZip v8.1 FR/WinZip_8-1_Fr.zip/WinZip_8-1_Fr.exe -> Downloader.Small.bws : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.250:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.251:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.252:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.253:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.254:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.255:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.256:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.257:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.258:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.259:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.260:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.440:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.556:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.271:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.272:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.273:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.38:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.283:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.284:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.285:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.286:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.287:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.313:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.875:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Burstbeacon : Nettoyé.
:mozilla.876:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.877:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.805:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.806:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.807:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.808:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.809:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.185:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.441:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.442:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.482:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.483:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.47:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.601:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.904:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Safer-networking : Nettoyé.
:mozilla.116:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.117:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.118:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.119:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.120:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.121:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.122:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.814:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.815:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.816:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.241:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.242:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.243:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.246:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.247:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.108:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.112:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.113:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.114:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.115:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.692:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.709:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
:mozilla.713:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.106:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.109:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.110:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.111:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.58:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.749:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.771:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.772:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.773:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.774:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.775:C:\Documents and Settings\Jean-François\Application Data\Mozilla\Firefox\Profiles\ol88xc4h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\WINDOWS\system32\1024 -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
D:\--- MAINTENANCE ---\Download\keyx.zip/XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\copie de disk dur externe 11012007\Logiciels\Utilitaires\Windows XP Service Pack 1a FR.zip/Service Pack 1a FR/XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\copie de disk dur externe 11012007\Logiciels\Utilitaires\Windows XP Service Pack 1a FR\Service Pack 1a FR\XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\copie de disk dur externe 11012007\Logiciels\Utilitaires\__rzi_37.7757/Service Pack 1a FR/XP.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
II) Rapport BitFinder
BitDefender Online Scanner
Rapport d'analyse généré à: Sun, Mar 09, 2008 - 15:27:09
Voie d'analyse: A:\;C:\;D:\;F:\;G:\;
Statistiques
Temps 02:24:25
Fichiers 114969
Directoires 7554
Secteurs de boot 4
Archives 1591
Paquets programmes 14273
Résultats
Virus identifiés 1
Fichiers infectés 1
Fichiers suspects 0
Avertissements 0
Désinfectés 0
Fichiers effacés 1
Info sur les moteurs
Définition virus 986182
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins 16
Archive des plugins 41
Unpack des plugins 7
E-mail plugins 6
Système plugins 5
Paramètres d'analyse
Première action Désinfecté
Seconde Action Supprimé
Heuristique Oui
Acceptez les avertissements Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails Oui
Analyse des Archives Oui
Analyser paquets programmes Oui
Analyse des fichiers Oui
Analyse de boot Oui
Fichier analysé
Statut
D:\--- MAINTENANCE ---\Codecs video\DivXPro503GAINBundle.exe=>(VISE Installer o)=>Gain_Trickler.exe
Détecté avec: Adware.Gator.C
D:\--- MAINTENANCE ---\Codecs video\DivXPro503GAINBundle.exe=>(VISE Installer o)=>Gain_Trickler.exe
Supprimé
D:\--- MAINTENANCE ---\Codecs video\DivXPro503GAINBundle.exe=>(VISE Installer o)
Echec de la mise à jour
III) Rapport Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:48, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\LVComsX.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Poker 770\casino.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\B2BPOKER\Casino Explorer\Client.exe
C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\WinamaxPoker\WinamaxPoker.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Saisie Bridge+.lnk = C:\Program Files\Bridge\SaisieBPlus\SaisieBridgePlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105958330914
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
1 réponse
bonjour, si c'est un programmes dans ajouts /suppresion qui te pose un problème de désinstallation utilise windows installer clean up http://www.commentcamarche.net/faq/sujet 818 installation de programmes windows installer clean up et puis passe Ccleaner dans c'est deux modes http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner et fais une analyse avec malwarebytes https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ , tiens nous au courrant @+
