Fenêtres publicitaires intempestives Firefox

Résolu
Utilisateur anonyme -  
 Utilisateur anonyme -
Bonjour,

J'ai un problème d'apparitions de pubs intempestives avec le navigateur Firefox (antivirus, voyages, rencontres...). J'ai fait un scan trend micro internet security et un scan ad aware

Pouvez vous m'indiquer les démarches à effectuer (Créer des fichiers de log ou autre pour aider...)

Merci d'avance.
A voir également:

58 réponses

Précédent
Réponse 21 / 58
Utilisateur anonyme
 
Merci pour ton aide crapoulou !!!!
J'arrête pour cette nuit en espérant que je penserai à venir voir les réponses éventuelles demain matin.

Encore merci et à bientot
0
Réponse 22 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Idem, je suis en train de bosser dessus.
A demain.
0
Réponse 23 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Analyse ces fichiers qui me paraissent louches :

C:\Users\Mathieu\AppData\Roaming\mqtgsvc.exe
C:\Windows\System\dllhst3g.exe
C:\Windows\System32\drivers\mstinit.exe

Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l'analyse soit terminée.

Poste les rapports.
0
Réponse 24 / 58
matduchesne
 
Voici les résultats, par contre, pour le peu que j'ai surfé aujourd'hui, aucunes pubs, le pb est il déjà résolu ?


Pour : C:\Users\Mathieu\AppData\Roaming\mqtgsvc.exe

Scanner results
Scan taken on 16 Nov 2008 02:29:44 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Pour : C:\Windows\System\dllhst3g.exe

Scanner results
Scan taken on 16 Nov 2008 02:33:41 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Pour : C:\Windows\System32\drivers\mstinit.exe


Scanner results
Scan taken on 16 Nov 2008 02:42:56 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
C'est normal que tu n'aies plus de pubs.

Les pubs c'est résolu mais pour terminer le nettoyage en profondeur :

Télécharge Malwarebytes' Anti-Malware:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
- Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
- Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, fermes Malwarebytes
- Double-cliques sur l'icône de malwarebytes pour le relancer
- Une fois ouvert rend-toi dans l'onglet, Recherche
- Sélectionnes Exécuter un examen complet
- Cliques sur Rechercher
- Le scan démarre.
- A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
- Rends toi dans l'onglet rapport/log
- Tu cliques dessus pour l'afficher une fois affiché
- Tu cliques sur édition en haut du boc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller


Si tu as besoin d'aide regarde ce tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 26 / 58
Utilisateur anonyme
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1402
Windows 6.0.6001 Service Pack 1

16/11/2008 22:40:30
mbam-log-2008-11-16 (22-40-30).txt

Type de recherche: Examen rapide
Eléments examinés: 53337
Temps écoulé: 7 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 221

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstinit (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\drivers\downld\100704495.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100718363.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100734510.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100748565.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100762714.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115166583.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115182667.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115200607.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115214866.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115228796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129636300.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129652774.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129674567.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129689699.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129703942.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142148.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142444.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144109137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144126203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144162957.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144178198.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\144191396.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14644141.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14675716.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14692189.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14703952.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14708647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14733732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14753342.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14790875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14804494.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14836974.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14852605.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14869157.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14881309.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14890264.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14892838.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\149012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\157685.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158595296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158612004.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158629897.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158642954.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158654920.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158762.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\160431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\173060489.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\173075465.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\173091486.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\173106306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\173118739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\185375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187522827.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187536055.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187557646.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187573886.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187587005.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\199416.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\201225.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\201990437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\202005772.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\202022714.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\202036208.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\202051527.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\208245.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\211428.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\214636627.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\214668061.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\214681821.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\214694285.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\219821.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\229116172.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\229205030.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\229222237.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\229235949.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\243657633.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\243779361.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\243793713.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\243807878.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\245748.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\249242.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\250537.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\258238454.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\258340026.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\258353442.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\258367124.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\258649.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272788293.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272805781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272820429.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272833486.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\281347.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\282299.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\286573.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\286714.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\287257526.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\287288602.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\287301612.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\287313452.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29141797.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29163279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29178614.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29191640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29198722.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29225055.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29244134.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29280092.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29296067.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29297284.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29310840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29339981.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29352352.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29362086.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\29364832.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\297883.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\301719614.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\303203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\303390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\305341911.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\305476508.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\305493123.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\305506414.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\311424.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\315465.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\316229.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\317430.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\320168199.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\320205982.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\320218619.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\320230911.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\324170.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\327446.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\329130.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\332406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\334664810.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\334704637.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\334722500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\341470.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\341891.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\345542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\346712.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\346743.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\349158551.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\349174822.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\349186585.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\350752.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\355697.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\362234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\363623229.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\363638751.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\363653525.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\379207.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\381690797.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\381723027.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\381735476.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\396168844.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\396316811.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\396330134.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\399003.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\399892.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\399945270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\415352.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\419221.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\42585386.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\42601423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\42631344.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\42645665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\42656226.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\42659861.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\427193.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\431529.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43626007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43729747.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43756299.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43782819.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43792491.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43795393.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43804675.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\43809667.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44806217.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44811193.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57064572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57095367.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57225503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57240417.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57256079.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57258825.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\59215577.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\59250334.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\59288491.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\59301268.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\59309973.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\59314497.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71662257.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71676328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71810739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71825340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71835075.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71838101.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\73739316.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\73904444.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\73921089.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\73932617.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\73936829.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\86241580.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\86257258.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\86274824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\86287741.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\86300158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88373380.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88568756.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88581033.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88589816.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88594012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\91795886.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\91814887.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\97188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\logman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 27 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Rien que ça ... lol.
Refais un scan COMPLET cette fois-ci.
En ayant bien sûr mis à jour malwarebytes anti malware.
0
Réponse 28 / 58
Utilisateur anonyme
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1404
Windows 6.0.6001 Service Pack 1

17/11/2008 22:56:09
mbam-log-2008-11-17 (22-56-09).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|)
Eléments examinés: 354253
Temps écoulé: 2 hour(s), 37 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstsc (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
H:\Programmes\Nero.8.Ultra.Edition.v8.3.2.1.FR\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 29 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Parfait, vide la quarantaine de malwarebytes anti malware.
Poste ensuite un nouveau rapport hijackthis stp.
0
Réponse 30 / 58
Utilisateur anonyme
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:18, on 17/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\system\dllhst3g.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\eMule\emule.exe
C:\Users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\prevhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Mathieu\AppData\Roaming\ieudinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [ComRepl] C:\Windows\System32\comrepl.exe /com /w
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Users\Mathieu\AppData\Roaming\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\System\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Users\Mathieu\AppData\Roaming\MICROS~1\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Esent Utl] C:\Users\Mathieu\AppData\Roaming\MICROS~1\esentutl.exe /waitservice (User 'Default user')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.touslesdrivers.com/
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E984CC8-4987-40B9-B9AA-6728A957CA27} (PcVerChk Control) - http://jp.trendmicro.com/jp/support/personal/products/vistasp1/redirect/PcVerChk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01139282-C713-48D7-BE63-01EB627731F8}: NameServer = 80.118.192.100,80.118.196.36
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Borland Remote Debugging Service (BorlandRemoteDebuggingService) - Unknown owner - C:\Program Files\Borland\Remote Debugger\5.0\Bin\bordbg51.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
0
Réponse 31 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Analyse ce fichier :
C:\Users\Mathieu\AppData\Roaming\ieudinit.exe
C:\Users\Mathieu\AppData\Roaming\MICROS~1\esentutl.exe

Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l'analyse soit terminée.

Poste le rapport.
0
Réponse 32 / 58
Utilisateur anonyme
 
Voici le premier fichier :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.18.0 2008.11.17 -
Authentium 5.1.0.4 2008.11.17 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.18 -
CAT-QuickHeal 10.00 2008.11.17 -
ClamAV 0.94.1 2008.11.17 -
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.17 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.17 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.18 -
Ikarus T3.1.1.45.0 2008.11.17 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 Heur.Trojan.Generic
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3619 2008.11.17 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 Suspicious file
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.18 -
SecureWeb-Gateway 6.7.6 2008.11.17 Worm.LooksLike.Agent
Sophos 4.35.0 2008.11.17 -
Sunbelt 3.1.1801.2 2008.11.14 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.17 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.17.1472 2008.11.17 -
VirusBuster 4.5.11.0 2008.11.17 -
Information additionnelle
File size: 81920 bytes
MD5...: 5f8faf8bbaf4a594be7a94ded0f2ef2c
SHA1..: e06711a4a907e674860751e333fc2db03b006e02
SHA256: d057fce7604bdb377e6b0085227c95b9888aca6dc83cc1b82278abc0629a7207
SHA512: 8c3276b9c52be1db1baae1cc0778e5ad66057c2807d3f9fca4397a20b35b5d24
85a1e30be24e7f5742d330347c8c14b5bdebda53ee8743e9289b5ce0737c0961
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40aea6
timedatestamp.....: 0x48ed1790 (Wed Oct 08 20:26:56 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf73f 0x10000 6.24 daf5a19e3d4631335a1a4ca7d57eabd0
.rdata 0x11000 0x1fe2 0x2000 5.46 998821102993458f699a289402651d7f
.data 0x13000 0x3798 0x1000 1.46 69d735f8fc6100c103c7faf00cfa6662

( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, OpenProcess, GetProcessPriorityBoost, CreateDirectoryA, OpenMutexA, CreateMutexA, CloseHandle, GetFileTime, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

( 0 exports )



Et le deuxième :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.18.0 2008.11.17 -
AntiVir 7.9.0.31 2008.11.17 -
Authentium 5.1.0.4 2008.11.17 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.18 -
CAT-QuickHeal 10.00 2008.11.17 -
ClamAV 0.94.1 2008.11.17 -
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.17 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.18 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.18 -
Ikarus T3.1.1.45.0 2008.11.17 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 Heur.Trojan.Generic
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3619 2008.11.17 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 Suspicious file
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.18 -
Rising 21.04.02.00 2008.11.17 -
SecureWeb-Gateway 6.7.6 2008.11.17 Worm.LooksLike.Agent
Sophos 4.35.0 2008.11.17 -
Sunbelt 3.1.1801.2 2008.11.14 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.17 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.17.1472 2008.11.17 -
VirusBuster 4.5.11.0 2008.11.17 -
Information additionnelle
File size: 81920 bytes
MD5...: 5f8faf8bbaf4a594be7a94ded0f2ef2c
SHA1..: e06711a4a907e674860751e333fc2db03b006e02
SHA256: d057fce7604bdb377e6b0085227c95b9888aca6dc83cc1b82278abc0629a7207
SHA512: 8c3276b9c52be1db1baae1cc0778e5ad66057c2807d3f9fca4397a20b35b5d24
85a1e30be24e7f5742d330347c8c14b5bdebda53ee8743e9289b5ce0737c0961
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40aea6
timedatestamp.....: 0x48ed1790 (Wed Oct 08 20:26:56 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf73f 0x10000 6.24 daf5a19e3d4631335a1a4ca7d57eabd0
.rdata 0x11000 0x1fe2 0x2000 5.46 998821102993458f699a289402651d7f
.data 0x13000 0x3798 0x1000 1.46 69d735f8fc6100c103c7faf00cfa6662

( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, OpenProcess, GetProcessPriorityBoost, CreateDirectoryA, OpenMutexA, CreateMutexA, CloseHandle, GetFileTime, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

( 0 exports )
0
Réponse 33 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer)

- En bas à droite, clique sur Démarrer Online-scanner

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte

- Accepte les Contrôles ActiveX

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport

- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
0
Réponse 34 / 58
Utilisateur anonyme
 
Me revoilà,

Après deux scans de 24-25 heures environ, ça me marque scan terminé mais je ne peux rien faire, j'ai une erreur javascript. Si je cilique sur stopper l'analyse, il me dit que le journal n'est pas enregistré, voici une copie d'écran :

http://matduchesne.free.fr/scan_kaspersky.gif

Apparement ce scan en ligne n'est pas compatible Vista.
0
Réponse 35 / 58
jacques.gache Messages postés 33461 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 617
 
bonjour, si normalement il est compatible il faut déactivé l'UAC regarde ce tuto https://forum.pcastuces.com/default.asp
0
Réponse 36 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Salut, suis ce tuto pour vista :
http://www.vista-xp.fr/forum/topic109.html
Il faut en fait lancer internet explorer "en tant qu'administrateur".
Edit : suis ce que jacques.gache dit :D
0
Réponse 37 / 58
Utilisateur anonyme
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 24, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 23, 2008 17:50:59
Records in database: 1406007
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\

Scan statistics:
Files scanned: 318440
Threat name: 25
Infected objects: 41
Suspicious objects: 0
Duration of the scan: 06:16:47


File name / Threat name / Threats count
C:\Program Files\PKR\pkr.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.e 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\Autorun.inf Infected: Worm.Win32.RJump.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C927.tmp Infected: Trojan-Mailfinder.Win32.Blen.dz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CD8C.tmp Infected: Trojan-Proxy.Win32.Horst.geq 1
C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe Infected: not-a-virus:AdWare.Win32.BHO.w 1
C:\Users\Mathieu\AppData\Local\Temp\~tmp\hmunmlcn17\hmunmlcn17.exe Infected: Trojan-Mailfinder.Win32.Blen.ei 1
D:\Documents\Travaux CRM\Cours\Site Web sans traitement serveur\2) Langage HTML\Outils HTML\webexpert6.exe Infected: not-a-virus:AdWare.Win32.BHO.ajt 1
D:\Documents\Travaux CRM\Cours CRM\M2S1Inter Site Web sans traitement serveur\2) Langage HTML\Outils HTML\webexpert6.exe Infected: not-a-virus:AdWare.Win32.BHO.ajt 1
D:\Documents\Travaux CRM\CoursCRM260906\M2S1Inter Site Web sans traitement serveur\2) Langage HTML\Outils HTML\webexpert6.exe Infected: not-a-virus:AdWare.Win32.BHO.ajt 1
D:\Documents\Travaux CRM\CoursCRM260906\M2S1Inter Site Web sans traitement serveur.zip Infected: not-a-virus:AdWare.Win32.BHO.ajt 1
D:\Documents\Travaux CRM\Sauvegarde CRM.zip Infected: not-a-virus:AdWare.Win32.BHO.ajt 1
G:\System Volume Information\_restore{3D74C3F1-CA94-4D3F-8DB2-8A17427B74D7}\RP166\A0032599.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
G:\System Volume Information\_restore{3D74C3F1-CA94-4D3F-8DB2-8A17427B74D7}\RP192\A0043715.exe Infected: not-a-virus:AdWare.Win32.WurldMedia.d 1
G:\System Volume Information\_restore{3D74C3F1-CA94-4D3F-8DB2-8A17427B74D7}\RP192\A0043715.exe Infected: not-a-virus:AdWare.Win32.WurldMedia.e 1
G:\System Volume Information\_restore{3D74C3F1-CA94-4D3F-8DB2-8A17427B74D7}\RP192\A0043715.exe Infected: not-a-virus:AdWare.Win32.MyWay.o 1
G:\System Volume Information\_restore{3D74C3F1-CA94-4D3F-8DB2-8A17427B74D7}\RP192\A0043715.exe Infected: Trojan-Downloader.Win32.Stubby.b 1
G:\System Volume Information\_restore{3D74C3F1-CA94-4D3F-8DB2-8A17427B74D7}\RP192\A0043715.exe Infected: not-a-virus:AdWare.Win32.Gator.3210 1
H:\Programmes\CrackWepPack_v0.1_11-11-2005.exe Infected: not-a-virus:PSWTool.Win32.AirCrack.a 1
H:\Programmes\CrackWepPack_v0.1_11-11-2005.exe Infected: Trojan-Spy.Win32.Banker.nlh 1
H:\Programmes\FTP Expert\ftpexpert3.exe Infected: not-a-virus:AdWare.Win32.BHO.w 1
H:\Programmes\Mirc 6.21\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
H:\Programmes\MSN plugins\Install MPD.exe Infected: Trojan-Spy.Win32.SpyAgent.e 1
H:\Programmes\pkrinstall.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.a 1
H:\Programmes\Trend Micro (TM) Internet Security\keygen.exe Infected: Trojan-Downloader.Win32.Delf.mhv 1
H:\Programmes\Trend Micro Internet Security 2009\keygen.exe Infected: Trojan-Downloader.Win32.Delf.mhv 1
H:\Programmes\Trend Micro Internet Security 2009\keygen.zip Infected: Trojan-Downloader.Win32.Delf.mhv 1
H:\Programmes\Web Expert 6\webexpert6.exe Infected: not-a-virus:AdWare.Win32.BHO.w 1
H:\Programmes\Windows XP Live CD - BoulDows.iso Infected: not-a-virus:PSWTool.Win32.Cain.b 4
H:\Programmes\Windows XP Live CD - BoulDows.iso Infected: not-a-virus:PSWTool.Win32.Cain.m 1
H:\Programmes\Windows XP Live CD - BoulDows.iso Infected: not-a-virus:PSWTool.Win32.RAS.a 4
H:\Programmes\Windows XP Live CD - BoulDows.iso Infected: not-a-virus:RiskTool.Win32.PsExec.153 1
H:\Programmes\Windows XP Live CD - BoulDows.iso Infected: not-a-virus:RiskTool.Win32.PsShutdown.232 1

The selected area was scanned.
0
Réponse 38 / 58
Utilisateur anonyme
 
J'ai désinstallé Trend Micro et j'installe à l'instant Antivir. Je serais prêt à acheter un bon antivirus/firewall, lequel me conseillerais tu ? Ou alors les solutions gratuites sont-elles suffisantes ?
Autre question, dois je télécharger un autre firewall pour remplacer Trend Micro ?

Merci d'avance pour ton aide précieuse
0
Réponse 39 / 58
Utilisateur anonyme
 
Avira AntiVir Personal
Report file date: 2008-11-24 17:31

Scanning for 1048853 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MATDUCHESNE-HP

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 16:30:00
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 16:30:03
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 2008-11-23 16:30:06
ANTIVIR3.VDF : 7.1.0.130 46080 Bytes 2008-11-24 16:30:07
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-11-24 16:30:53
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-24 16:30:52
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-24 16:30:49
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-24 16:30:48
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-24 16:30:43
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-24 16:30:37
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-24 16:30:34
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-24 16:30:23
AEGEN.DLL : 8.1.1.5 323956 Bytes 2008-11-24 16:30:22
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-11-24 16:30:19
AECORE.DLL : 8.1.5.1 172406 Bytes 2008-11-24 16:30:13
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-11-24 16:30:10
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-24 16:30:08
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, G:, H:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-11-24 17:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
C:\Users\Mathieu\AppData\Local\Temp\~tmp\shbdchk12\shbdchk12.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'shbdchk12.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Users\Mathieu\AppData\Local\Temp\~tmp\shbdchk12\shbdchk12.exe'
Scan process 'mfpmp.exe' - '0' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'dllhst3g.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'ibserver.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'winvnc4.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ibguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'shbdchk12.exe' has been terminated
C:\Users\Mathieu\AppData\Local\Temp\~tmp\shbdchk12\shbdchk12.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '498cd764.qua'!

85 processes with 84 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD6
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\' <WINDAUBE>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Mathieu\AppData\Local\Temp\~tmp\hmunmlcn17\hmunmlcn17.exe
[DETECTION] Is the TR/Agent.iob Trojan
[NOTE] The file was moved to '499fe487.qua'!
C:\Users\Mathieu\AppData\Local\Temp\~tmp\hmunmlcn18\hmunmlcn18.exe
[DETECTION] Is the TR/Agent.iob Trojan
[NOTE] The file was moved to '499fe48b.qua'!
C:\Users\Mathieu\AppData\Local\Temp\~tmp\hmunmlcn19\hmunmlcn19.exe
[DETECTION] Is the TR/Agent.iob Trojan
[NOTE] The file was moved to '499fe48f.qua'!
C:\Users\Mathieu\AppData\Local\Temp\~tmp\lvprf03\lvprf03.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '499ae49b.qua'!
C:\Users\Mathieu\AppData\Local\Temp\~tmp\lvprf04\lvprf04.exe
[DETECTION] Is the TR/Spy.Agent.btk Trojan
[NOTE] The file was moved to '499ae4a0.qua'!
C:\Users\Mathieu\AppData\Local\Temp\~tmp\shbdchk10\shbdchk10.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '498ce492.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATAS>
D:\Documents\Humour\Progs\Question.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rrx back-door program
[NOTE] The file was moved to '498fed11.qua'!
Begin scan in 'F:\' <MP3>
Begin scan in 'G:\' <DIVX>
Begin scan in 'H:\' <EMULE>


End of the scan: 2008-11-24 19:35
Used time: 2:04:18 Hour(s)

The scan has been done completely.

37426 Scanning directories
1156763 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
1156751 Files not concerned
8719 Archives were scanned
7 Warnings
8 Notes
0
Réponse 40 / 58
crapoulou Messages postés 28195 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 013
 
Supprime la quarantaine.
Supprime aussi tout ce que kaspersky a trouvé.

(Il a trouvé ceci :)
C:\Program Files\PKR\pkr.exe
C:\Program Files\RealVNC\VNC4\vncconfig.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Trend Micro\Internet Security\Quarantine\Autorun.inf
C:\Program Files\Trend Micro\Internet Security\Quarantine\C927.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\CD8C.tmp
C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe
C:\Users\Mathieu\AppData\Local\Temp\~tmp\hmunmlcn17\hmunmlcn­17.exe
D:\Documents\Travaux CRM\Cours\Site Web sans traitement serveur\2) Langage HTML\Outils HTML\webexpert6.exe
D:\Documents\Travaux CRM\Cours CRM\M2S1Inter Site Web sans traitement serveur\2) Langage HTML\Outils HTML\webexpert6.exe
D:\Documents\Travaux CRM\CoursCRM260906\M2S1Inter Site Web sans traitement serveur\2) Langage HTML\Outils HTML\webexpert6.exe
D:\Documents\Travaux CRM\CoursCRM260906\M2S1Inter Site Web sans traitement serveur.zip
D:\Documents\Travaux CRM\Sauvegarde CRM.zip
H:\Programmes\CrackWepPack_v0.1_11-11-2005.exe
H:\Programmes\FTP Expert\ftpexpert3.exe
H:\Programmes\Mirc 6.21\mirc621.exe
H:\Programmes\MSN plugins\Install MPD.exe
H:\Programmes\pkrinstall.exe
H:\Programmes\Trend Micro (TM) Internet Security\keygen.exe
H:\Programmes\Trend Micro Internet Security 2009\keygen.exe
H:\Programmes\Trend Micro Internet Security 2009\keygen.zip
H:\Programmes\Web Expert 6\webexpert6.exe
H:\Programmes\Windows XP Live CD
0

Discussions similaires

Méssage Firefox ''Couldn't load XPCOM''
pistouri -
pistouri -

0 réponse
J'ai le message "coudn't load XPCOM."
Rock62 -
Lungta66 -

7 réponses
Problème de clavier, des fenêtre s'ouvrent !!
Lyon691D -
tanteelise -

5 réponses