Bonjour à tous,
J'ai ,en téléchargeant un petit utilitaire sans le scanné à l'antivirus,eu la désagréable surprise d'avoir un cadeau empoisonné.
Un virus ou spam,je ne sais pas encore,génère toutes les minutes sur mon ordinateur le cocktail suivant : message d'erreur comme quoi j'ai un virus sur mon PC,deux pages internet explorer sur un site de fabricant d'antivirus(total remover 2008 il me semble et un autre),changement de la barre des taches avec VIRUS ALERT! à côté de l'horloge+le bouclier windows defender en rouge,et un petit blocage du gestionnaire des taches au passage,mais quand même très irritant à la longue...
J'ai fais une analyse avec hijackthis et je vous envoies le bloc notes qui suis....je ne sais quelle clé effacer pour avoir la paix,pas envie de faire une mauvaise manip.
A propos,je suis avec l'antivirus Macafee,j'ai passé en anti spam spybot et arovax,en detection de virus msn,msn photot virus remover,on sait jamais...
merci de vos rponses et à plus tard.
Lestat.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:34: VIRUS ALERT!, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSExplorer.EXE
E:Program FilesMcAfee.comAgentmcagent.exe
E:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe
E:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe
E:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe
E:Program FilesAnalog DevicesCoresmax4pnp.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:Program FilesScanSoftOmniPageSE4OpwareSE4.exe
E:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDClock.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDCountdown.exe
E:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDPop3.exe
E:Program FilesMSN MessengerMsnMsgr.Exe
E:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDMedia.exe
E:Program FilesFichiers communsAheadLibNMBgMonitor.exe
C:logicielsSpybot - Search & DestroyTeaTimer.exe
E:Program FilesFichiers communsAheadLibNMIndexStoreSvr.exe
C:logicielsphotoshop elementsPhotoshopElementsFileAgent.exe
E:Program FilesYahoo!WidgetsYahooWidgets.exe
E:Program FilesBonjourmDNSResponder.exe
E:Program FilesFichiers communsLightScribeLSSrvc.exe
E:Program FilesYahoo!WidgetsYahooWidgets.exe
E:Program FilesYahoo!WidgetsYahooWidgets.exe
E:Program FilesMcAfeeSiteAdvisorMcSACore.exe
E:PROGRA~1McAfeeMSCmcmscsvc.exe
e:PROGRA~1FICHIE~1mcafeemnamcnasvc.exe
e:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
E:PROGRA~1McAfeeVIRUSS~1mcshield.exe
E:Program FilesMcAfeeMPFMPFSrv.exe
E:Program FilesMcAfeeMSKMskSrver.exe
E:WINDOWSsystem32
vsvc32.exe
E:WINDOWSsystem32PnkBstrA.exe
E:WINDOWSsystem32PnkBstrB.exe
E:WINDOWSsystem32svchost.exe
E:Program FilesFichiers communsAheadLibNMIndexingService.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesMSN Messengerusnsvc.exe
E:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
E:Program FilesMozilla Firefoxfirefox.exe
E:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://www.google.fr/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://www.google.fr
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://www.google.fr/ie
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) =
http://www.google.fr/search?q=%s
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: dkwqgnbe - {F9969ACA-EEEE-40BC-AB05-6571E33F4AD1} - E:WINDOWSdkwqgnbe.dll
O4 - HKLM..Run: [mcagent_exe] E:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [NeroFilterCheck] E:Program FilesFichiers communsAheadLibNeroCheck.exe
O4 - HKLM..Run: [Adobe Photo Downloader] "C:logicielsphotoshop elementsapdproxy.exe"
O4 - HKLM..Run: [VirtualCloneDrive] "E:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe" /s
O4 - HKLM..Run: [Launch LCDMon] "E:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe"
O4 - HKLM..Run: [Launch LGDCore] "E:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe" /SHOWHIDE
O4 - HKLM..Run: [SoundMAXPnP] E:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [CanonMyPrinter] E:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 - HKLM..Run: [SSBkgdUpdate] "E:Program FilesFichiers communsScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [OpwareSE4] "E:Program FilesScanSoftOmniPageSE4OpwareSE4.exe"
O4 - HKLM..Run: [WinSys2] E:WINDOWSsystem32winsys2.exe
O4 - HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "E:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:Program FilesFichiers communsAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [Arovax AntiSpyware] E:Program FilesArovax AntiSpywarearovaxantispyware.exe /s
O4 - HKCU..Run: [TomTomHOME.exe] "E:Program FilesTomTom HOME 2HOMERunner.exe"
O4 - HKCU..Run: [] E:Documents and SettingssebApplication DataAdobePlayer.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:logicielsSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-19..RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%System32syssetub.dll" "%SystemRoot%System32syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%System32syssetub.dll" "%SystemRoot%System32syssetup.dll" (User 'SERVICE RESEAU')
O4 - Startup: IcoSauve.lnk = E:WINDOWSsystem32IcoSauve.exe
O4 - Startup: Yahoo! Widgets.lnk = E:Program FilesYahoo!WidgetsYahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://E:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:Program FilesJavajre1.6.0inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:Program FilesJavajre1.6.0inssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:LOGICI~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:LOGICI~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9248458718
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O21 - SSODL: neksolda - {BB8B6607-236F-4003-8333-DDA4C00EF0C1} - E:WINDOWS
eksolda.dll
O21 - SSODL: xgpsarbm - {346CF07C-F1D6-44B4-A40D-2AAD8FCFD246} - E:WINDOWSxgpsarbm.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:logicielsphotoshop elementsPhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:Program FilesFichiers communsMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:Program FilesFichiers communsInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:Program FilesFichiers communsLightScribeLSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:Program Filesma-config.commaconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:PROGRA~1FICHIE~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - E:Program FilesFichiers communsSony SharedAVLibMSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - E:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: NBService - Nero AG - E:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - E:Program FilesFichiers communsAheadLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:WINDOWSsystem32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - E:Program FilesFichiers communsSony SharedAVLibPACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - E:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:WINDOWSsystem32PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - E:Program FilesFichiers communsSony SharedAVLibSPTISRV.exe
--
End of file - 11480 bytes