Comprendre le bitcoin, l'intelligence artificielle, faire un site web... En 3 minutes en vidéo!

INFECTION PAR EXPLOIT ROGUE SCANNER [Résolu]

Forum informatique > Aide Virus, Spywares et autres logiciels malveillants > INFECTION PAR EXPLOIT ROGUE SCANNER [Résolu]

<<<12345678910>>>

[Page 5 sur 15 - 223 messages]
Informations Messages

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 02 Octobre 2010 à 17h28

re,

FTRTSVC


Nous allons stopper le service de France Telecom Routing Table Service (espion)

Fais ceci ---->vas dans
pour XP ====>Démarrer/Exécuter/tapes ceci (copier/coller)
pour Vista====> (menu démarrer en mode classique ) mettre Démarrer/programmes/accessoires/Invite de commande/ clic droit dessus/Exécuter en tant qu'Administrateur
sc stop FTRTSVC (valide par ENTER )
sc delete FTRTSVC (valide par ENTER )


ensuite fais la même chose avec gupdate




Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

Publicité

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 02 Octobre 2010 à 21h54

c'est normal que rien ne se passe vraiment à part l'apparition furtive d'un morceau d'écran noir comme lorsqu'on lance msconfig?

 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 03 Octobre 2010 à 15h00

re,

tout à fait Content

reposte un rapport Hijackthis...

Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 04 Octobre 2010 à 21h51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:46, on 04/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe
C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe

--
End of file - 8387 bytes

 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 05 Octobre 2010 à 10h31

re,

je te conseille de désactiver ces clés, non pas via Hijackthis, mais via CCleaner/Icône Outils/Bouton Démarrage

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe

Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 06 Décembre 2010 à 08h47

bonjour Winx, j'ai posté le message suivant mais malheureusement sans réponse... comme vous m'avez toujours bien aidé, je me permets de vous le transmettre ci-dessous
merci d'avance

bonsoir, problème rencontré sur un PC portable sous Vista - impossible afficher pages web malgré connection WIFI OK - à priori AVAST posait problème, je l'ai désinstallé et lancer RSIT ci-dessous log + log du scan hijacktis

merci pour votre aide

Logfile of random's system information tool 1.06 (written by random/random)
Run by patrick lenglos at 2010-12-04 16:23:58
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 30 GB (29%) free of 106 GB
Total RAM: 895 MB (60% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Internet Security - Analyse système complète - patrick lenglos.job
C:\Windows\tasks\Recovery DVD Creator.job
C:\Windows\tasks\User_Feed_Synchronization-{A3BD86A3-5379-4A74-BD27-9C690E11A643}.job
C:\Windows\tasks\User_Feed_Synchronization-{C8CE3CBC-1B6C-4D1A-ADE8-7D1445F1EC0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{364d4e0c-543f-4b85-abe3-19551139da4f}]
Softonic France Toolbar - C:\Program Files\Softonic_France\tbSof0.dll [2010-09-05 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{968631B6-4729-440D-9BF4-251F5593EC9A} - Copernic Desktop Search 2 - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll [2006-12-08 1040176]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{364d4e0c-543f-4b85-abe3-19551139da4f} - Softonic France Toolbar - C:\Program Files\Softonic_France\tbSof0.dll [2010-09-05 2735200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogicoolQCamRibbon"=C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe [2009-05-08 2778896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-23 98304]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"VX1000"=C:\Windows\vVX1000.exe [2009-06-26 757248]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640]
"EoEngine"= []
"ORAHSSSessionManager"=C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe [2009-08-24 135920]
"OPTENET_GUI"=C:\PROGRA~1\CONTRO~1\bin\optgui.exe [2008-09-03 424608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"=C:\Users\patrick lenglos\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Logicool Vid"=C:\Program Files\Logicool\Logicool Vid\vid.exe [2009-06-02 5451536]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
C:\Windows\adiras.exe [2006-02-16 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
C:\Windows\autoclk.exe [2006-02-15 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2]
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe [2006-12-08 1546544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1169801887\ee\AOLSoftware.exe [2006-11-14 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2006-12-20 7766016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2006-12-20 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2006-12-20 90191]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-23 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe [2010-09-05 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-04-23 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^patrick lenglos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^is-A8M1B.lnk]
C:\Users\PATRIC~1\VIRUSR~1\is-A8M1B\startup.exe [2008-11-12 65536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDrive r]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewall policy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewall policy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{652746e7-0504-11dc-af1b-0040d0a73e9e}]
shell\AutoRun\command - E:\setupSNK.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-11-28 13:23:15 ----D---- C:\ProgramData\Xfire
2010-10-27 07:31:12 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 07:31:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 07:31:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-16 13:43:21 ----A---- C:\Windows\system32\mshtml.dll
2010-10-16 13:43:20 ----A---- C:\Windows\system32\ieframe.dll
2010-10-16 13:43:19 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-16 13:43:18 ----A---- C:\Windows\system32\urlmon.dll
2010-10-16 13:43:18 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-16 13:43:17 ----A---- C:\Windows\system32\wininet.dll
2010-10-16 13:43:17 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-16 13:43:16 ----A---- C:\Windows\system32\occache.dll
2010-10-16 13:43:16 ----A---- C:\Windows\system32\mstime.dll
2010-10-16 13:43:16 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-16 13:43:16 ----A---- C:\Windows\system32\ieui.dll
2010-10-16 13:43:16 ----A---- C:\Windows\system32\iertutil.dll
2010-10-16 13:43:16 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-16 13:43:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\iesetup.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\iernonce.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\iepeers.dll
2010-10-16 13:43:15 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-16 13:42:57 ----A---- C:\Windows\system32\wmp.dll
2010-10-16 13:42:53 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-16 13:42:10 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-16 13:42:09 ----A---- C:\Windows\system32\netevent.dll
2010-10-16 13:41:29 ----A---- C:\Windows\system32\schannel.dll
2010-10-16 13:41:24 ----A---- C:\Windows\system32\ole32.dll
2010-10-16 13:41:19 ----A---- C:\Windows\system32\t2embed.dll
2010-10-16 13:41:14 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-16 13:41:14 ----A---- C:\Windows\system32\mfc40.dll
2010-10-16 13:39:44 ----A---- C:\Windows\system32\msshsq.dll
2010-10-16 13:39:34 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-16 13:39:28 ----A---- C:\Windows\system32\comctl32.dll
2010-10-11 16:56:04 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-09-28 19:04:40 ----A---- C:\Windows\system32\tzres.dll
2010-09-25 10:00:47 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-09-22 12:57:55 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-09-21 19:24:42 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-09-21 19:24:42 ----D---- C:\Users\patrick lenglos\AppData\Roaming\app
2010-09-21 19:24:29 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-09-21 19:24:29 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Dofus 2
2010-09-21 18:15:53 ----D---- C:\Program Files\Dofus 2
2010-09-21 18:15:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-09-20 18:58:59 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-20 18:58:53 ----A---- C:\Windows\system32\usp10.dll
2010-09-20 18:58:48 ----A---- C:\Windows\system32\MP4SDECD.DLL
2010-09-20 18:58:38 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 3 months======

2010-12-04 16:22:58 ----RD---- C:\Program Files
2010-12-04 16:22:07 ----D---- C:\Users\patrick lenglos\AppData\Roaming\EoRezo
2010-12-04 16:20:33 ----D---- C:\ProgramData\Alwil Software
2010-12-04 16:19:26 ----AD---- C:\Windows\System32
2010-12-04 16:19:24 ----D---- C:\Windows\system32\drivers
2010-12-04 16:13:56 ----D---- C:\Windows\Prefetch
2010-12-04 16:13:08 ----D---- C:\Windows\Temp
2010-12-04 15:46:16 ----D---- C:\Windows\winsxs
2010-12-04 15:41:32 ----SHD---- C:\System Volume Information
2010-12-04 15:32:11 ----SHD---- C:\Windows\Installer
2010-12-04 15:27:08 ----D---- C:\Program Files\Internet Explorer
2010-12-04 15:26:57 ----D---- C:\Windows\system32\catroot
2010-12-04 15:26:15 ----D---- C:\Program Files\Windows Mail
2010-12-04 10:29:33 ----A---- C:\Windows\system32\mrt.exe
2010-12-04 10:10:47 ----D---- C:\Windows\system32\catroot2
2010-11-28 17:33:24 ----D---- C:\Windows\system32\Msdtc
2010-11-28 17:33:24 ----D---- C:\Program Files\Common Files\Steam
2010-11-28 17:33:24 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-28 17:33:20 ----D---- C:\Windows\system32\wbem
2010-11-28 17:33:20 ----D---- C:\Windows
2010-11-28 17:32:39 ----D---- C:\Windows\system32\config
2010-11-28 17:31:56 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-28 17:31:56 ----D---- C:\Windows\Tasks
2010-11-28 17:31:56 ----D---- C:\Windows\system32\Tasks
2010-11-28 17:31:56 ----D---- C:\Windows\system32\spool
2010-11-28 17:31:55 ----D---- C:\Windows\rescache
2010-11-28 17:31:54 ----D---- C:\Windows\inf
2010-11-28 17:31:48 ----D---- C:\Program Files\Windows Live
2010-11-28 17:31:45 ----D---- C:\Program Files\Windows Live SkyDrive
2010-11-28 17:31:44 ----D---- C:\Program Files\Microsoft Sync Framework
2010-11-28 17:31:44 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2010-11-28 17:31:43 ----D---- C:\Program Files\Common Files\System
2010-11-28 17:31:43 ----D---- C:\Program Files\Cheat Engine
2010-11-28 17:31:41 ----D---- C:\Nexon
2010-11-28 17:31:32 ----D---- C:\Windows\registration
2010-11-28 13:23:15 ----HD---- C:\ProgramData
2010-11-28 09:32:15 ----D---- C:\Windows\Microsoft.NET
2010-11-28 09:25:06 ----RSD---- C:\Windows\assembly
2010-11-28 09:17:11 ----SD---- C:\ProgramData\Microsoft
2010-11-28 09:17:08 ----RSD---- C:\Windows\Fonts
2010-11-27 22:13:36 ----D---- C:\Windows\system32\fr-FR
2010-11-03 08:54:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-28 09:02:19 ----D---- C:\Windows\AppPatch
2010-10-24 10:45:08 ----SD---- C:\Windows\Downloaded Program Files
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-17 12:12:25 ----D---- C:\Program Files\Windows Media Player
2010-10-17 12:12:24 ----D---- C:\Windows\system32\migration
2010-10-17 11:29:11 ----A---- C:\Windows\win.ini
2010-09-30 16:13:41 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-24 17:38:11 ----D---- C:\Program Files\Google
2010-09-21 18:15:50 ----D---- C:\ProgramData\Adobe
2010-09-21 18:15:49 ----D---- C:\Users\patrick lenglos\AppData\Roaming\Adobe
2010-09-21 18:15:48 ----D---- C:\Program Files\Adobe
2010-09-21 18:15:43 ----D---- C:\Program Files\Common Files
2010-09-05 14:47:08 ----D---- C:\Program Files\Softonic_France

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
S1 is-A8M1Bdrv;is-A8M1Bdrv; C:\Windows\system32\DRIVERS\70403037.sys [2008-07-08 148496]
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 24984]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NVENETFD;Pilote du contrôleur de réseau NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-20 4448160]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2009-08-24 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2009-08-24 27072]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2686872]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2009-04-11 15872]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [2009-08-24 69632]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 150040]
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
S2 OPTENET_FILTER;Orange Contrôle Parental; C:\Program Files\Controle Parental\bin\optproxy.exe [2009-01-09 649224]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-09-05 407336]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:34, on 04/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Users\patrick lenglos\Contacts\Desktop\RESOLUTION PB CONNEXION INTERNET 07_2009\scaner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof0.dll
O4 - HKLM\..\Run: [LogicoolQCamRibbon] "C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\patrick lenglos\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Logicool Vid] "C:\Program Files\Logicool\Logicool Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://operation7.fiaa.eu/OPLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6681 bytes

 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 06 Décembre 2010 à 18h59

re,
j'ai bien compris,


as-tu désactivé les clés que j'ai surligné dans le rapport Hijackthis ?
Si tu as un problème pour faire ça tu le dis...

Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 07 Décembre 2010 à 08h22

bonjour, il ne s'agit pas du même PC que le problème précédent
ce coup-là il s'agit d'un portable tournant sous Vista, alors que le problème précédent de virus se posait sur le fixe

 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 07 Décembre 2010 à 15h48

re,

peux-tu faire un rapport Hijackthis en mode normal ?

relance ce logiciel:

C:\Users\patrick lenglos\Contacts\Desktop\RESOLUTION PB CONNEXION INTERNET 07_2009\scaner.exe
et poste le rapport...

Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 07 Décembre 2010 à 20h52

Re et contente d'avoir de vos nouvelles....
ci-dessous log RSIT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:00, on 07/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\patrick lenglos\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1169801887\ee\aolsoftware.exe
C:\Windows\autoclk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logicool\Logicool Vid\Vid.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Users\patrick lenglos\Contacts\Desktop\RESOLUTION PB CONNEXION INTERNET 07_2009\scaner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe
C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof0.dll
O4 - HKLM\..\Run: [LogicoolQCamRibbon] "C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169801887\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\patrick lenglos\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Logicool Vid] "C:\Program Files\Logicool\Logicool Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: is-A8M1B.lnk = C:\Users\patrick lenglos\Virus Removal Tool\is-A8M1B\startup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://operation7.fiaa.eu/OPLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9726 bytes

bonne soirée

 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 08 Décembre 2010 à 15h06

re,
je n'aime pas ceci:


C:\Windows\autoclk.exe



fais ceci:

Flèche Rends toi sur ce lien : Virus Total



* Clique sur Parcourir
* Recherche alors notre cible à faire analyser :

Citation

C:\Windows\autoclk.exe




* Clique sur Send File (envoyer ) le fichier est uploader sur leur server.
* Si il est affiché ce message

Citation

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:



* clic sur le bouton "Reanalyse"
ce message apparaîtra :

Citation

Current status: queued (#1) queued analysing finished


Ensuite la barre avancera, patiente jusqu'au message :

Citation

Current status: analysing finished


Sélectionne manuellement le texte de l'analyse et fais ctrl+c et recopie ici dans le Forum par un ctrl + v


tu auras un texte comme ceci sur le Forum, ce n'est pas grave je m'en sortirai...pour info une non contamination est affichée par ceci "-"

Citation


exemple de rapport

Antivirus Version Last Update Result
AhnLab-V3 2010.09.07.00 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.06 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 5997 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2453 2010.09.06 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5429 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.06 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.03 2010.09.07 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6840 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 -
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.366 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.07 -
VirusBuster 12.64.20.0 2010.09.06 -
Additional information
Show all
MD5 : 096c36008d2ca63382176d0aee04c78b
SHA1 : 70c179334cc909ae0e80a4f618bdac6477d198c4
SHA256: ec165c899e97365cd7deca4b56cc6f188398b4ac5352a30d046664b7b5e94fe1











Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 08 Décembre 2010 à 18h02

j'ai copié le fichier sur une clé USB pour poursuivre la manip à partir de mon PC fixe sans succès avec message suivant

Citation

Erreur du serveur!

Le serveur a èté victime d'une erreur interne et n'a pas été capable de faire aboutir votre requête. Soit le server est surchargé soit il s'agit d'une erreur dans le script CGI.

Si vous pensez qu'il s'agit d'une erreur du serveur, veuillez contacter le gestionnaire du site.
Error 500
Wed Dec 8 17:59:06 2010 http://www.virustotal.com/



j'ai retenté une seconde fois en cochant "Send it over SSL" avec toujours même message

faut-il que je copie le fichier sous windows sur mon poste fixe?


 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 08 Décembre 2010 à 18h59

re,
refais un essai avec Internet explorer ?

Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

rastakaya

Avatar de rastakaya
279 messages
Processeur
Processeur

Lien direct Le 08 Décembre 2010 à 21h22

Antivirus Version Last Update Result
AhnLab-V3 2010.12.08.00 2010.12.07 -
AntiVir 7.10.14.228 2010.12.08 -
Antiy-AVL 2.0.3.7 2010.12.08 -
Avast 4.8.1351.0 2010.12.08 -
Avast5 5.0.677.0 2010.12.08 -
AVG 9.0.0.851 2010.12.08 -
BitDefender 7.2 2010.12.08 -
CAT-QuickHeal 11.00 2010.12.08 -
ClamAV 0.96.4.0 2010.12.08 -
Command 5.2.11.5 2010.12.08 -
Comodo 6993 2010.12.08 -
DrWeb 5.0.2.03300 2010.12.08 -
Emsisoft 5.1.0.1 2010.12.08 -
eSafe 7.0.17.0 2010.12.07 -
eTrust-Vet 36.1.8027 2010.12.08 -
F-Prot 4.6.2.117 2010.12.08 -
F-Secure 9.0.16160.0 2010.12.08 -
Fortinet 4.2.254.0 2010.12.08 -
GData 21 2010.12.08 -
Ikarus T3.1.1.90.0 2010.12.08 -
Jiangmin 13.0.900 2010.12.08 -
K7AntiVirus 9.71.3191 2010.12.08 -
Kaspersky 7.0.0.125 2010.12.08 -
McAfee 5.400.0.1158 2010.12.08 -
McAfee-GW-Edition 2010.1C 2010.12.08 -
Microsoft 1.6402 2010.12.08 -
NOD32 5686 2010.12.08 -
Norman 6.06.12 2010.12.08 -
nProtect 2010-12-08.02 2010.12.08 -
Panda 10.0.2.7 2010.12.08 -
PCTools 7.0.3.5 2010.12.08 -
Prevx 3.0 2010.12.08 -
Rising 22.77.01.08 2010.12.08 -
Sophos 4.60.0 2010.12.08 -
SUPERAntiSpyware 4.40.0.1006 2010.12.08 -
Symantec 20101.2.0.161 2010.12.08 -
TheHacker 6.7.0.1.097 2010.12.08 -
TrendMicro 9.120.0.1004 2010.12.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.08 -
VBA32 3.12.14.2 2010.12.08 -
VIPRE 7563 2010.12.08 -
ViRobot 2010.12.8.4191 2010.12.08 -
VirusBuster 13.6.82.0 2010.12.08 -
Additional information
Show all
MD5 : 572188ba265547b7a5244595da751b4e
SHA1 : b3e574cbf0a6e172345f7d19419ed9dd026677ae
SHA256: b28c6f38ce63e6751f4cc4b611fe63202ee4fd2dd6d11b7d70e4f32393205820
ssdeep: 3072:RZsyESAHL2zp9U/RKrpWSv6REyN77akM05/l0UakBUn/+D:DsyR9l9U/MLtyFRQ
File size : 176128 bytes
First seen: 2009-02-23 18:17:03
Last seen : 2010-12-08 20:14:49
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2002
product......: autoclk Application
description..: autoclk MFC Application
original name: autoclk.EXE
internal name: autoclk
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x4176
timedatestamp....: 0x43F2F1B9 (Wed Feb 15 09:17:45 2006)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1A8A4, 0x1B000, 6.52, ee3b27494f965c1e698c6a9ee1a022b5
.rdata, 0x1C000, 0x7586, 0x8000, 4.63, cbaf59222246f8358063b8b40985053a
.data, 0x24000, 0x52F4, 0x2000, 3.51, 2cc37f1fb0128e597f79709509af131d
.rsrc, 0x2A000, 0x4D58, 0x5000, 3.46, 3b6aa685af18dfe600c8421f0e7c4d34

[[ 9 import(s) ]]
KERNEL32.dll: VirtualQuery, GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetSystemInfo, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, RtlUnwind, SetErrorMode, GetOEMCP, GetCPInfo, GetCurrentProcess, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, GlobalFlags, DeleteCriticalSection, InitializeCriticalSection, RaiseException, InterlockedDecrement, FormatMessageA, LocalFree, MulDiv, SetLastError, WritePrivateProfileStringA, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, lstrcpynA, GlobalAddAtomA, GetCurrentThread, GetCurrentThreadId, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, GlobalLock, GlobalUnlock, GlobalFree, FreeResource, lstrlenA, lstrcmpiA, MultiByteToWideChar, WideCharToMultiByte, SizeofResource, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, CloseHandle, GetVersion, LoadLibraryA, FreeLibrary, FindResourceA, LoadResource, LockResource, CreateMutexA, QueryPerformanceCounter, GetLastError
USER32.dll: InflateRect, GetSysColorBrush, LoadMenuA, DestroyMenu, UnpackDDElParam, ReuseDDElParam, ReleaseCapture, LoadAcceleratorsA, InvalidateRect, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, wsprintfA, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, SetPropA, GetPropA, RemovePropA, SendDlgItemMessageA, SetFocus, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, TrackPopupMenu, SetForegroundWindow, GetClientRect, GetMenu, GetSubMenu, GetMenuItemID, GetMenuItemCount, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetClassInfoA, RegisterClassA, UpdateWindow, GetClassNameA, EnableWindow, LoadStringA, LoadCursorA, SetTimer, KillTimer, PostMessageA, IsWindowVisible, IsWindowEnabled, GetDlgItem, GetWindowTextA, EnumChildWindows, GetDesktopWindow, UnregisterClassA, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, SetMenuItemBitmaps, GetFocus, ModifyMenuA, GetMenuState, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, UnhookWindowsHookEx, GetMenuItemInfoA, PostQuitMessage, EndDialog, SendMessageA, GetNextDlgTabItem, GetParent, GetWindowLongA, IsWindow, DestroyWindow, CreateDialogIndirectParamA, GetSystemMetrics, SetActiveWindow, GetActiveWindow, SetCursor, ShowOwnedPopups, DispatchMessageA, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, MessageBoxA, GetLastActivePopup
GDI32.dll: CreateSolidBrush, CreateCompatibleBitmap, GetTextExtentPoint32A, CreateFontIndirectA, GetDeviceCaps, GetStockObject, CreateCompatibleDC, CreatePatternBrush, DeleteDC, SelectObject, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, CreateBitmap, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetPixel, BitBlt, DeleteObject, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, SetViewportOrgEx
WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
ADVAPI32.dll: RegDeleteValueA, RegEnumValueA, RegOpenKeyExA, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, RegQueryValueA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
SHELL32.dll: DragQueryFileA, DragFinish
COMCTL32.dll: -, ImageList_Draw, ImageList_GetImageInfo, ImageList_Destroy
SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
OLEAUT32.dll: -, -, -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 110592
CompanyName:
EntryPoint: 0x4176
FileDescription: autoclk MFC Application
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 172 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1, 0, 0, 1
FileVersionNumber: 1.0.0.1
ImageVersion: 0.0
InitializedDataSize: 77824
InternalName: autoclk
LanguageCode: English (U.S.)
LegalCopyright: Copyright (C) 2002
LegalTrademarks:
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: autoclk.EXE
PEType: PE32
ProductName: autoclk Application
ProductVersion: 1, 0, 0, 1
ProductVersionNumber: 1.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2006:02:15 10:17:45+01:00
UninitializedDataSize: 0

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

c'est quoi comme application ? vital pour le PC ou possibilité de supprimer?

 

Winx

Avatar de Winx
27901 messages
No-Life
No-Life
AidoHardware
AidoHardware
AidoAntivirus
AidoAntivirus
AidoWindows
AidoWindows

Lien direct Le 09 Décembre 2010 à 10h42

re,


vital oui, mais parfois il est infecté et considéré comme un virus, ici il est clean....
Cool

Je n'ai pas la prétention de résoudre les problèmes, mais celle de vous aider à les résoudre ;-)
 

<<<12345678910>>>

[Page 5 sur 15 - 223 messages]

Forum informatique > Aide Virus, Spywares et autres logiciels malveillants > INFECTION PAR EXPLOIT ROGUE SCANNER [Résolu]