Sujet Précédent Sujet Suivant

Contaminé par dance dec sur msn

Résolu
Guicath* Messages postés 21 Statut Membre -  
 low -
Bonjour,
aidez moi svp!!! Marre de ces virus...lol
Est ce que quelqu'un pourrait m'aider svp!? J'ai eu le malheur d'accepter un fichier zip nommé dance dec avec comme message ma soeur voulait que tu regarde ça. Et maintenant a chaque fois que je me connecte a msn sur mon pc, il envoi ce message et donc ce virus a tout mes contacts qui sont connecté, bref... j'ai besoin d'aide! merci d'avance pour celui ou celle qui pourra m'aider a m'en débarrasser.
A voir également:

26 réponses

Précédent
  • 1
  • 2
Réponse 21 / 26
Brom Bones
 
Bonjour,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:15, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\docume~1\admini~1\locals~1\temp\secuufd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD+LDHhd+DajFaBDSW+L8lQFFgsjE6jgqyPgUCujCnmT5vDlrRcIOiIoWfkwrrSCqxepCjA+opQ3ZlhgO4zELX4QeBh4Jz4SCXSqweb8ffFeOUEdHujL0+bQrUtfXbgXJ71dSxbw8KlAvf+TIkky4Zs/Wv+pGnu9l18fHiiQ8J0I8=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SecuUFD] c:\docume~1\admini~1\locals~1\temp\secuufd.exe sys_auto_run C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Workflow] E:\install\Workflow.exe
O4 - HKLM\..\Run: [IdiomaX Product Update] C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash32] c:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [cscsklkhg] c:\windows\system32\cscsklkhg.exe cscsklkhg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [cscsklkhg] c:\windows\system32\cscsklkhg.exe cscsklkhg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6d3597bbadc049baa0baf48014530303
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6d3597bbadc049baa0baf48014530303
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9BF5BB64-5773-452A-B82C-02E5EE7EA8B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 22 / 26
Megan Fox Messages postés 410 Statut Membre 9
 
Salut Brom Bones,

Il faudrait que tu crée ton propre message, ça te permettra d'avoir une aide plus efficace.

A+
0
Réponse 23 / 26
cocosan91
 
bonsoir,
voici le compte rendu de l'analyse msnfix:
MSNFix 1.586

C:\unzipped\MSNFix\MSNFix
Fix exécuté le 18/11/2007 - 23:38:48,46 By Corinne
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\PROGRA~1\Insider\Insider.exe
... C:\*-1-1148.exe
... C:\3d3t4t8n7l.exe
... C:\i-1-1148.exe
... C:\ir-1-1148.exe
... C:\or-1-1148.exe
... C:\p6g7j3w2g3f5.exe
... C:\vr-1-1148.exe
... C:\DOCUME~1\Corinne\LOCALS~1\Temp\camg-*.exe
... C:\DOCUME~1\Corinne\LOCALS~1\Temp\MBDownloader_*.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED

************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Insider\

************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
/!\ ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\*-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\i-1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\DOCUME~1\Corinne\LOCALS~1\Temp\camg-*.exe
.. OK ... C:\DOCUME~1\Corinne\LOCALS~1\Temp\MBDownloader_*.exe
.. OK ... C:\WINDOWS\b???.exe
/!\ ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\i-1-1148.exe
.. OK ... C:\i1-1148.exe
.. OK ... C:\i-1-1148.exe
.. OK ... C:\i1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\it-1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\it-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip

************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
/!\ ... C:\PROGRA~1\Insider\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\mrofinu*.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18112007_23471240.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

puis hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:00, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\LOGICI~1\d\PSFree.exe
C:\DOCUME~1\Corinne\APPLIC~1\YMBOLS~1\winword.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\LOGICI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Logiciels et téléchargements\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\LOGICI~1\d\PSFree.exe"
O4 - HKCU\..\Run: [Sorl] "C:\DOCUME~1\Corinne\APPLIC~1\YMBOLS~1\winword.exe" -vt yazb
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cocosan91.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cocosan91.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Logiciels et téléchargements\Common\Database\bin\fbserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service CANALPLAY - Unknown owner - D:\Logiciels et téléchargements\CanalPlayService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 24 / 26
Megan Fox Messages postés 410 Statut Membre 9
 
Salut cocosan91,

idem que pour tous les autres.
Fait ton propre message ça sera plus facile.
Comme tu peux le constater on n'y comprend plus rien sur ce post avec toutes les demande qu'il y a eu.

Bonne soirée
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 26
cocosan91
 
Bonsoir

voila le résultat de l'install MSNFix:

MSNFix 1.586

C:\unzipped\MSNFix\MSNFix
Fix exécuté le 18/11/2007 - 23:38:48,46 By Corinne
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\PROGRA~1\Insider\Insider.exe
... C:\*-1-1148.exe
... C:\3d3t4t8n7l.exe
... C:\i-1-1148.exe
... C:\ir-1-1148.exe
... C:\or-1-1148.exe
... C:\p6g7j3w2g3f5.exe
... C:\vr-1-1148.exe
... C:\DOCUME~1\Corinne\LOCALS~1\Temp\camg-*.exe
... C:\DOCUME~1\Corinne\LOCALS~1\Temp\MBDownloader_*.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED

************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Insider\

************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
/!\ ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\*-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\i-1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\DOCUME~1\Corinne\LOCALS~1\Temp\camg-*.exe
.. OK ... C:\DOCUME~1\Corinne\LOCALS~1\Temp\MBDownloader_*.exe
.. OK ... C:\WINDOWS\b???.exe
/!\ ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\i-1-1148.exe
.. OK ... C:\i1-1148.exe
.. OK ... C:\i-1-1148.exe
.. OK ... C:\i1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\it-1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\it-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip

************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
/!\ ... C:\PROGRA~1\Insider\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\mrofinu*.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18112007_23471240.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

puis de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:00, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\LOGICI~1\d\PSFree.exe
C:\DOCUME~1\Corinne\APPLIC~1\YMBOLS~1\winword.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\LOGICI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Logiciels et téléchargements\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\LOGICI~1\d\PSFree.exe"
O4 - HKCU\..\Run: [Sorl] "C:\DOCUME~1\Corinne\APPLIC~1\YMBOLS~1\winword.exe" -vt yazb
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cocosan91.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cocosan91.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Logiciels et téléchargements\Common\Database\bin\fbserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service CANALPLAY - Unknown owner - D:\Logiciels et téléchargements\CanalPlayService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 26 / 26
low
 
Bonjour,

J'ai un petit soucy , il y a deux jours j'ai recu un lien sur msn par l'un de mes contacts . Il était écrit : regarde, c'est pas sa toi? . et puis j'ai cliqué sur le lien , une photo d'un homme est apparue et depuis dés que je me connecte à msn ce lien est envoyé a tout mes contats . Je n'avais pas d'anti virus j'en ai donc pris un directement : norton . J'ai activé l'analyse de détection de virus , il m'a detecté : 17pHolmes 1148 exe, downloader . Norton a d'abord essayé de le mettre en quarantaine ce qui a échoué , il a ensuite essayé de le supprimer ce qui à également échoué . J'ai parcourue les forum et il m'était conseillé de télécharger spybot mais celui ci n'a pas pu s'installer .

Pourriez vous m'aider à supprimer ce virus de mon pc s'il vous plait .
0

Discussions similaires

symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Que veut dire Msn
LoOuiiZee -
Bikadu75 -

4 réponses
musique de camping paradis :)
marina -
Lc -

20 réponses
signification de MSN
noisette2008 -
ysis -

6 réponses
que signifie abreviation msn
lilou -
Azerty -

5 réponses