virus msn:'c'est pas toi ?

Question

Bonjour, je crois que j'ai attrapé un virus sur MSN
j'ai cliqué sur un lien qui me disait: "salut ce n'est pas toi" y'avait mon mail dans le lien donc je ne me suis pas méfié

j'ai téléchargé MSNfix et ça m'a donné ça:

qu'est ce que je dois faire après ????
merci de m'aider!!!

MSNFix 1.639-2  
 
C:\Documents and Settings\Tina\Bureau\MSNFix 
Fix exécuté le 21/01/2008 - 20:08:13,79 By Tina 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe 
... C:\?.exe 
... C:\DOCUME~1\Tina\LOCALS~1\Temp\*.dmp 
... C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe 
... C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe 
... C:\Documents and Settings\Tina\??????.exe 
... C:\WINDOWS\b???.exe 
... C:\WINDOWS\b122.exe 
... C:\WINDOWS\Dance_dec_jpg.zip 
... C:\WINDOWS\mrofinu*.exe 
... C:\WINDOWS\mrofinu*.exe.tmp 
... C:\WINDOWS\system32\microsoft\backup.ftp 
... C:\WINDOWS\system32\microsoft\backup.tftp 
... C:\WINDOWS\Dance_dec_jpg.zip 
 
************************ Recherche les dossiers présents       
 
... C:\Program Files\Dot1XCfg\ 
... C:\Program Files\InetGet2\ 
... C:\Program Files\Temporary\ 
... C:\Temp\ 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe  
.. OK ... C:\?.exe  
.. OK ... C:\DOCUME~1\Tina\LOCALS~1\Temp\*.dmp  
/!\ ...  C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe   
/!\ ...  C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe   
/!\ ...  C:\Documents and Settings\Tina\??????.exe   
.. OK ... C:\WINDOWS\b???.exe  
.. OK ... C:\WINDOWS\b122.exe  
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip  
/!\ ...  C:\WINDOWS\mrofinu*.exe   
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp  
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp  
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp  
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip 
 
 
************************ Suppression des dossiers       
 
/!\ ...  C:\Program Files\Dot1XCfg\   
.. OK ... C:\Program Files\InetGet2\   
.. OK ... C:\Program Files\Temporary\   
.. OK ... C:\Temp\   
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\DOCUME~1\Tina\LOCALS~1\Temp\*.dmp  
.. OK ... C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe  
.. OK ... C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe  
.. OK ... C:\WINDOWS\mrofinu*.exe  
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp  
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\DOCUME~1\Tina\LOCALS~1\Temp\28621571.zip] D577ACFA70DF8982498D79919BA7D53B 
[C:\bhij.exe] E35BBFB29114DC915FB8FAF710EB8770 
[C:	uwwp.exe] 89EA174DD0E1FFFE0295C903DDB4367A 
[C:\upaq.exe] F6E57C3E854EE7780F960AA9B50BC69E 

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_20144653.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

Saiyen75 · Answer

Salut, 

Colle un Log hijackthis 

télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 
Dézippe le dans un dossier 
Par exemple C:\hijackthis < Enregistre le bien dans c:\

Lance le puis: 
clique sur "do a system scan and save logfile" 
faire un copier coller du log sur le forum

Merci

trinityna · Answer

ça me donne ça


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:01, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\bhij.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.asus.com/tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/tw/
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\ffi.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Saiyen75 · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing) 
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe 

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab  

_____________________________________________________

Télécharger sur le bureau 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe


= Copier ce texte : 

C:\bhij.exe 
C:\WINDOWS\system32\ffi.exe 
C:\DOCUME~1\Tina\LOCALS~1\Temp\28621571.zip
C:	uwwp.exe
C:\upaq.exe


= Double-clic sur OTMoveIt.exe 
= Dans le cadre de Gauche ==> clic-droit ==> coller 
= Clic MoveIt! 
= si redémarrage demandé==> Clic : YES 
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse 
------- 

redemarre le PC et refait un log hijackthis

_____________________________________________________

trinityna · Answer

j'ai ça

C:\bhij.exe moved successfully.
C:\WINDOWS\system32\ffi.exe moved successfully.
C:\DOCUME~1\Tina\LOCALS~1\Temp\28621571.zip moved successfully.
C:	uwwp.exe moved successfully.
C:\upaq.exe moved successfully.
 
Created on 01/21/2008 21:17:42

j'ai redémarré et ensuite j'ai ça


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:48, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.asus.com/tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/tw/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\ffi.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Saiyen75 · Answer

- Télécharger et installer AVG Anti-Spyware 7.5 (si tu ne l'as pas déjà) 

https://www.avg.com/en-ww/free-antivirus-download 

Lancer AVG Anti-Spyware. 
Cliquer sur le menu Mise à jour. 
Dans le paragraphe "Mise à jour manuelle", cliquer sur le bouton "Commencer la mise à jour". 
Attendre la fin de cette mise à jour puis fermer le programme. 




- Lance AVG Anti-Spyware 7.5 

Cliquer sur le menu" Analyse" (de la barre d'outils). 
Cliquer sur l'onglet "Paramètres". 
Dans "Comment réagir"? cliquer sur "Actions recommandées" et choisir "Quarantaine". 
Dans Comment faire l'analyse ? et dans Programmes potentiellement dangereux, vérifier que toutes les cases soient cochées. 
Vérifier que le bouton-radio "Générer un rapport après chaque analyse" soit aussi coché. 
Dans l'onglet "Analyse" 
Cliquer sur "Analyse complète du système". 
Important : Ne pas ouvrir de fenêtre, ne pas lancer de programme pendant l'exécution de AVG Anti-Spyware, car cela pourrait interférer avec le processus de recherche. 
Très important : A la fin de l'analyse, cocher tout ce qui a été trouvé puis cliquer sur " Appliquer toutes les actions" 
Ensuite. 
Cliquer sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 
(C:\Programfiles\Grisoft\AVG Antispyware 7.5\Reports ) 
Puis fermer AVG Anti-Spyware. 

_____________________________________________________

Une fois terminé, Dis moi si tu as d'autre problèmes avec MSN ? Ou sur ton ordinateur.

trinityna · Answer

ok
ensuite j'ai ça

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	22:40:40 21/01/2008

 + Résultat de l'analyse:	



HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Bureau\MSNFix\21012008_20144653.zip/backup/d.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\ddos[1].txt -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\ddos[1].txt -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\msvcrtd.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015709.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015721.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015782.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\msvcrtd.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP115\A0013196.exe -> Dialer.Agent.z : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP115\A0013197.exe -> Dialer.Agent.z : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Bureau\MSNFix\21012008_20144653.zip/backup/Dot1XCfg.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015725.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015781.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\8154ff2675af1b6e0677560871425153[1].zip/b138.exe -> Downloader.Agent.cbx : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Bureau\MSNFix\21012008_20144653.zip/backup/b122.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP116\A0013340.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015769.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015830.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Bureau\MSNFix\21012008_20144653.zip/backup/b128.exe -> Downloader.Agent.ezc : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\f4d28682d186cc6beb75f106d133f489[1].zip/b128.exe -> Downloader.Agent.ezc : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015770.exe -> Downloader.Agent.ezc : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP127\A0015831.exe -> Downloader.Agent.ezc : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip/b151.exe -> Downloader.Agent.fjn : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\drivers\ip6fw.sys -> Rootkit.Agent.pr : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.747:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.748:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.225:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.226:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.227:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.228:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.229:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.230:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.231:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.232:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.233:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.234:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.235:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.236:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.237:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.238:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.239:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.483:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.537:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.711:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.776:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.783:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.519:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.520:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.293:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.294:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.295:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.296:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.297:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.298:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.385:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.31:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.32:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.33:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.34:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.35:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.123:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.179:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.26:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.775:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@bluestreak[3].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.682:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.684:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.959:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.960:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.961:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.962:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.656:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.657:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.658:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.42:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.834:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.358:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.563:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.652:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.654:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.279:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.280:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.281:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.282:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.567:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.568:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.267:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.328:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.721:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.732:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.761:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.766:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.353:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.354:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.416:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.470:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.471:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.681:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@ehg-veohnetworksinc.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.287:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.288:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.515:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Intelli-direct : Nettoyé.
:mozilla.796:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.797:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.218:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.219:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.20:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.489:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.490:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.491:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.609:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.610:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.611:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.612:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.613:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.614:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.615:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.472:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.511:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.512:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.513:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.514:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.182:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.183:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.184:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.185:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.186:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.187:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.188:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.118:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.119:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.120:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.121:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.122:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.390:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.391:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.392:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.393:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.394:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.395:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.396:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.397:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.398:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.399:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.400:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.401:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.402:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.403:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.124:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.125:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.126:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.127:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.129:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.830:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.21:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.23:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.24:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.25:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.352:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.173:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.174:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.175:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.176:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.177:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.178:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Tina\Cookies	ina@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.880:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.881:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.882:C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\274qofw6.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
C:\System Volume Information\_restore{111F14E5-42A5-423F-BD4C-94246987D36C}\RP115\A0013180.com -> Trojan.Agent.dwd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\cprdshtvt[1].htm -> Trojan.Sinowal.gf : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

Saiyen75 · Answer

Ok trés bien, 

Télécharger sur le bureau 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

= Double-clic SDFix. 
= Clic Install 


= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes) 
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage 
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel 

------ 
= Double-clic SDFix. 
= Clic Install 
= Double-clic sur le nouveau dossier SDFix qui est dans C:\ 
= Double-clic RunThis 
= Presser Y 
= A l’invitation ==> appuyer sur une touche pour redémarrer 
= Redémarrage ( qui sera plus long ,car nettoyage en cours ) 
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix 
= apparition de Finished 
= Appuyer sur une touche 
= Dans SDFix , un rapport Report.

_____________________________________________________ 

Post un nouveau hijackthis aprés ça, et dis moi si tu as toujours tes problèmes sur msn.

trinityna · Answer

voilà:

SDFix: Version 1.130

Run by Administrateur on 22/01/2008 at 13:01

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
runtime

Path:
\??\C:\WINDOWS\System32\driversuntime.sys 

runtime - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\-79441~1 - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe.lzma - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Program Files\Fichiers communs\Carlson\carlton  - Deleted
C:\WINDOWS\system32\sft.res  - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Fichiers communs\Carlson - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 13:06:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\Tina\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Tina\xfsizo.exe"="C:\Documents and Settings\Tina\xfsizo.exe:*:Enabled:Windows Service"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri  5 Oct 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 12 Sep 2007     7,939,032 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4a882309d56e564894505aaa60eac9b1\BIT13.tmp"
Tue 11 Sep 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 20 Jan 2008        31,232 A.SHR --- "C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\htssv32.exe"

Finished! 



apparement, msn fonctionne

Saiyen75 · Answer

Ok impeccable, mais pour terminer, 

Fait un dernier Test Online avec bitDefender :

bitdefender en ligne : 

Utilise Internet Explorer
accepte l'active X
la barre anti pop-up du SP2 (en haut) se met à clignoter, clic dessus et choisis "accepter l'active X"

http://www.bitdefender.fr/scan_fr/scan8/ie.html 

- Cliquer sur J'accepte
- Start Scan
- Une fois terminé, Dans l'onglet "Problèmes détectés"
- "Cliquer ici pour exporter le rapport"
- Enregistrer sur le bureau (choisir un nom)
- Fermer le scan
- Ouvrir le fichier enregistré le copier/coller sur le forum.

_____________________________________________________

Puis aprés,post un dernier HijackThis pour etre sur.

trinityna · Answer

j'ai ça comme réponse


BitDefender Online Scanner
	

 
	

 

Rapport d'analyse généré à: Tue, Jan 22, 2008 - 21:02:32

 
	

 
	

 

Voie d'analyse: C:\;D:\;E:\;
	

 
	

 

 
	

 
	

 

Statistiques

Temps
	

00:45:10

Fichiers
	

191409

Directoires
	

3469

Secteurs de boot
	

3

Archives
	

6413

Paquets programmes
	

8034
	

 
	

 

Résultats

Virus identifiés
	

10

Fichiers infectés
	

33

Fichiers suspects
	

1

Avertissements
	

0

Désinfectés
	

0

Fichiers effacés
	

34
	

 
	

 

Info sur les moteurs

Définition virus
	

892936

Version des moteurs
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
	

14

Archive des plugins
	

38

Unpack des plugins
	

7

E-mail plugins
	

6

Système plugins
	

1
	

 
	

 

Paramètres d'analyse

Première action
	

Désinfecté

Seconde Action
	

Supprimé

Heuristique
	

Oui

Acceptez les avertissements
	

Oui

Extensions analysées
	

*;

Excludez les extensions
	

 

Analyse d'emails
	

Oui

Analyse des Archives
	

Oui

Analyser paquets programmes
	

Oui

Analyse des fichiers
	

Oui

Analyse de boot
	

Oui
	

 
	

 
 

Fichier analysé
	

 Statut

C:\WINDOWS\system32\socksys.dll
	

Infecté par: Trojan.Adclicker.GY

C:\WINDOWS\system32\socksys.dll
	

Echec de la désinfection

C:\WINDOWS\system32\socksys.dll
	

Supprimé

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YF37Z3WN\mutex_n1_21_01_08_0[2].exe
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YF37Z3WN\mutex_n1_21_01_08_0[2].exe
	

Echec de la désinfection

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YF37Z3WN\mutex_n1_21_01_08_0[2].exe
	

Supprimé

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YF37Z3WN\mutex_n1_21_01_08_0[3].exe
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YF37Z3WN\mutex_n1_21_01_08_0[3].exe
	

Echec de la désinfection

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YF37Z3WN\mutex_n1_21_01_08_0[3].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temp\loader.exe
	

Infecté par: Trojan.Kobcka.CG

C:\Documents and Settings\Tina\Local Settings\Temp\loader.exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temp\loader.exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8\mutex_n1_21_01_08_0[1].exe
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8\mutex_n1_21_01_08_0[1].exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8\mutex_n1_21_01_08_0[1].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[1].htm
	

Infecté par: Dropped:Trojan.Kobcka.CG

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[1].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[1].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[2].htm
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[2].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[2].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8\lsegihwln[1].txt
	

Infecté par: Trojan.DNSChanger.BX

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8\lsegihwln[1].txt
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8\lsegihwln[1].txt
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[3].htm
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[3].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\9F2I2DP8vljyazbq[3].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\cowboy[1].jpg
	

Infecté par: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\cowboy[1].jpg
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[1].exe
	

Infecté par: Trojan.DNSChanger.BX

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[1].exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[1].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[2].exe
	

Infecté par: Trojan.DNSChanger.BX

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[2].exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[2].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784
iushkmpx[2].htm
	

Infecté par: Trojan.Packed.EK

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784
iushkmpx[2].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784
iushkmpx[2].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[3].exe
	

Infecté par: Trojan.DNSChanger.BX

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[3].exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TGSFV784\addy[3].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\dima[1].exe
	

Suspecté de: BehavesLike:Win32.Backdoor

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\dima[1].exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\dima[1].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\a[1].exe
	

Infecté par: Trojan.Retapu.D

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\a[1].exe
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\a[1].exe
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\eixnlapsu[1].htm
	

Infecté par: Trojan.Packed.EK

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\eixnlapsu[1].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\eixnlapsu[1].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\eixnlapsu[2].htm
	

Infecté par: Trojan.Packed.EK

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\eixnlapsu[2].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\M5VAXCED\eixnlapsu[2].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[1].htm
	

Infecté par: Trojan.Peed.Gen

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[1].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[1].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[2].htm
	

Infecté par: Trojan.Peed.Gen

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[2].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[2].htm
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\lsegihwln[1].txt
	

Infecté par: Trojan.DNSChanger.BX

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\lsegihwln[1].txt
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\lsegihwln[1].txt
	

Supprimé

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[3].htm
	

Infecté par: Trojan.Peed.Gen

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[3].htm
	

Echec de la désinfection

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\TN6LQR11\zgshj[3].htm
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\m9w3l6u1g.exe
	

Infecté par: MemScan:Trojan.Dialer.VUY

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\m9w3l6u1g.exe
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\htssv32.exe
	

Infecté par: Generic.Sdbot.C87C446E

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\htssv32.exe
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe
	

Infecté par: Trojan.Peed.Gen

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe
	

Echec de la désinfection

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\cvbkwtb.exe
	

Infecté par: Dropped:Trojan.Kobcka.CG

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\cvbkwtb.exe
	

Echec de la désinfection

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\cvbkwtb.exe
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe.2
	

Infecté par: Trojan.Peed.Gen

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe.2
	

Echec de la désinfection

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe.2
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine	uwwp.exe
	

Infecté par: Trojan.DNSChanger.BX

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine	uwwp.exe
	

Echec de la désinfection

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine	uwwp.exe
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\ffi.exe
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\ffi.exe
	

Echec de la désinfection

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\ffi.exe
	

Supprimé

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe.3
	

Infecté par: Trojan.Peed.Gen

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe.3
	

Echec de la désinfection

C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\upaq.exe.3
	

Supprimé

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ffi.exe
	

Infecté par: BehavesLike:Win32.ExplorerHijack

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ffi.exe
	

Echec de la désinfection

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ffi.exe
	

Supprimé

C:\_OTMoveIt\MovedFiles	uwwp.exe
	

Infecté par: Trojan.DNSChanger.BX

C:\_OTMoveIt\MovedFiles	uwwp.exe
	

Echec de la désinfection

C:\_OTMoveIt\MovedFiles	uwwp.exe
	

Supprimé

C:\_OTMoveIt\MovedFiles\upaq.exe
	

Infecté par: Trojan.Peed.Gen

C:\_OTMoveIt\MovedFiles\upaq.exe
	

Echec de la désinfection

C:\_OTMoveIt\MovedFiles\upaq.exe
	

Supprimé

C:\SDFix\backups\backups.zip=>backups/carlton
	

Infecté par: MemScan:Trojan.Dialer.VUY

C:\SDFix\backups\backups.zip=>backups/carlton
	

Supprimé

C:\SDFix\backups\backups.zip
	

Mis à jour

Saiyen75 · Answer

ComboFix :

Télécharge combofix.exe(par sUBs) sur ton Bureau : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Double clique combofix.exe et suis les invites. 
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

_____________________________________________________

Post un Hijackthis s'il te plait.

Virus msn:'c'est pas toi ?

11 réponses

Votre réponse

Discussions similaires

Newsletters