Ta tof sur ce site
mag29000
-
souhaila -
souhaila -
Bonjour,
comme beaucoup ici, je me suis fait piégée par ce virus. J' ai suivis vos conseils mais j avoue que je suis pas très douée a ce stade la.
je vous envoi le bloc note et ensuite le scan hijackthis si quelqu un peut m aider suis complètement paumée la
Merci
MSNFix 1.679
C:\Documents and Settings\Arnaud\Bureau\MSNFix
Fix exécuté le 10/03/2008 - 23:41:05,65 By Arnaud
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WinTouch.exe
... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\InetGet2\emg.exe
... C:\Program Files\InetGet2\emg.exe
... C:\Program Files\JavaCore\JavaCore.exe
... C:\Program Files\JavaCore\UnInstall.exe
... C:\Program Files\MapEDC\IDE.stt
... C:\Program Files\MapEDC\MapEDC.exe
... C:\Program Files\NoDNS\NoDNS.exe
... C:\Program Files\NoDNS\UnInstall.exe
... C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
... C:\Documents and Settings\Arnaud\??????.exe
... C:\Documents and Settings\Arnaud\????????.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\system32\real.txt
... C:\WINDOWS\system32\WinNB58.dll
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\wintouch.cfg
/!\ ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\InetGet2\emg.exe
.. OK ... C:\Program Files\InetGet2\emg.exe
.. OK ... C:\Program Files\JavaCore\JavaCore.exe
.. OK ... C:\Program Files\JavaCore\UnInstall.exe
/!\ ... C:\Program Files\MapEDC\IDE.stt
.. OK ... C:\Program Files\MapEDC\MapEDC.exe
.. OK ... C:\Program Files\NoDNS\NoDNS.exe
.. OK ... C:\Program Files\NoDNS\UnInstall.exe
/!\ ... C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\Documents and Settings\Arnaud\??????.exe
.. OK ... C:\Documents and Settings\Arnaud\????????.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\WinNB58.dll
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\MapEDC\IDE.stt
.. OK ... C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\aawsepersonal.exe] 13028A5BBAFF94C2F138BBEBB3BF389E
[C:\cw_install.exe] 1A5BB9F966EDF2D4CF0D64F8D6702BA3
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Arnaud\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10032008_23474996.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:21, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\NetMeeting\hosycaty77798.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {42948D69-764E-467A-8BD6-B8103B8B6E38} - C:\Program Files\Outlook Express\rovewu777444.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [hosycaty] C:\Program Files\NetMeeting\hosycaty77798.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Arnaud\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: BrowserAppletNew - file://C:\Program Files\easyplanet\BrowserNew.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {30D94366-C60E-4E54-B415-0AA885F8AE25} (Cam09.Chargement) - http://www.libersud.net/LiberChat.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {845EB602-4C10-4D07-A9AF-09F2B71E5798} (Cam09.LiberChat) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {8D59F3B9-1DB1-417B-9FD3-5F2BF039DFBC} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AFBB8424-7D8A-4473-8383-5A9CF8DB0561} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD0B78C2-BA2F-46E8-89EF-BDE54CADF8F8} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D406FB83-87AE-4E82-8CF5-D236536D6348}: NameServer = 192.168.30.1
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrta.html
comme beaucoup ici, je me suis fait piégée par ce virus. J' ai suivis vos conseils mais j avoue que je suis pas très douée a ce stade la.
je vous envoi le bloc note et ensuite le scan hijackthis si quelqu un peut m aider suis complètement paumée la
Merci
MSNFix 1.679
C:\Documents and Settings\Arnaud\Bureau\MSNFix
Fix exécuté le 10/03/2008 - 23:41:05,65 By Arnaud
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WinTouch.exe
... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\InetGet2\emg.exe
... C:\Program Files\InetGet2\emg.exe
... C:\Program Files\JavaCore\JavaCore.exe
... C:\Program Files\JavaCore\UnInstall.exe
... C:\Program Files\MapEDC\IDE.stt
... C:\Program Files\MapEDC\MapEDC.exe
... C:\Program Files\NoDNS\NoDNS.exe
... C:\Program Files\NoDNS\UnInstall.exe
... C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
... C:\Documents and Settings\Arnaud\??????.exe
... C:\Documents and Settings\Arnaud\????????.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\system32\real.txt
... C:\WINDOWS\system32\WinNB58.dll
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\wintouch.cfg
/!\ ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\InetGet2\emg.exe
.. OK ... C:\Program Files\InetGet2\emg.exe
.. OK ... C:\Program Files\JavaCore\JavaCore.exe
.. OK ... C:\Program Files\JavaCore\UnInstall.exe
/!\ ... C:\Program Files\MapEDC\IDE.stt
.. OK ... C:\Program Files\MapEDC\MapEDC.exe
.. OK ... C:\Program Files\NoDNS\NoDNS.exe
.. OK ... C:\Program Files\NoDNS\UnInstall.exe
/!\ ... C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\Documents and Settings\Arnaud\??????.exe
.. OK ... C:\Documents and Settings\Arnaud\????????.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\WinNB58.dll
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WinTouch.exe
.. OK ... C:\DOCUME~1\Arnaud\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\MapEDC\IDE.stt
.. OK ... C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\aawsepersonal.exe] 13028A5BBAFF94C2F138BBEBB3BF389E
[C:\cw_install.exe] 1A5BB9F966EDF2D4CF0D64F8D6702BA3
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Arnaud\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10032008_23474996.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:21, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\NetMeeting\hosycaty77798.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Arnaud\LOCALS~1\Temp\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {42948D69-764E-467A-8BD6-B8103B8B6E38} - C:\Program Files\Outlook Express\rovewu777444.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [hosycaty] C:\Program Files\NetMeeting\hosycaty77798.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Arnaud\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: BrowserAppletNew - file://C:\Program Files\easyplanet\BrowserNew.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {30D94366-C60E-4E54-B415-0AA885F8AE25} (Cam09.Chargement) - http://www.libersud.net/LiberChat.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {845EB602-4C10-4D07-A9AF-09F2B71E5798} (Cam09.LiberChat) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {8D59F3B9-1DB1-417B-9FD3-5F2BF039DFBC} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AFBB8424-7D8A-4473-8383-5A9CF8DB0561} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD0B78C2-BA2F-46E8-89EF-BDE54CADF8F8} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D406FB83-87AE-4E82-8CF5-D236536D6348}: NameServer = 192.168.30.1
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrta.html
A voir également:
- Ta tof sur ce site
- Site de telechargement - Accueil - Outils
- Site x - Guide
- Site pour partager des photos - Guide
- Quel site remplace coco - Accueil - Réseaux sociaux
- Site comme coco - Accueil - Réseaux sociaux
3 réponses
A effacer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Arnaud\Application Data\Microsoft\Windows\rayiou.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: BrowserAppletNew - file://C:\Program Files\easyplanet\BrowserNew.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {30D94366-C60E-4E54-B415-0AA885F8AE25} (Cam09.Chargement) - http://www.libersud.net/LiberChat.CAB
O16 - DPF: {845EB602-4C10-4D07-A9AF-09F2B71E5798} (Cam09.LiberChat) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {8D59F3B9-1DB1-417B-9FD3-5F2BF039DFBC} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {AFBB8424-7D8A-4473-8383-5A9CF8DB0561} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {DD0B78C2-BA2F-46E8-89EF-BDE54CADF8F8} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrta.html
***
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Arnaud\Application Data\Microsoft\Windows\rayiou.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: BrowserAppletNew - file://C:\Program Files\easyplanet\BrowserNew.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/
O16 - DPF: {254E4AA8-659F-4A93-A9D2-C924F5975DCD} (Cam09.Chargement) - http://www.libersud.net/Liber'Chat.CAB
O16 - DPF: {30D94366-C60E-4E54-B415-0AA885F8AE25} (Cam09.Chargement) - http://www.libersud.net/LiberChat.CAB
O16 - DPF: {845EB602-4C10-4D07-A9AF-09F2B71E5798} (Cam09.LiberChat) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {8D59F3B9-1DB1-417B-9FD3-5F2BF039DFBC} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {AFBB8424-7D8A-4473-8383-5A9CF8DB0561} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O16 - DPF: {DD0B78C2-BA2F-46E8-89EF-BDE54CADF8F8} (Cam09.Chargement) - http://www.libersud.com/LiberChat.CAB
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrta.html
***
