HELP Virus t'es tres jolie sur cette tof

Résolu
pherenike -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Comme pas mal de monde je suis en présence de ce virus.
J'ai lu les explications données à d'autres mais assez novice, je ne sais pas comment coller les rapports dans mes post.
J'ai fait msnfix + hijackthis et je suis en train d'analyser avec Malwarebytes.
Dites moi s'il vous plait déjà la manip pour copier coller dans mes post.
Merci d'avance.
Configuration: Windows XP
Internet Explorer 6.0

6 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    tu selectionne tout le texte que tu veux puis tu clique sur le texte selectionné avec le bouton droit puis tu fais copier
    puis tu vas dans le post et tu appuye sur le bouton droit et tu fais coller

    __________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ___________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    0
    1. pherenike
       
      ok bon j'essaie merciMSNFix 1.708

      C:\MSNFix\MSNFix
      Fix exécuté le 21/04/2008 - 18:42:16,20 By OEM
      mode normal

      ************************ Recherche les fichiers présents

      ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
      ... C:\log.txt
      ... C:\Documents and Settings\OEM\??????.exe
      ... C:\Documents and Settings\OEM\????????.exe
      ... C:\WINDOWS\system32\real.txt
      ... C:\WINDOWS\system32\urlmsnlink.dat

      ************************ Recherche les dossiers présents

      ... \TEMP\
      ... C:\WINDOWS\system32\openfile\
      ... C:\WINDOWS\system32\updatelinkmsn\




      ************************ Suppression des fichiers

      .. OK ... C:\WINDOWS\system32\^ ^% %%^.exe
      /!\ ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
      /!\ ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
      /!\ ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
      .. OK ... C:\log.txt
      /!\ ... C:\Documents and Settings\OEM\??????.exe
      .. OK ... C:\Documents and Settings\OEM\????????.exe
      .. OK ... C:\WINDOWS\system32\real.txt
      .. OK ... C:\WINDOWS\system32\urlmsnlink.dat


      ************************ Suppression des dossiers

      /!\ ... \TEMP\
      .. OK ... C:\WINDOWS\system32\openfile\
      /!\ ... C:\WINDOWS\system32\updatelinkmsn\


      ************************ Nettoyage du registre



      Les fichiers encore présents seront supprimés au prochain redémarrage


      Aucun Fichier trouvé
      .. OK ... C:\WINDOWS\system32\^ ^% %%^.exe



      ************************ Fichiers suspects

      /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

      [C:\WINDOWS\sporder.zip] 7E4E3BA81B06704501EDFBF64681A836
      [C:\IE7-WindowsXP-x86-fra.exe] 77C9BDD28F220F2C31FC23D73125EEF7

      [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\OEM\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



      Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21042008_18513859.zip

      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------
      0
      1. pherenike > pherenike
         
        je continue
        Malwarebytes' Anti-Malware 1.11
        Version de la base de données: 670

        Type de recherche: Examen complet (C:\|D:\|)
        Eléments examinés: 120579
        Temps écoulé: 1 hour(s), 13 minute(s), 53 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 29
        Valeur(s) du Registre infectée(s): 2
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 8
        Fichier(s) infecté(s): 28

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\flhynx.MSNFix (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP260\A0087727.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP260\A0087734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP261\A0087753.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP261\A0087765.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0090847.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0090877.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0090915.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0091886.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\cmuqjd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\crpnqz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jejkfk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ymllpa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XY80AKCM\wv[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jvyatikpx_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\kzqoiye_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\leuqjkz_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\sdbojru_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jvyatikpx_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\kzqoiye_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\leuqjkz_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\sdbojru_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
        0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ___________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    0
    1. pherenike
       
      voila le rapport de combofix
      ComboFix 08-04-20.5 - OEM 2008-04-22 21:07:35.1 - NTFSx86
      Endroit: C:\Documents and Settings\OEM\Bureau\Combo---Fix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Clément\ravmonlog
      C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\#SharedObjects\8JLUDVV7\iforex.com
      C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\#SharedObjects\8JLUDVV7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\Documents and Settings\OEM\ravmonlog
      C:\Documents and Settings\OEM\real.txt
      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\OEM\Application Data\Malwarebytes
      2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-22 19:14 . 2008-04-22 19:14 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-22 19:13 . 2008-04-22 19:35 <REP> d-------- C:\hijackthis
      2008-04-21 18:54 . 2008-04-21 18:55 <REP> d-------- C:\jolie tof
      2008-04-21 18:41 . 2008-04-21 18:41 <REP> d-------- C:\MSNFix
      2008-04-21 18:40 . 2008-04-21 18:40 448,731 --a------ C:\MSNFix.zip
      2008-04-18 23:40 . 2008-04-18 23:40 0 --a------ C:\WINDOWS\system32\real.MSNFix
      2008-04-08 16:39 . 2008-04-08 16:39 310,216 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
      2008-04-08 16:39 . 2008-04-08 16:39 16,384 --a------ C:\WINDOWS\~DFED9.tmp
      2008-04-08 16:35 . 2008-04-08 16:35 16,384 --a------ C:\WINDOWS\~DFD555.tmp
      2008-04-08 16:35 . 2008-04-08 16:35 16,384 --a------ C:\WINDOWS\~DF232.tmp
      2008-04-07 16:14 . 2003-01-07 17:31 1,122,304 --------- C:\WINDOWS\NuNinst.exe
      2008-04-07 16:14 . 2003-01-15 20:02 468,480 --------- C:\WINDOWS\system32\drivers\bsudf.sys
      2008-04-07 16:14 . 2003-01-16 14:03 83,560 --------- C:\WINDOWS\NuNinst.cfg
      2008-04-07 16:14 . 2002-06-06 01:07 9,344 --------- C:\WINDOWS\system32\drivers\bsstor.sys
      2008-04-07 16:13 . 2003-01-07 17:31 1,122,304 --------- C:\WINDOWS\UNNMP.exe
      2008-04-07 16:13 . 2003-01-16 14:03 49,331 --------- C:\WINDOWS\UNNMP.cfg
      2008-04-07 16:10 . 2008-04-07 16:14 <REP> d-------- C:\Program Files\Ahead
      2008-04-05 16:37 . 2008-04-05 16:38 105,220 --a------ C:\WINDOWS\hpqins16.dat
      2008-04-05 15:00 . 2008-04-05 15:00 <REP> d-------- C:\Documents and Settings\OEM\Application Data\Yahoo!
      2008-04-05 15:00 . 2008-04-05 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-04-04 18:01 . 2008-04-07 16:07 <REP> d-------- C:\Documents and Settings\OEM\Application Data\U3

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-22 18:27 --------- d-----w C:\Documents and Settings\OEM\Application Data\vmntoolbar
      2008-04-22 16:45 --------- d-----w C:\Program Files\eMule
      2008-04-22 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-04-21 16:05 --------- d-----w C:\Program Files\Online_TV
      2008-04-15 13:30 --------- d-----w C:\Program Files\FinePixViewer
      2008-04-07 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
      2008-04-07 15:42 --------- d-----w C:\Program Files\MySpace
      2008-04-05 12:59 --------- d-----w C:\Program Files\Yahoo!
      2008-04-05 12:59 --------- d-----w C:\Program Files\DivX
      2008-04-03 22:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-04-03 20:26 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-30 12:48 --------- d-----w C:\Program Files\Norton AntiVirus
      2008-03-25 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-14 13:21 --------- d-----w C:\Program Files\Java
      2008-03-07 13:03 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
      2008-03-07 13:03 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
      2008-03-07 12:40 13,035 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
      2008-03-07 12:40 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
      2008-03-07 12:39 39,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys
      2008-03-07 12:39 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
      2008-03-07 12:39 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
      2008-03-07 12:39 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
      2008-03-07 12:39 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
      2008-03-07 12:39 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
      2008-03-07 12:39 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
      2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
      2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
      2008-02-27 17:45 --------- d-----w C:\Program Files\Windows Live
      2008-02-24 14:25 --------- d-----w C:\Program Files\Fichiers communs\xing shared
      2008-02-24 14:25 --------- d-----w C:\Program Files\Fichiers communs\Real
      2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
      2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
      2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-19 18:20 14,771,744 ----a-w C:\IE7-WindowsXP-x86-fra.exe
      2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
      2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
      2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
      2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
      2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
      2008-02-14 18:12 2,402,832 ----a-w C:\WLinstaller.exe
      2008-02-01 19:56 16,384 -c--a-w C:\WINDOWS\~DFB0EB.tmp
      2008-02-01 19:53 16,384 -c--a-w C:\WINDOWS\~DFC3F2.tmp
      2008-02-01 19:52 16,384 -c--a-w C:\WINDOWS\~DF43D6.tmp
      2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
      2008-01-24 10:12 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-02 20:13 16384]
      "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
      "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
      "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 07:00 144384]
      "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 438359]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 09:58 1836544]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00 455168]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 07:00 59392]
      "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [ ]
      "LaunchApp"="Alaunch" []
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 07:00 208952]
      "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 18:00 397312]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
      "OPTENET_GUI"="C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe" [2007-01-08 17:35 375424]
      "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 01:11 771704]
      "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-24 16:24 185896]
      "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-01-15 19:29 1220608]
      "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      C:\Documents and Settings\OEM\Menu D‚marrer\Programmes\D‚marrage\
      Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
      Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\Combo---Fix\lnkread.vbs".
      L'ex‚cution du script a pris fin.

      C:\Documents and Settings\OEM\Menu D‚marrer\Programmes\D‚marrage\
      Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
      Personal Player.lnk - C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe [2007-11-19 17:09:51 442368]
      PhotoWise QuickLink.lnk - C:\Program Files\PhotoWise\quicklnk.exe [2006-10-31 11:20:47 61952]

      C:\Documents and Settings\OEM\Menu D‚marrer\Programmes\D‚marrage\
      Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
      Personal Player.lnk - C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe [2007-11-19 17:09:51 442368]
      PhotoWise QuickLink.lnk - C:\Program Files\PhotoWise\quicklnk.exe [2006-10-31 11:20:47 61952]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-14 15:42:41 110592]
      Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-07-11 10:54:59 294912]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
      LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-07-01 13:05:06 217088]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-02 20:13:14 169472]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-01 17:15:57 125624]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
      "msacm.alf2cd"= alf2cd.acm
      "msacm.enc"= ITIG726.acm
      "VIDC.NTN1"= nuvision.ax

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\WINDOWS\\system32\\rundll32.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\StubInstaller.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "16562:TCP"= 16562:TCP:NortonAV
      "15176:TCP"= 15176:TCP:NortonAV
      "14814:TCP"= 14814:TCP:NortonAV
      "16415:TCP"= 16415:TCP:NortonAV
      "15193:TCP"= 15193:TCP:NortonAV
      "12335:TCP"= 12335:TCP:NortonAV
      "14103:TCP"= 14103:TCP:NortonAV
      "14126:TCP"= 14126:TCP:NortonAV
      "13145:TCP"= 13145:TCP:NortonAV
      "15657:TCP"= 15657:TCP:NortonAV
      "16312:TCP"= 16312:TCP:NortonAV
      "15237:TCP"= 15237:TCP:NortonAV
      "14807:TCP"= 14807:TCP:NortonAV
      "13496:TCP"= 13496:TCP:NortonAV
      "17067:TCP"= 17067:TCP:NortonAV
      "18481:TCP"= 18481:TCP:NortonAV
      "13987:TCP"= 13987:TCP:NortonAV
      "15925:TCP"= 15925:TCP:NortonAV
      "12625:TCP"= 12625:TCP:NortonAV

      R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 01:07]
      R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 09:00]
      R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-15 20:02]
      R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
      R2 OPTENET_FILTER;Contrôle Parental Club Internet;C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe [2007-01-08 17:50]
      R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 06:09]
      S3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-28 17:37]
      S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-01-31 16:36]
      S3 NuVision;Hauppauge WinTV USB Pro (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 16:40]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc97803-0225-11dd-a70f-0016ec9f947e}]
      \Shell\AutoRun\command - J:\LaunchU3.exe -a

      *Newly Created Service* - INT15.SYS

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-20 10:03:47 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - OEM.job"
      - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
      "2008-04-22 19:18:40 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      "2008-04-22 16:07:50 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ACER-755E621E64_Melow.job"
      - C:\WINDOWS\system32\mobsync.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-22 21:11:33
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-22 21:19:23
      ComboFix-quarantined-files.txt 2008-04-22 19:19:08

      Pre-Run: 28,458,999,808 octets libres
      Post-Run: 29,874,692,096 octets libres

      278 --- E O F --- 2008-04-09 06:26:29
      0
  3. pherenike
     
    rapport hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:24:44, on 22/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\Program Files\PhotoWise\quicklnk.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
    O4 - .DEFAULT Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe (User 'Default user')
    O4 - .DEFAULT Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'Default user')
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe
    O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Exif Launcher 2.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c5ff3362902a411eb362c9799f556b72
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c5ff3362902a411eb362c9799f556b72
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O24 - Desktop Component 0: (no name) - http://www.magicmaman.com/shim.gif
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    encore un problème?
    0
    1. pherenike
       
      NON !!!!
      Plus de blem !!!!
      Je ne me suis pas connectée sur msn pendant longtemps 1/2 h environ mais apparemment le problème est résolu, les fenêtres de conversations ne s'ouvrent plus intempestivement.
      Pourvu que cela dure !!!
      JE TIENS A TE REMERCIER jlpjlp, c'est SUPER.
      MERCI. :) :) :)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok bonne suite

    tu peux virer les logiciels que je t'ai fais utilisés
    0
    1. pherenike
       
      ok c'est a dire ?
      Combofix, hijackthis, malwarebytes ?
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui vire, hijackthis, combofix , msnfix,

    tu peux garder en complement de norton:
    MalwareByte's Anti-Malware

    bonne continuation
    0