Sujet Précédent Sujet Suivant

HELP Virus t'es tres jolie sur cette tof

Résolu
pherenike -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Comme pas mal de monde je suis en présence de ce virus.
J'ai lu les explications données à d'autres mais assez novice, je ne sais pas comment coller les rapports dans mes post.
J'ai fait msnfix + hijackthis et je suis en train d'analyser avec Malwarebytes.
Dites moi s'il vous plait déjà la manip pour copier coller dans mes post.
Merci d'avance.
A voir également:

6 réponses

Réponse 1 / 6
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
tu selectionne tout le texte que tu veux puis tu clique sur le texte selectionné avec le bouton droit puis tu fais copier
puis tu vas dans le post et tu appuye sur le bouton droit et tu fais coller

__________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
___________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
0
pherenike
 
ok bon j'essaie merciMSNFix 1.708

C:\MSNFix\MSNFix
Fix exécuté le 21/04/2008 - 18:42:16,20 By OEM
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
... C:\log.txt
... C:\Documents and Settings\OEM\??????.exe
... C:\Documents and Settings\OEM\????????.exe
... C:\WINDOWS\system32\real.txt
... C:\WINDOWS\system32\urlmsnlink.dat

************************ Recherche les dossiers présents

... \TEMP\
... C:\WINDOWS\system32\openfile\
... C:\WINDOWS\system32\updatelinkmsn\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\^ ^% %%^.exe
/!\ ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
/!\ ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
/!\ ... C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe
.. OK ... C:\log.txt
/!\ ... C:\Documents and Settings\OEM\??????.exe
.. OK ... C:\Documents and Settings\OEM\????????.exe
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\urlmsnlink.dat


************************ Suppression des dossiers

/!\ ... \TEMP\
.. OK ... C:\WINDOWS\system32\openfile\
/!\ ... C:\WINDOWS\system32\updatelinkmsn\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé
.. OK ... C:\WINDOWS\system32\^ ^% %%^.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\sporder.zip] 7E4E3BA81B06704501EDFBF64681A836
[C:\IE7-WindowsXP-x86-fra.exe] 77C9BDD28F220F2C31FC23D73125EEF7

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\OEM\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21042008_18513859.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
pherenike > pherenike
 
je continue
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 670

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 120579
Temps écoulé: 1 hour(s), 13 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\flhynx.MSNFix (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP260\A0087727.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP260\A0087734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP261\A0087753.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP261\A0087765.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0090847.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0090877.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0090915.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP262\A0091886.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmuqjd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crpnqz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jejkfk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymllpa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XY80AKCM\wv[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\OEM\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvyatikpx_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kzqoiye_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leuqjkz_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdbojru_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvyatikpx_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kzqoiye_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leuqjkz_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdbojru_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
0
Réponse 2 / 6
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
___________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
0
pherenike
 
voila le rapport de combofix
ComboFix 08-04-20.5 - OEM 2008-04-22 21:07:35.1 - NTFSx86
Endroit: C:\Documents and Settings\OEM\Bureau\Combo---Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Clément\ravmonlog
C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\#SharedObjects\8JLUDVV7\iforex.com
C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\#SharedObjects\8JLUDVV7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\OEM\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\OEM\ravmonlog
C:\Documents and Settings\OEM\real.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\% ^^^^%^^%^^^^^% %^% ^^%%%^ %^ % %^%%%%^^%.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\OEM\Application Data\Malwarebytes
2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 19:14 . 2008-04-22 19:14 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 19:13 . 2008-04-22 19:35 <REP> d-------- C:\hijackthis
2008-04-21 18:54 . 2008-04-21 18:55 <REP> d-------- C:\jolie tof
2008-04-21 18:41 . 2008-04-21 18:41 <REP> d-------- C:\MSNFix
2008-04-21 18:40 . 2008-04-21 18:40 448,731 --a------ C:\MSNFix.zip
2008-04-18 23:40 . 2008-04-18 23:40 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-04-08 16:39 . 2008-04-08 16:39 310,216 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-08 16:39 . 2008-04-08 16:39 16,384 --a------ C:\WINDOWS\~DFED9.tmp
2008-04-08 16:35 . 2008-04-08 16:35 16,384 --a------ C:\WINDOWS\~DFD555.tmp
2008-04-08 16:35 . 2008-04-08 16:35 16,384 --a------ C:\WINDOWS\~DF232.tmp
2008-04-07 16:14 . 2003-01-07 17:31 1,122,304 --------- C:\WINDOWS\NuNinst.exe
2008-04-07 16:14 . 2003-01-15 20:02 468,480 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2008-04-07 16:14 . 2003-01-16 14:03 83,560 --------- C:\WINDOWS\NuNinst.cfg
2008-04-07 16:14 . 2002-06-06 01:07 9,344 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2008-04-07 16:13 . 2003-01-07 17:31 1,122,304 --------- C:\WINDOWS\UNNMP.exe
2008-04-07 16:13 . 2003-01-16 14:03 49,331 --------- C:\WINDOWS\UNNMP.cfg
2008-04-07 16:10 . 2008-04-07 16:14 <REP> d-------- C:\Program Files\Ahead
2008-04-05 16:37 . 2008-04-05 16:38 105,220 --a------ C:\WINDOWS\hpqins16.dat
2008-04-05 15:00 . 2008-04-05 15:00 <REP> d-------- C:\Documents and Settings\OEM\Application Data\Yahoo!
2008-04-05 15:00 . 2008-04-05 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-04 18:01 . 2008-04-07 16:07 <REP> d-------- C:\Documents and Settings\OEM\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:27 --------- d-----w C:\Documents and Settings\OEM\Application Data\vmntoolbar
2008-04-22 16:45 --------- d-----w C:\Program Files\eMule
2008-04-22 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-21 16:05 --------- d-----w C:\Program Files\Online_TV
2008-04-15 13:30 --------- d-----w C:\Program Files\FinePixViewer
2008-04-07 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
2008-04-07 15:42 --------- d-----w C:\Program Files\MySpace
2008-04-05 12:59 --------- d-----w C:\Program Files\Yahoo!
2008-04-05 12:59 --------- d-----w C:\Program Files\DivX
2008-04-03 22:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-03 20:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-30 12:48 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-25 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 13:21 --------- d-----w C:\Program Files\Java
2008-03-07 13:03 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-03-07 13:03 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-03-07 12:40 13,035 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 12:39 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 12:39 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-27 17:45 --------- d-----w C:\Program Files\Windows Live
2008-02-24 14:25 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-02-24 14:25 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 18:20 14,771,744 ----a-w C:\IE7-WindowsXP-x86-fra.exe
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-14 18:12 2,402,832 ----a-w C:\WLinstaller.exe
2008-02-01 19:56 16,384 -c--a-w C:\WINDOWS\~DFB0EB.tmp
2008-02-01 19:53 16,384 -c--a-w C:\WINDOWS\~DFC3F2.tmp
2008-02-01 19:52 16,384 -c--a-w C:\WINDOWS\~DF43D6.tmp
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-24 10:12 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-02 20:13 16384]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 07:00 144384]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 438359]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 09:58 1836544]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 07:00 59392]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [ ]
"LaunchApp"="Alaunch" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 07:00 208952]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 18:00 397312]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"OPTENET_GUI"="C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe" [2007-01-08 17:35 375424]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 01:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-24 16:24 185896]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-01-15 19:29 1220608]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\OEM\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\Combo---Fix\lnkread.vbs".
L'ex‚cution du script a pris fin.

C:\Documents and Settings\OEM\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
Personal Player.lnk - C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe [2007-11-19 17:09:51 442368]
PhotoWise QuickLink.lnk - C:\Program Files\PhotoWise\quicklnk.exe [2006-10-31 11:20:47 61952]

C:\Documents and Settings\OEM\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
Personal Player.lnk - C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe [2007-11-19 17:09:51 442368]
PhotoWise QuickLink.lnk - C:\Program Files\PhotoWise\quicklnk.exe [2006-10-31 11:20:47 61952]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-14 15:42:41 110592]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-07-11 10:54:59 294912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-07-01 13:05:06 217088]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-02 20:13:14 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-01 17:15:57 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.enc"= ITIG726.acm
"VIDC.NTN1"= nuvision.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\StubInstaller.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16562:TCP"= 16562:TCP:NortonAV
"15176:TCP"= 15176:TCP:NortonAV
"14814:TCP"= 14814:TCP:NortonAV
"16415:TCP"= 16415:TCP:NortonAV
"15193:TCP"= 15193:TCP:NortonAV
"12335:TCP"= 12335:TCP:NortonAV
"14103:TCP"= 14103:TCP:NortonAV
"14126:TCP"= 14126:TCP:NortonAV
"13145:TCP"= 13145:TCP:NortonAV
"15657:TCP"= 15657:TCP:NortonAV
"16312:TCP"= 16312:TCP:NortonAV
"15237:TCP"= 15237:TCP:NortonAV
"14807:TCP"= 14807:TCP:NortonAV
"13496:TCP"= 13496:TCP:NortonAV
"17067:TCP"= 17067:TCP:NortonAV
"18481:TCP"= 18481:TCP:NortonAV
"13987:TCP"= 13987:TCP:NortonAV
"15925:TCP"= 15925:TCP:NortonAV
"12625:TCP"= 12625:TCP:NortonAV

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 01:07]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 09:00]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-15 20:02]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
R2 OPTENET_FILTER;Contrôle Parental Club Internet;C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe [2007-01-08 17:50]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 06:09]
S3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-28 17:37]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-01-31 16:36]
S3 NuVision;Hauppauge WinTV USB Pro (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 16:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc97803-0225-11dd-a70f-0016ec9f947e}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

*Newly Created Service* - INT15.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-20 10:03:47 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - OEM.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-04-22 19:18:40 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-22 16:07:50 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ACER-755E621E64_Melow.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 21:11:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-22 21:19:23
ComboFix-quarantined-files.txt 2008-04-22 19:19:08

Pre-Run: 28,458,999,808 octets libres
Post-Run: 29,874,692,096 octets libres

278 --- E O F --- 2008-04-09 06:26:29
0
Réponse 3 / 6
pherenike
 
rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:44, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O4 - .DEFAULT Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe (User 'Default user')
O4 - .DEFAULT Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\sista clarisse wonderwoman Web hottest videos personal player.exe
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c5ff3362902a411eb362c9799f556b72
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c5ff3362902a411eb362c9799f556b72
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.magicmaman.com/shim.gif
0
Réponse 4 / 6
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
encore un problème?
0
pherenike
 
NON !!!!
Plus de blem !!!!
Je ne me suis pas connectée sur msn pendant longtemps 1/2 h environ mais apparemment le problème est résolu, les fenêtres de conversations ne s'ouvrent plus intempestivement.
Pourvu que cela dure !!!
JE TIENS A TE REMERCIER jlpjlp, c'est SUPER.
MERCI. :) :) :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok bonne suite

tu peux virer les logiciels que je t'ai fais utilisés
0
pherenike
 
ok c'est a dire ?
Combofix, hijackthis, malwarebytes ?
0
Réponse 6 / 6
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui vire, hijackthis, combofix , msnfix,

tu peux garder en complement de norton:
MalwareByte's Anti-Malware

bonne continuation
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses