Sujet Précédent Sujet Suivant

Virtumonde - un autre !

Résolu
daniel89440 Messages postés 16 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Diagnostic : pc lent + impossible d'accéder à google via firefox
j'ai tenté déjà plusieurs choses sans succès.
spybot m'indique des dll virtumonde qu'il ne peut supprimer.
je suis allé sur le site de Mickael Barroux mais les symptomes qu'il décrit : doublement de slignes 02 / 20 ne se rencontre pas.

J'ai fait tourner combo fix
il m'a signalé un erreur de chargement sur c\windows\system32\ojmscjm.dll

voici le rapport de combofix :
ComboFix 08-05-15.3 - Marie 2008-05-16 13:19:32.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Marie\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cvbdsnpn.exe
C:\WINDOWS\system32\dmvufwpo.exe
C:\WINDOWS\system32\gnjxbdct.exe
C:\WINDOWS\system32\iytdvnxk.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxfikrtk.ini
C:\WINDOWS\system32\pthtyidf.exe
C:\WINDOWS\system32\qfidhssj.ini
C:\WINDOWS\system32\qorxtldd.ini
C:\WINDOWS\system32\rlyufyeg.exe
C:\WINDOWS\system32\scaluwit.exe
C:\WINDOWS\SYSTEM32\sehyhsog.ini
C:\WINDOWS\system32\styfsioj.exe
C:\WINDOWS\system32\timaeyfv.exe
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini2
C:\WINDOWS\system32\xctuurbv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 14:56 . 2008-05-15 14:59 1,854 ---hs---- C:\WINDOWS\SYSTEM32\wnyxoidd.ini
2008-05-15 14:46 . 2008-05-15 14:46 126,528 --------- C:\WINDOWS\SYSTEM32\ojmscjnm.dll_old
2008-05-13 19:21 . 2008-05-15 14:43 1,794 ---hs---- C:\WINDOWS\SYSTEM32\dughcuky.ini
2008-05-13 19:15 . 2008-05-13 19:15 135,232 --------- C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
2008-05-13 19:10 . 2008-05-13 19:10 124,480 --------- C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
2008-05-13 06:41 . 2008-05-13 06:41 <REP> d-------- C:\Program Files\Yahoo!
2008-05-13 06:41 . 2008-05-13 06:42 <REP> d-------- C:\Program Files\CCleaner
2008-05-12 17:15 . 2008-05-12 17:15 132,672 --------- C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
2008-05-12 17:14 . 2008-05-12 17:14 369,152 --------- C:\WINDOWS\SYSTEM32\ljJBurRj.dll
2008-05-11 23:51 . 2008-05-11 23:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 23:51 . 2008-05-12 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-11 17:30 . 2008-05-11 17:32 <REP> d-------- C:\Program Files\Unlocker
2008-05-11 17:30 . 2008-05-11 17:30 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Desktopicon
2008-05-11 12:20 . 2008-05-11 12:20 134,656 --a------ C:\WINDOWS\SYSTEM32\kdtrvyck.dll
2008-05-11 12:11 . 2008-05-11 12:11 125,440 --a------ C:\WINDOWS\SYSTEM32\ekdctslc.dll
2008-05-10 21:41 . 2008-05-10 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 21:39 . 2008-05-10 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 12:40 . 2008-05-10 12:40 <REP> d-------- C:\Documents and Settings\Marie\Application Data\reparateurdesysteme
2008-05-10 12:35 . 2008-05-10 12:35 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-05-10 12:25 . 2008-05-10 13:26 <REP> d-------- C:\Program Files\MalwareWar 7.3
2008-05-10 12:25 . 2008-05-10 13:26 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 12:05 . 2008-05-10 11:57 263,192 --a------ C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
2008-05-10 11:17 . 2008-05-10 11:17 133,632 --a------ C:\WINDOWS\SYSTEM32\ffxtbteg.dll
2008-05-10 11:08 . 2008-05-10 11:08 126,464 --a------ C:\WINDOWS\SYSTEM32\gkvfistq.dll
2008-05-09 11:17 . 2008-05-09 11:17 114,176 --------- C:\WINDOWS\SYSTEM32\ktrkifxm.dll
2008-05-09 11:14 . 2008-05-09 11:14 133,632 --a------ C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
2008-05-09 11:09 . 2008-05-09 11:09 125,440 --a------ C:\WINDOWS\SYSTEM32\asmyvypk.dll
2008-05-08 18:17 . 2008-05-08 18:17 125,952 --a------ C:\WINDOWS\SYSTEM32\fkfsldyw.dll
2008-05-08 18:12 . 2008-05-08 18:12 116,736 --a------ C:\WINDOWS\SYSTEM32\stkglvxg.dll
2008-05-08 18:12 . 2008-05-15 16:32 109,858 --a------ C:\WINDOWS\BM679eeb19.xml
2008-05-08 18:12 . 2008-05-08 18:12 108,544 --------- C:\WINDOWS\SYSTEM32\goshyhes.dll
2008-04-27 06:34 . 2008-04-27 06:34 268 --ah----- C:\sqmdata04.sqm
2008-04-27 06:34 . 2008-04-27 06:34 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 02:40 --------- d-----w C:\Program Files\BearShare
2008-05-11 05:36 --------- d-----w C:\Program Files\eMule
2008-05-10 18:53 --------- d-----w C:\Documents and Settings\Marie\Application Data\SiteAdvisor
2008-05-10 16:15 --------- d-----w C:\Program Files\MSN Messenger
2008-05-10 14:41 --------- d-----w C:\Program Files\Lavasoft
2008-05-05 09:59 --------- d-----w C:\Program Files\FinePixViewer
2008-04-08 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 17:51 --------- d-----w C:\Documents and Settings\Daniel\Application Data\SiteAdvisor
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-04 15:45 606,848 -c--a-w C:\WINDOWS\flashax.exe
2008-03-04 15:45 194,560 ----a-w C:\WINDOWS\screensaver_cadeau_magique.scr
2008-03-04 15:45 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-16 22:32 3,080,704 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-01-12 20:57 81,920 ----a-w C:\Documents and Settings\Marie\Application Data\ezpinst.exe
2008-01-12 20:57 47,360 -c--a-w C:\Documents and Settings\Marie\Application Data\pcouffin.sys
2006-08-25 13:14 590,528,652 ----a-w C:\Program Files\premierepro.zip
2005-12-20 19:48 2,000,324 ------w C:\Program Files\cdex_151.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01C0C00C-E2F4-4AC3-AECE-A5B318E3123A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{370AA30E-59C4-467F-BB02-264B4ED559FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8911E83E-D6F0-4701-8716-294F19FF901B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B043184-F455-48F9-9507-7A5972B30A0C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB5009EE-3B4D-4612-9A7E-8313FD419003}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E55DBAF9-651A-40EA-9D68-47B5356D7716}]
2008-05-12 17:14 369152 --------- C:\WINDOWS\system32\ljJBurRj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED8FEBDD-93AF-4CF2-8628-2190765996BC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 17:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 18:06 196608]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 04:18 443968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 23:35 3587120]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 22:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-20 00:48 32881]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 03:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 03:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 23:54 57344]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 08:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 08:05 127035]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-08 20:11 26112]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" [2005-12-29 17:29 190024]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 17:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 18:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 18:24 217088]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 15:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 15:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 15:36 114688]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-01-29 18:07 3718312]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 11:46 1838592]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-06 02:10 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 03:32 53248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 01:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 05:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 19:10 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 11:15 15872]
"BM679eeb19"="C:\WINDOWS\system32\ojmscjnm.dll" [ ]
"combofix"="C:\WINDOWS\system32\CF6773.exe" [2004-08-05 19:00 400896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 19:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 23:50]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 00:25]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 05:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 00:08:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:00:37 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2005-03-17 08:41:39 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"

enfin le résultat du scan fait ensuite par hijackthis rebaptisé scanner.exe :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51, on 2008-05-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marie\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {01C0C00C-E2F4-4AC3-AECE-A5B318E3123A} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {370AA30E-59C4-467F-BB02-264B4ED559FC} - (no file)
O2 - BHO: (no name) - {52EBE146-B3D8-4900-9E66-DABEE60AF61C} - C:\WINDOWS\system32\ljJBurRj.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8911E83E-D6F0-4701-8716-294F19FF901B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B043184-F455-48F9-9507-7A5972B30A0C} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CB5009EE-3B4D-4612-9A7E-8313FD419003} - (no file)
O2 - BHO: (no name) - {ED8FEBDD-93AF-4CF2-8628-2190765996BC} - (no file)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BM679eeb19] Rundll32.exe "C:\WINDOWS\system32\ojmscjnm.dll",s
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF6773.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?012ae12d51d84cffa9c8f4e3abe6ff5c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?012ae12d51d84cffa9c8f4e3abe6ff5c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58CB4718-A59C-48C7-ADDC-DD9CE5943BF4}: NameServer = 81.253.149.1 80.10.246.3
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

15 réponses

Réponse 1 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok il en reste!

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm

O2 - BHO: (no name) - {01C0C00C-E2F4-4AC3-AECE-A5B318E3123A} - (no file)
O2 - BHO: (no name) - {370AA30E-59C4-467F-BB02-264B4ED559FC} - (no file)

O2 - BHO: (no name) - {8911E83E-D6F0-4701-8716-294F19FF901B} - (no file)

O2 - BHO: (no name) - {9B043184-F455-48F9-9507-7A5972B30A0C} - (no file)

O2 - BHO: (no name) - {CB5009EE-3B4D-4612-9A7E-8313FD419003} - (no file)
O2 - BHO: (no name) - {ED8FEBDD-93AF-4CF2-8628-2190765996BC} - (no file)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
ip\..\{58CB4718-A59C-48C7-ADDC-DD9CE5943BF4}: NameServer = 81.253.149.1 80.10.246.3
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)

_____________

analyse ces fichiers sur virus total et donne moi la liste de ceux qui sont considérés comme inféctés:

https://www.virustotal.com/gui/

C:\WINDOWS\SYSTEM32\wnyxoidd.ini
C:\WINDOWS\SYSTEM32\ojmscjnm.dll_old
C:\WINDOWS\SYSTEM32\dughcuky.ini
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
C:\WINDOWS\SYSTEM32\ljJBurRj.dll
C:\WINDOWS\SYSTEM32\kdtrvyck.dll
C:\WINDOWS\SYSTEM32\ekdctslc.dll
C:\Program Files\MalwareWar 7.3
C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
C:\WINDOWS\SYSTEM32\ffxtbteg.dll
C:\WINDOWS\SYSTEM32\gkvfistq.dll
C:\WINDOWS\SYSTEM32\ktrkifxm.dll
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
C:\WINDOWS\SYSTEM32\asmyvypk.dll
C:\WINDOWS\SYSTEM32\fkfsldyw.dll
C:\WINDOWS\SYSTEM32\stkglvxg.dll
C:\WINDOWS\BM679eeb19.xml
C:\WINDOWS\SYSTEM32\goshyhes.dll
0
daniel89440 Messages postés 16 Statut Membre
 
merci d eta réponse , je suis retourné au boulot depuis, je fais cela ce soir
daniel.
0
daniel89440 Messages postés 16 Statut Membre
 
A priori pour une fois Hijack a bien voulu retirer les lignes concernées.

Je mets ci-dessous les fichiers infectés et les elts les plus souvent cités par les outils d'analyse.

Merci et dans l'attente de la prochaine étape !
Daniel



C:\WINDOWS\SYSTEM32\wnyxoidd.ini ::::::Trojan:Win32/Vundo.AF</gras>
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old :::::::: Troj/Virtum-Gen / Vundo.gen179
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old ::::::::::::W32/Virtumonde.VKF / Trojan.Vundo.Gen
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old :::::::::::::Trojan:Win32/Vundo.AF / Troj/Virtum-Gen
C:\WINDOWS\SYSTEM32\ljJBurRj.dll ::::::::::::::::::Trojan:Win32/Vundo.AF
C:\WINDOWS\SYSTEM32\kdtrvyck.dll :::::::::::::::::Win32.Malware.gen (suspicious)
C:\WINDOWS\SYSTEM32\ekdctslc.dll :::::::::::::::::::Win32.Malware.gen!80 (suspicious)
C:\WINDOWS\SYSTEM32\ffxtbteg.dll:::::::::::::::::Win32.Malware.gen (suspicious)
C:\WINDOWS\SYSTEM32\gkvfistq.dll :::::::::::::::Win32.Malware.gen (suspicious)
C:\WINDOWS\SYSTEM32\ktrkifxm.dll:::::::::::::::::::Win32.Malware.gen (suspicious)
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll :::::::::::::::::Win32.Malware.gen!80 (suspicious)
C:\WINDOWS\SYSTEM32\asmyvypk.dll :::::::::::::::Win32.Malware.gen (suspicious)
C:\WINDOWS\SYSTEM32\fkfsldyw.dll::::::::::::::::::::Win32.Malware.gen (suspicious)
C:\WINDOWS\SYSTEM32\stkglvxg.dll::::::::::::Vundo.gen179 / Trojan.Crypt.XPACK.Gen
C:\WINDOWS\SYSTEM32\goshyhes.dll::::::::::Vundo.gen179 / Win32.Malware.gen!90 (suspicious)
C:\Program Files\MalwareWar 7.3:::::::::::::::::::not-a-virus:FraudTool.Win32.MalwareWipe.q /Virus.Win32.FileInfector.gen
C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe :::::::Trojan.DL.Win32.WinFixer.au / W32/Heuristic-162!Eldorado........
0
Réponse 2 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_______________

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_____________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\SYSTEM32\wnyxoidd.ini
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
C:\WINDOWS\SYSTEM32\ljJBurRj.dll
C:\WINDOWS\SYSTEM32\kdtrvyck.dll
C:\WINDOWS\SYSTEM32\ekdctslc.dll
C:\WINDOWS\SYSTEM32\ffxtbteg.dll
C:\WINDOWS\SYSTEM32\gkvfistq.dll
C:\WINDOWS\SYSTEM32\ktrkifxm.dll
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
C:\WINDOWS\SYSTEM32\asmyvypk.dll
C:\WINDOWS\SYSTEM32\fkfsldyw.dll
C:\WINDOWS\SYSTEM32\stkglvxg.dll
C:\WINDOWS\SYSTEM32\goshyhes.dll
C:\Program Files\MalwareWar 7.3
C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
C:\WINDOWS\system32\ljJBurRj.dll
C:\WINDOWS\system32\ojmscjnm.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01C0C00C-E2F4-4AC3-AECE-A5B318E3123A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{370AA30E-59C4-467F-BB02-264B4ED559FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8911E83E-D6F0-4701-8716-294F19FF901B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B043184-F455-48F9-9507-7A5972B30A0C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB5009EE-3B4D-4612-9A7E-8313FD419003}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E55DBAF9-651A-40EA-9D68-47B5356D7716}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED8FEBDD-93AF-4CF2-8628-2190765996BC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM679eeb19"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
daniel89440 Messages postés 16 Statut Membre
 
J'essaie pour la 4ème fois en coupant en 2....................

1) Java : ok
2) IE7 : des pbs aussi bien à partir de 01 que de microsoft-update
j'ai rebooté et me suis arrêté à la 3ème tentative

3) Cfscript et combofix : ok
rapport :

ComboFix 08-05-15.3 - Marie 2008-05-17 10:43:22.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.108 [GMT 7:00]
Endroit: C:\Documents and Settings\Marie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marie\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
C:\Program Files\MalwareWar 7.3
C:\WINDOWS\SYSTEM32\asmyvypk.dll
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
C:\WINDOWS\SYSTEM32\ekdctslc.dll
C:\WINDOWS\SYSTEM32\ffxtbteg.dll
C:\WINDOWS\SYSTEM32\fkfsldyw.dll
C:\WINDOWS\SYSTEM32\gkvfistq.dll
C:\WINDOWS\SYSTEM32\goshyhes.dll
C:\WINDOWS\SYSTEM32\kdtrvyck.dll
C:\WINDOWS\SYSTEM32\ktrkifxm.dll
C:\WINDOWS\system32\ljJBurRj.dll
C:\WINDOWS\SYSTEM32\ljJBurRj.dll
C:\WINDOWS\system32\ojmscjnm.dll
C:\WINDOWS\SYSTEM32\stkglvxg.dll
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
C:\WINDOWS\SYSTEM32\wnyxoidd.ini
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
C:\WINDOWS\SYSTEM32\asmyvypk.dll
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
C:\WINDOWS\SYSTEM32\ekdctslc.dll
C:\WINDOWS\SYSTEM32\ffxtbteg.dll
C:\WINDOWS\SYSTEM32\fkfsldyw.dll
C:\WINDOWS\SYSTEM32\gkvfistq.dll
C:\WINDOWS\SYSTEM32\goshyhes.dll
C:\WINDOWS\SYSTEM32\jRruBJjl.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini2
C:\WINDOWS\SYSTEM32\kdtrvyck.dll
C:\WINDOWS\SYSTEM32\ktrkifxm.dll
C:\WINDOWS\system32\ljJBurRj.dll
C:\WINDOWS\SYSTEM32\stkglvxg.dll
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
C:\WINDOWS\SYSTEM32\wnyxoidd.ini
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
F:\Autorun.inf
.
---- Previous Run -------
.
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cvbdsnpn.exe
C:\WINDOWS\system32\dmvufwpo.exe
C:\WINDOWS\system32\gnjxbdct.exe
C:\WINDOWS\system32\iytdvnxk.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxfikrtk.ini
C:\WINDOWS\system32\pthtyidf.exe
C:\WINDOWS\system32\qfidhssj.ini
C:\WINDOWS\system32\qorxtldd.ini
C:\WINDOWS\system32\rlyufyeg.exe
C:\WINDOWS\system32\scaluwit.exe
C:\WINDOWS\SYSTEM32\sehyhsog.ini
C:\WINDOWS\system32\styfsioj.exe
C:\WINDOWS\system32\timaeyfv.exe
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini2
C:\WINDOWS\system32\xctuurbv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.

2008-05-17 10:50 . 2008-05-17 10:50 268 --ah----- C:\sqmdata07.sqm
2008-05-17 10:50 . 2008-05-17 10:50 244 --ah----- C:\sqmnoopt07.sqm
2008-05-17 10:08 . 2008-05-17 10:08 268 --ah----- C:\sqmdata06.sqm
2008-05-17 10:08 . 2008-05-17 10:08 244 --ah----- C:\sqmnoopt06.sqm
2008-05-17 10:07 . 2008-05-17 10:07 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-17 10:03 . 2008-05-17 10:23 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2008-05-17 09:56 . 2008-05-17 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-17 09:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-05-17 01:11 . 2008-05-17 01:11 268 --ah----- C:\sqmdata05.sqm
2008-05-17 01:11 . 2008-05-17 01:11 244 --ah----- C:\sqmnoopt05.sqm
2008-05-15 14:46 . 2008-05-15 14:46 126,528 --------- C:\WINDOWS\SYSTEM32\ojmscjnm.dll_old
2008-05-13 19:21 . 2008-05-15 14:43 1,794 ---hs---- C:\WINDOWS\SYSTEM32\dughcuky.ini
2008-05-13 06:41 . 2008-05-13 06:41 <REP> d-------- C:\Program Files\Yahoo!
2008-05-13 06:41 . 2008-05-13 06:42 <REP> d-------- C:\Program Files\CCleaner
2008-05-11 23:51 . 2008-05-11 23:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 23:51 . 2008-05-12 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-11 17:30 . 2008-05-11 17:32 <REP> d-------- C:\Program Files\Unlocker
2008-05-11 17:30 . 2008-05-11 17:30 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Desktopicon
2008-05-10 21:41 . 2008-05-10 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 21:39 . 2008-05-10 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 12:40 . 2008-05-10 12:40 <REP> d-------- C:\Documents and Settings\Marie\Application Data\reparateurdesysteme
2008-05-10 12:35 . 2008-05-10 12:35 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-05-10 12:25 . 2008-05-10 13:26 <REP> d-------- C:\Program Files\MalwareWar 7.3
2008-05-10 12:25 . 2008-05-10 13:26 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 18:12 . 2008-05-15 16:32 109,858 --a------ C:\WINDOWS\BM679eeb19.xml
2008-04-27 06:34 . 2008-04-27 06:34 268 --ah----- C:\sqmdata04.sqm
2008-04-27 06:34 . 2008-04-27 06:34 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 02:50 --------- d-----w C:\Program Files\Java
2008-05-12 02:40 --------- d-----w C:\Program Files\BearShare
2008-05-11 05:36 --------- d-----w C:\Program Files\eMule
2008-05-10 18:53 --------- d-----w C:\Documents and Settings\Marie\Application Data\SiteAdvisor
2008-05-10 16:15 --------- d-----w C:\Program Files\MSN Messenger
2008-05-10 14:41 --------- d-----w C:\Program Files\Lavasoft
2008-05-05 09:59 --------- d-----w C:\Program Files\FinePixViewer
2008-04-08 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 17:51 --------- d-----w C:\Documents and Settings\Daniel\Application Data\SiteAdvisor
2008-03-04 15:45 606,848 -c--a-w C:\WINDOWS\flashax.exe
2008-03-04 15:45 194,560 ----a-w C:\WINDOWS\screensaver_cadeau_magique.scr
2008-03-04 15:45 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-01-12 20:57 81,920 ----a-w C:\Documents and Settings\Marie\Application Data\ezpinst.exe
2008-01-12 20:57 47,360 -c--a-w C:\Documents and Settings\Marie\Application Data\pcouffin.sys
2006-08-25 13:14 590,528,652 ----a-w C:\Program Files\premierepro.zip
2005-12-20 19:48 2,000,324 ------w C:\Program Files\cdex_151.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_13.38.56.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 06:27:56 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-17 03:51:26 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2006-10-26 19:44:26 71,680 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2006-10-26 19:44:26 71,680 -c----w C:\WINDOWS\ie7\admparse.dll.000
+ 2006-10-26 19:44:06 123,904 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2006-10-26 19:44:06 123,904 -c----w C:\WINDOWS\ie7\advpack.dll.000
+ 2006-10-17 06:03:56 17,408 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-10-27 08:09:58 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2006-10-27 08:09:58 33,792 -c----w C:\WINDOWS\ie7\custsat.dll.000
+ 2006-10-17 05:58:06 346,624 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2006-10-17 05:57:50 214,528 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2006-10-27 08:09:58 131,584 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2006-10-17 05:44:36 60,416 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2006-10-17 05:44:36 60,416 -c----w C:\WINDOWS\ie7\hmmapi.dll.000
+ 2006-10-17 05:58:20 61,952 -c----w C:\WINDOWS\ie7\icardie.dll
+ 2006-10-26 19:44:04 54,784 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2006-10-26 19:44:04 54,784 -c----w C:\WINDOWS\ie7\ie4uinit.exe.000
+ 2006-10-26 19:44:36 152,064 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2006-10-26 19:44:36 152,064 -c----w C:\WINDOWS\ie7\ieakeng.dll.000
+ 2006-10-26 19:44:42 229,376 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2006-10-26 19:44:42 229,376 -c----w C:\WINDOWS\ie7\ieaksie.dll.000
+ 2006-10-26 19:42:54 161,792 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2006-10-26 19:42:54 161,792 -c----w C:\WINDOWS\ie7\ieakui.dll.000
+ 2006-09-05 17:01:26 2,451,824 -c----w C:\WINDOWS\ie7\ieapfltr.dat
+ 2006-10-17 05:27:56 380,928 -c----w C:\WINDOWS\ie7\ieapfltr.dll
+ 2006-10-26 19:44:46 382,976 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2006-10-26 19:44:46 382,976 -c----w C:\WINDOWS\ie7\iedkcs32.dll.000
+ 2006-10-17 06:04:50 69,120 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2006-10-17 06:06:00 78,336 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2006-10-17 06:06:00 78,336 -c----w C:\WINDOWS\ie7\ieencode.dll.000
+ 2006-10-27 08:09:58 6,049,280 -c----w C:\WINDOWS\ie7\ieframe.dll
+ 2006-10-27 08:09:58 191,488 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2006-10-27 08:09:58 287,744 -c----w C:\WINDOWS\ie7\ieproxy.dll
+ 2006-10-26 19:44:08 43,008 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2006-10-26 19:44:08 43,008 -c----w C:\WINDOWS\ie7\iernonce.dll.000
+ 2006-10-17 05:57:20 266,752 -c----w C:\WINDOWS\ie7\iertutil.dll
+ 2006-10-26 19:44:26 55,296 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2006-10-26 19:44:26 55,296 -c----w C:\WINDOWS\ie7\iesetup.dll.000
+ 2006-10-27 08:09:58 180,736 -c----w C:\WINDOWS\ie7\ieui.dll
+ 2006-10-17 06:04:40 622,080 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2006-10-17 06:04:40 622,080 -c----w C:\WINDOWS\ie7\iexplore.exe.000
+ 2006-10-17 05:57:58 36,352 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2006-10-17 05:57:58 36,352 -c----w C:\WINDOWS\ie7\imgutil.dll.000
+ 2006-10-26 19:44:08 92,672 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2006-10-17 06:00:00 491,520 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2006-10-27 08:09:58 27,136 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2006-10-17 06:05:10 40,960 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2006-10-17 06:05:10 40,960 -c----w C:\WINDOWS\ie7\licmgr10.dll.000
+ 2006-10-27 08:09:58 458,752 -c----w C:\WINDOWS\ie7\msfeeds.dll
+ 2006-10-27 08:09:58 50,688 -c----w C:\WINDOWS\ie7\msfeedsbs.dll
+ 2006-10-17 05:58:32 12,288 -c----w C:\WINDOWS\ie7\msfeedssync.exe
+ 2006-10-17 05:56:10 45,568 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2006-10-17 05:56:10 45,568 -c----w C:\WINDOWS\ie7\mshta.exe.000
+ 2006-10-27 08:09:58 3,577,856 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2006-10-27 08:09:58 475,648 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2006-10-17 05:28:56 48,128 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2006-10-17 05:28:56 48,128 -c----w C:\WINDOWS\ie7\mshtmler.dll.000
+ 2006-10-27 08:09:58 156,160 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2006-10-27 08:09:58 156,160 -c----w C:\WINDOWS\ie7\msls31.dll.000
+ 2006-10-17 06:05:10 192,000 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2006-10-27 08:09:58 670,720 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2006-10-17 06:04:46 101,376 -c----w C:\WINDOWS\ie7\occache.dll
+ 2006-10-17 06:04:46 101,376 -c----w C:\WINDOWS\ie7\occache.dll.000
+ 2006-10-17 05:58:08 44,544 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 11:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 11:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 10:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 10:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-10-17 06:05:22 105,984 -c----w C:\WINDOWS\ie7\url.dll
+ 2006-10-17 06:05:22 105,984 -c----w C:\WINDOWS\ie7\url.dll.000
+ 2006-10-27 08:09:58 1,162,240 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2006-10-27 08:09:58 413,696 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2006-10-27 08:09:58 765,952 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2006-10-27 08:09:58 231,424 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2006-10-27 08:09:58 231,424 -c----w C:\WINDOWS\ie7\webcheck.dll.000
+ 2006-10-17 06:05:58 206,336 -c----w C:\WINDOWS\ie7\winfxdocobj.exe
+ 2006-10-27 08:09:58 818,688 -c----w C:\WINDOWS\ie7\wininet.dll
- 2004-08-05 12:00:00 61,440 ----a-w C:\WINDOWS\SYSTEM32\ADMPARSE.DLL
+ 2007-08-13 11:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
- 2004-08-05 12:00:00 101,888 ----a-w C:\WINDOWS\SYSTEM32\ADVPACK.DLL
+ 2007-08-13 11:39:00 123,904 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2004-08-05 12:00:00 35,328 ----a-w C:\WINDOWS\SYSTEM32\CORPOL.DLL
+ 2007-08-13 11:42:54 17,408 ----a-w C:\WINDOWS\SYSTEM32\corpol.dll
+ 2007-08-13 11:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\admparse.dll
+ 2007-08-13 11:39:00 123,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2007-08-13 11:42:54 17,408 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
- 2004-05-11 22:18:58 28,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
+ 2007-08-13 11:54:10 33,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
- 2008-02-16 09:02:34 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-08-13 11:35:46 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-08-13 11:35:38 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-02-16 09:02:35 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-08-13 11:54:10 131,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-08-13 11:18:02 60,416 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2007-08-13 11:39:06 54,784 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-13 11:39:26 152,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-08-13 11:39:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2007-08-13 10:56:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-08-13 11:39:50 382,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-02-15 09:23:37 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 11:44:02 69,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 11:45:18 78,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieencode.dll
- 2008-02-16 09:02:35 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2007-08-13 11:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2007-08-13 11:39:10 43,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-13 11:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iesetup.dll
+ 2007-08-13 11:43:56 622,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-13 11:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
- 2008-02-16 09:02:35 96,768 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2007-08-13 11:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2007-12-18 14:41:58 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-08-13 11:38:04 491,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
- 2008-02-16 09:02:35 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-08-13 11:54:10 27,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-08-13 11:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2007-08-13 11:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
- 2008-02-16 22:32:38 3,080,704 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-08-13 11:54:12 3,578,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-02-16 09:02:36 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-13 11:54:10 475,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-13 11:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2007-08-13 11:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
- 2008-02-16 09:02:37 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2007-08-13 11:44:26 192,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-02-16 09:02:37 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-08-13 11:54:10 670,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-08-13 11:44:06 101,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-02-16 09:02:37 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2007-08-13 11:36:12 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2007-08-13 11:44:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-02-16 09:02:39 617,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-08-13 11:54:10 1,162,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
+ 2007-08-13 11:54:10 413,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
- 2007-06-26 13:56:54 851,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
+ 2007-08-13 11:54:10 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll
+ 2007-08-13 11:54:10 231,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-02-16 09:02:39 663,552 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2007-08-13 11:54:10 818,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2007-08-13 11:35:46 346,624 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2007-08-13 11:35:38 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2007-08-13 11:54:10 131,584 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2007-08-13 11:36:26 61,952 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2006-06-29 01:05:44 26,112 ------w C:\WINDOWS\SYSTEM32\idndl.dll
- 2004-08-05 12:00:00 34,304 ----a-w C:\WINDOWS\SYSTEM32\IE4UINIT.EXE
+ 2007-08-13 11:39:06 54,784 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2004-08-05 12:00:00 139,264 ----a-w C:\WINDOWS\SYSTEM32\IEAKENG.DLL
+ 2007-08-13 11:39:26 152,064 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2004-08-05 12:00:00 221,696 ----a-w C:\WINDOWS\SYSTEM32\IEAKSIE.DLL
+ 2007-08-13 11:39:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2004-08-05 12:00:00 245,760 ----a-w C:\WINDOWS\SYSTEM32\IEAKUI.DLL
+ 2007-08-13 10:56:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2007-02-12 09:10:12 2,451,312 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dat
+ 2007-07-11 05:27:48 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2004-08-05 12:00:00 323,584 ----a-w C:\WINDOWS\SYSTEM32\IEDKCS32.DLL
+ 2007-08-13 11:39:50 382,976 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2004-08-05 12:00:00 81,920 ----a-w C:\WINDOWS\SYSTEM32\IEENCODE.DLL
+ 2007-08-13 11:45:18 78,336 ----a-w C:\WINDOWS\SYSTEM32\ieencode.dll
+ 2007-08-13 11:54:10 6,049,280 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2007-08-13 11:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2004-08-05 12:00:00 49,152 ----a-w C:\WINDOWS\SYSTEM32\IERNONCE.DLL
+ 2007-08-13 11:39:10 43,008 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2007-08-13 11:34:04 266,752 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2004-08-05 12:00:00 63,488 ----a-w C:\WINDOWS\SYSTEM32\IESETUP.DLL
+ 2007-08-13 11:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-08-13 11:39:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2007-08-13 11:54:10 180,736 ----a-w C:\WINDOWS\SYSTEM32\ieui.dll
- 2004-08-05 12:00:00 35,840 ----a-w C:\WINDOWS\SYSTEM32\IMGUTIL.DLL
+ 2007-08-13 11:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
- 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2007-08-13 11:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2003-11-19 16:36:26 24,681 -c--a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-02-21 18:23:35 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2003-11-19 16:36:30 28,779 -c--a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-21 18:23:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-21 19:33:32 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-08-13 11:38:04 491,520 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2007-08-13 11:54:10 27,136 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2004-08-05 12:00:00 22,528 ----a-w C:\WINDOWS\SYSTEM32\LICMGR10.DLL
+ 2007-08-13 11:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2007-08-13 11:54:10 458,752 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2007-08-13 11:54:10 50,688 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2007-08-13 11:36:40 12,288 ----a-w C:\WINDOWS\SYSTEM32\msfeedssync.exe
- 2004-08-05 12:00:00 29,184 ----a-w C:\WINDOWS\SYSTEM32\MSHTA.EXE
+ 2007-08-13 11:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2007-08-13 11:54:12 3,578,368 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2007-08-13 11:54:10 475,648 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2004-08-05 12:00:00 57,344 ----a-w C:\WINDOWS\SYSTEM32\MSHTMLER.DLL
+ 2007-08-13 11:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
- 2004-08-05 12:00:00 146,432 ----a-w C:\WINDOWS\SYSTEM32\MSLS31.DLL
+ 2007-08-13 11:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
- 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2007-08-13 11:44:26 192,000 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2007-08-13 11:54:10 670,720 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2006-06-28 10:59:26 24,576 ------w C:\WINDOWS\SYSTEM32\nlsdl.dll
+ 2006-06-29 01:05:44 23,552 ------w C:\WINDOWS\SYSTEM32\normaliz.dll
- 2004-08-05 12:00:00 97,280 ----a-w C:\WINDOWS\SYSTEM32\OCCACHE.DLL
+ 2007-08-13 11:44:06 101,376 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2007-08-13 11:36:12 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2004-08-05 12:00:00 37,888 ----a-w C:\WINDOWS\SYSTEM32\URL.DLL
+ 2007-08-13 11:44:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2007-08-13 11:54:10 1,162,240 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-08-13 11:54:10 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
- 2004-08-05 12:00:00 281,600 ----a-w C:\WINDOWS\SYSTEM32\WEBCHECK.DLL
+ 2007-08-13 11:54:10 231,424 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2007-08-13 11:45:16 206,336 ----a-w C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
- 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2007-08-13 11:54:10 818,688 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2006-07-14 15:51:52 121,856 ------w C:\WINDOWS\SYSTEM32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16D9ECB9-E22A-4C79-AA2E-EA2AD53C89B4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52EBE146-B3D8-4900-9E66-DABEE60AF61C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4E5B4E-7C12-411B-8151-A86EBA2567A0}]
C:\WINDOWS\system32\ljJBurRj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 17:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 18:06 196608]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 04:18 443968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 23:35 3587120]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 22:42 1404928]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 03:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 03:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 23:54 57344]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 08:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 08:05 127035]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-08 20:11 26112]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" [2005-12-29 17:29 190024]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 17:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 18:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 18:24 217088]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 15:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 15:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 15:36 114688]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-01-29 18:07 3718312]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 11:46 1838592]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-06 02:10 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 03:32 53248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 11:15 15872]
"BM679eeb19"="C:\WINDOWS\system32\ojmscjnm.dll" [ ]
"combofix"="C:\WINDOWS\system32\CF29052.exe" [2004-08-05 19:00 400896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 19:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 23:50]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 00:25]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 05:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 00:08:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:00:37 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2005-03-17 08:41:39 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
0
Réponse 3 / 15
daniel89440 Messages postés 16 Statut Membre
 
La suite

MalwareBytes : ok

rapport :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 756

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 166881
Temps écoulé: 1 hour(s), 33 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{13901470-5bcf-0ea6-a762-ad195455772b} (Rogue.MalwareWar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MalwareWar.EXE (Rogue.MalwareWar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM679eeb19 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MalwareWar 7.3 (Rogue.MalwareWar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Marie\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252837.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP922\A0253250.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP922\A0253253.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP922\A0253293.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareWar 7.3\MalwareWar 7.3.exe (Rogue.MalwareWar) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 4 / 15
daniel89440 Messages postés 16 Statut Membre
 
Enfin j'ai pas réussi via bitdefender, kapersky ne voulait pas de firefox donc je suis passé par panda qui m'en a desinfecté 3 sur 4 et laissé 43 de côté (service payant)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-18 15:57:03
PROTECTIONS: 1
MALWARE: 47
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00059895 adware/instafinder Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Local Settings\Temp\Cookies\audrey@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel\Cookies\daniel@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@fe.lea.lycos[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.weborama.fr/]
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@adopt.hbmediapro[2].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@terra.com[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[6].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@888[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cassava[1].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@rn11[2].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@stats1.reliablestats[2].txt
00188303 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252843.DLL
00192985 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252842.DLL
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@go[1].txt
00211144 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252834.DLL
00215545 Cookie/Bettersearch TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@index[1].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@i.screensavers[1].txt
00216672 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252845.DLL
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@winfixer[1].txt
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252848.DLL
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252840.DLL
00241804 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252836.DLL
00241809 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252839.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252850.DLL
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@www.errorsafe[2].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@errorsafe[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.smartadserver.com/]
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[7].txt
00297197 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252849.DLL
00358072 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252835.DLL
00358076 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252841.DLL
00602621 Generic Application HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-2571934723-3149106672-172741559-1007\Dc427.exe
00772081 Adware/IST Adware No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP922\A0253254.exe
01176994 Bck/VB.XB Virus/Trojan No 0 Yes No C:\ComboFix\NirCmdC.cfexe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Marie\Bureau\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP936\A0255037.EXE
01622681 Adware/Zango Adware No 0 Yes No C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
01792438 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP936\A0255044.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254463.sys
02902205 Adware/Zango Adware No 0 Yes No C:\Documents and Settings\Marie\Bureau\Setup.exe
02940889 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP936\A0255023.exe
02940889 Adware/MalwareAlarm Adware No 1 Yes No C:\QooBox\Quarantine\C\Documents and Settings\Marie\Application Data\setup_fr[1].exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dmvufwpo.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cvbdsnpn.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gnjxbdct.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pthtyidf.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rlyufyeg.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\styfsioj.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\timaeyfv.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254452.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254451.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\scaluwit.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xctuurbv.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254444.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254445.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254446.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254447.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254448.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254449.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP925\A0254450.exe
02947891 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0253027.exe
02952476 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0253020.dll
02972592 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP936\A0255031.dll
02972592 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kdtrvyck.dll.vir
02974026 Trj/Downloader.TRV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252860.exe
02974026 Trj/Downloader.TRV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0252979.exe
02974026 Trj/Downloader.TRV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0253028.exe
02974227 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP921\A0253021.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

j'ai fait un copier/coller de la page :

Niveau de risque faible (4)
Trj/Downloader... Virus
Latent(e)
Afficher +Infos Désinfecté
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0253028.exe
2. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252860.exe
3. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252979.exe
Bck/VB.XB Virus
Latent(e)
Afficher +Infos
Non désinfectable
1. C:\ComboFix\NirCmdC.cfexe
2. C:\Documents and Settings\Marie\Bureau\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
Trj/Agent.ITR Virus
Latent(e)
Afficher +Infos Désinfecté
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254450.exe
2. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254451.exe
3. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rlyufyeg.exe.vir
4. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254452.exe
5. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\scaluwit.exe.vir
6. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254444.exe
7. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gnjxbdct.exe.vir
8. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254445.exe
9. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254446.exe
10. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xctuurbv.exe.vir
11. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\styfsioj.exe.vir
12. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dmvufwpo.exe.vir
13. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254447.exe
14. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254448.exe
15. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP925\A0254449.exe
16. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\timaeyfv.exe.vir
17. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cvbdsnpn.exe.vir
18. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pthtyidf.exe.vir
Rootkit/Booto.... Virus
Latent(e)
Afficher +Infos Désinfecté

PAYANT

Niveau de risque moyen (3)
Spyware/Virtum... Logiciel espion
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP936\A0255031.dll
2. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kdtrvyck.dll.vir
Adware/Malware... Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0253027.exe
Adware/Malware... Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos

Niveau de risque faible (40)
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252850.DLL
Cookie/Betters... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@index[1].txt
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252843.DLL
Cookie/ErrorSa... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@errorsafe[2].txt
Cookie/ErrorSa... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@www.errorsafe[2].txt
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252834.DLL
Cookie/Weboram... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Marie\Application D....default\cookies.txt[.weborama.fr/]
Cookie/Screens... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@i.screensavers[1].txt
Adware/Zango Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe
Adware/Zango Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Marie\Bureau\Setup.exe
Adware/IST Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP922\A0253254.exe
Application/Ps... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\WINDOWS\PSEXESVC.EXE
2. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP936\A0255037.EXE
Cookie/Go Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@go[1].txt
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252849.DLL
Adware/Netproj... Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0253021.exe
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252839.DLL
Cookie/Rn11 Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@rn11[2].txt
Cookie/Cassava Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@cassava[1].txt
Cookie/888 Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@888[2].txt
Cookie/Cgi-bin Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[6].txt
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252836.DLL
Cookie/Smartad... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Marie\Application D...lt\cookies.txt[.smartadserver.com/]
Cookie/fe.lea.... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@fe.lea.lycos[1].txt
Cookie/Reliabl... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@stats1.reliablestats[2].txt
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252842.DLL
Cookie/Xiti Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Marie\Application D...owx.default\cookies.txt[.xiti.com/]
2. C:\Documents and Settings\Daniel\Cookies\daniel@xiti[1].txt
3. C:\Documents and Settings\Audrey\Cookies\audrey@xiti[1].txt
4. C:\Documents and Settings\Audrey\Local Settings\Temp\Cookies\audrey@xiti[1].txt
Generic Applic... Outil de piratage
Latent(e)
Afficher +Infos
1. C:\RECYCLER\S-1-5-21-2571934723-3149106672-172741559-1007\Dc427.exe
Cookie/Hbmedia... Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@adopt.hbmediapro[2].txt
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252848.DLL
2. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252840.DLL
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252841.DLL
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252845.DLL
Cookie/Cgi-bin Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[7].txt
Cookie/Cgi-bin Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[2].txt
adware/instafi... Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. HKEY_CURRENT_USER\Software\Microsoft\Windows\...7BD74F-2B8D-469E-90F0-F66AB581A933}
Adware/Netproj... Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0253020.dll
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
1. C:\System Volume Information\_restore{EA39A09...9B-915C83FE3B53}\RP921\A0252835.DLL
Cookie/Com.com Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@com[2].txt
Cookie/Com.com Cookie de surveillance
Latent(e)
Afficher +Infos
1. C:\Documents and Settings\Audrey\Cookies\audrey@terra.com[1].txt
Cookie/WinFixe... Cookie de surveillance
Latent(e)
Afficher +Infos
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
daniel89440 Messages postés 16 Statut Membre
 
Le Hijackthis fait réapparaitre.
J'ai supprimé les 2 lignes en 02 BHO (No Name) (no file)

Petite question : spybot me demande régulièrement de smodifs de registre pdt ttes ces manips : faut bien faire ok ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04, on 2008-05-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Marie\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {16D9ECB9-E22A-4C79-AA2E-EA2AD53C89B4} - (no file)
O2 - BHO: (no name) - {52EBE146-B3D8-4900-9E66-DABEE60AF61C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D4E5B4E-7C12-411B-8151-A86EBA2567A0} - C:\WINDOWS\system32\ljJBurRj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF29052.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?012ae12d51d84cffa9c8f4e3abe6ff5c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?012ae12d51d84cffa9c8f4e3abe6ff5c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58CB4718-A59C-48C7-ADDC-DD9CE5943BF4}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
0
Réponse 6 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
parfait!

vire ce qui est dans ta poubelle

________________

vire ce qui est dans le dossier quarantine en allant ndasp oste de travail puis C puis
C:\QooBox\Quarantine
______________________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\ljJBurRj.dll
C:\RECYCLER\S-1-5-21-2571934723-3149106672-172741559-1007\Dc427.exe
C:\WINDOWS\PSEXESVC.EXE
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16D9ECB9-E22A-4C79-AA2E-EA2AD53C89B4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52EBE146-B3D8-4900-9E66-DABEE60AF61C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4E5B4E-7C12-411B-8151-A86EBA2567A0}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_______________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

https://www.malekal.com/tutoriel-ccleaner/
_______________________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là :

https://www.informatruc.com

_______________________
refais un scan panda pour voir
0
daniel89440 Messages postés 16 Statut Membre
 
Ca s'est bien passé.
Dans la fermeture de windows au cours de la procédure combofix, il a déclaré ne pas pouvoir installer catchmedf.exe pour cause d'initialisation de la dll

j'ai répété 2 fois la purge de la quarantaine, corbeille et ccleaner.

le combo :

ComboFix 08-05-15.3 - Marie 2008-05-18 21:07:11.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT 7:00]Endroit: C:\Documents and Settings\Marie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marie\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\RECYCLER\S-1-5-21-2571934723-3149106672-172741559-1007\Dc427.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\system32\ljJBurRj.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\RECYCLER\S-1-5-21-2571934723-3149106672-172741559-1007\Dc427.exe
C:\WINDOWS\PSEXESVC.EXE
.
---- Previous Run -------
.
C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\asmyvypk.dll
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
C:\WINDOWS\system32\cvbdsnpn.exe
C:\WINDOWS\system32\dmvufwpo.exe
C:\WINDOWS\SYSTEM32\ekdctslc.dll
C:\WINDOWS\SYSTEM32\ffxtbteg.dll
C:\WINDOWS\SYSTEM32\fkfsldyw.dll
C:\WINDOWS\SYSTEM32\gkvfistq.dll
C:\WINDOWS\system32\gnjxbdct.exe
C:\WINDOWS\SYSTEM32\goshyhes.dll
C:\WINDOWS\system32\iytdvnxk.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini2
C:\WINDOWS\SYSTEM32\kdtrvyck.dll
C:\WINDOWS\SYSTEM32\ktrkifxm.dll
C:\WINDOWS\SYSTEM32\ljJBurRj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxfikrtk.ini
C:\WINDOWS\system32\pthtyidf.exe
C:\WINDOWS\system32\qfidhssj.ini
C:\WINDOWS\system32\qorxtldd.ini
C:\WINDOWS\system32\rlyufyeg.exe
C:\WINDOWS\system32\scaluwit.exe
C:\WINDOWS\system32\sehyhsog.ini
C:\WINDOWS\SYSTEM32\stkglvxg.dll
C:\WINDOWS\system32\styfsioj.exe
C:\WINDOWS\system32\timaeyfv.exe
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini2
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
C:\WINDOWS\SYSTEM32\wnyxoidd.ini
C:\WINDOWS\system32\xctuurbv.exe
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
F:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 21:12 . 2008-05-18 21:12 268 --ah----- C:\sqmdata08.sqm
2008-05-18 21:12 . 2008-05-18 21:12 244 --ah----- C:\sqmnoopt08.sqm
2008-05-18 13:17 . 2008-05-18 13:18 <REP> d-------- C:\Program Files\Panda Security
2008-05-17 11:07 . 2008-05-17 11:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 11:07 . 2008-05-17 11:07 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Malwarebytes
2008-05-17 11:07 . 2008-05-17 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 11:07 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-17 11:07 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-17 10:50 . 2008-05-17 10:50 268 --ah----- C:\sqmdata07.sqm
2008-05-17 10:50 . 2008-05-17 10:50 244 --ah----- C:\sqmnoopt07.sqm
2008-05-17 10:08 . 2008-05-17 10:08 268 --ah----- C:\sqmdata06.sqm
2008-05-17 10:08 . 2008-05-17 10:08 244 --ah----- C:\sqmnoopt06.sqm
2008-05-17 10:07 . 2008-05-17 10:07 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-17 10:03 . 2008-05-17 10:23 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2008-05-17 09:56 . 2008-05-17 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-17 09:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-05-17 01:11 . 2008-05-17 01:11 268 --ah----- C:\sqmdata05.sqm
2008-05-17 01:11 . 2008-05-17 01:11 244 --ah----- C:\sqmnoopt05.sqm
2008-05-15 14:46 . 2008-05-15 14:46 126,528 --------- C:\WINDOWS\SYSTEM32\ojmscjnm.dll_old
2008-05-13 19:21 . 2008-05-15 14:43 1,794 ---hs---- C:\WINDOWS\SYSTEM32\dughcuky.ini
2008-05-13 06:41 . 2008-05-13 06:41 <REP> d-------- C:\Program Files\Yahoo!
2008-05-13 06:41 . 2008-05-13 06:42 <REP> d-------- C:\Program Files\CCleaner
2008-05-11 23:51 . 2008-05-11 23:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 23:51 . 2008-05-12 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-11 17:30 . 2008-05-11 17:32 <REP> d-------- C:\Program Files\Unlocker
2008-05-11 17:30 . 2008-05-18 13:05 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Desktopicon
2008-05-10 21:41 . 2008-05-10 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 21:39 . 2008-05-10 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 12:40 . 2008-05-10 12:40 <REP> d-------- C:\Documents and Settings\Marie\Application Data\reparateurdesysteme
2008-05-10 12:35 . 2008-05-10 12:35 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-05-10 12:25 . 2008-05-10 13:26 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 18:12 . 2008-05-15 16:32 109,858 --a------ C:\WINDOWS\BM679eeb19.xml
2008-04-27 06:34 . 2008-04-27 06:34 268 --ah----- C:\sqmdata04.sqm
2008-04-27 06:34 . 2008-04-27 06:34 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 02:50 --------- d-----w C:\Program Files\Java
2008-05-12 02:40 --------- d-----w C:\Program Files\BearShare
2008-05-11 05:36 --------- d-----w C:\Program Files\eMule
2008-05-10 18:53 --------- d-----w C:\Documents and Settings\Marie\Application Data\SiteAdvisor
2008-05-10 16:15 --------- d-----w C:\Program Files\MSN Messenger
2008-05-10 14:41 --------- d-----w C:\Program Files\Lavasoft
2008-05-05 09:59 --------- d-----w C:\Program Files\FinePixViewer
2008-04-08 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 17:51 --------- d-----w C:\Documents and Settings\Daniel\Application Data\SiteAdvisor
2008-03-04 15:45 606,848 -c--a-w C:\WINDOWS\flashax.exe
2008-03-04 15:45 194,560 ----a-w C:\WINDOWS\screensaver_cadeau_magique.scr
2008-03-04 15:45 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-01-12 20:57 81,920 ----a-w C:\Documents and Settings\Marie\Application Data\ezpinst.exe
2008-01-12 20:57 47,360 -c--a-w C:\Documents and Settings\Marie\Application Data\pcouffin.sys
2006-08-25 13:14 590,528,652 ----a-w C:\Program Files\premierepro.zip
2005-12-20 19:48 2,000,324 ------w C:\Program Files\cdex_151.exe
.

((((((((((((((((((((((((((((( snapshot_2008-05-17_11.01.18.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 03:51:26 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-18 14:14:02 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-18 06:17:04 2,489 -c--a-w C:\WINDOWS\mozver.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4E5B4E-7C12-411B-8151-A86EBA2567A0}]
C:\WINDOWS\system32\ljJBurRj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 17:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 18:06 196608]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 04:18 443968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 23:35 3587120]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 22:42 1404928]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 03:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 03:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 23:54 57344]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 08:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 08:05 127035]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-08 20:11 26112]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" [2005-12-29 17:29 190024]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 17:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 18:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 18:24 217088]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 15:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 15:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 15:36 114688]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-01-29 18:07 3718312]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 11:46 1838592]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-06 02:10 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 03:32 53248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 11:15 15872]
"combofix"="C:\WINDOWS\system32\CF7618.exe" [2004-08-05 19:00 400896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 19:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 23:50]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 00:25]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 05:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 00:08:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:00:37 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2005-03-17 08:41:39 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"


le hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46, on 2008-05-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Marie\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D4E5B4E-7C12-411B-8151-A86EBA2567A0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF7618.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?012ae12d51d84cffa9c8f4e3abe6ff5c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?012ae12d51d84cffa9c8f4e3abe6ff5c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58CB4718-A59C-48C7-ADDC-DD9CE5943BF4}: NameServer = 81.253.149.1 80.10.246.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
0
Réponse 7 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\ljJBurRj.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4E5B4E-7C12-411B-8151-A86EBA2567A0}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

________________

colle un rapport panda pour voir si il trouve des choses et dis moi tes problèmes actuels
0
daniel89440 Messages postés 16 Statut Membre
 
j'ai passé un scan macafee ce matin : ras

je te joins le combo suite à la dernière manip :

ComboFix 08-05-15.3 - Marie 2008-05-19 12:31:56.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.192 [GMT 7:00]
Endroit: C:\Documents and Settings\Marie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marie\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\ljJBurRj.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Marie\Application Data\setup_fr[1].exe
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\RECYCLER\S-1-5-21-2571934723-3149106672-172741559-1007\Dc427.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\asmyvypk.dll
C:\WINDOWS\SYSTEM32\bkkkrvvh.dll
C:\WINDOWS\system32\cvbdsnpn.exe
C:\WINDOWS\system32\dmvufwpo.exe
C:\WINDOWS\SYSTEM32\ekdctslc.dll
C:\WINDOWS\SYSTEM32\ffxtbteg.dll
C:\WINDOWS\SYSTEM32\fkfsldyw.dll
C:\WINDOWS\SYSTEM32\gkvfistq.dll
C:\WINDOWS\system32\gnjxbdct.exe
C:\WINDOWS\SYSTEM32\goshyhes.dll
C:\WINDOWS\system32\iytdvnxk.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini
C:\WINDOWS\SYSTEM32\jRruBJjl.ini2
C:\WINDOWS\SYSTEM32\kdtrvyck.dll
C:\WINDOWS\SYSTEM32\ktrkifxm.dll
C:\WINDOWS\SYSTEM32\ljJBurRj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxfikrtk.ini
C:\WINDOWS\system32\pthtyidf.exe
C:\WINDOWS\system32\qfidhssj.ini
C:\WINDOWS\system32\qorxtldd.ini
C:\WINDOWS\system32\rlyufyeg.exe
C:\WINDOWS\system32\scaluwit.exe
C:\WINDOWS\SYSTEM32\sehyhsog.ini
C:\WINDOWS\SYSTEM32\stkglvxg.dll
C:\WINDOWS\system32\styfsioj.exe
C:\WINDOWS\system32\timaeyfv.exe
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini
C:\WINDOWS\SYSTEM32\uDMSrtwa.ini2
C:\WINDOWS\SYSTEM32\vlanmacd.dll_old
C:\WINDOWS\SYSTEM32\wnyxoidd.ini
C:\WINDOWS\system32\xctuurbv.exe
C:\WINDOWS\SYSTEM32\ykydhpmo.dll_old
C:\WINDOWS\SYSTEM32\ymhrabsx.dll_old
F:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 03:09 . 2008-05-19 03:09 268 --ah----- C:\sqmdata10.sqm
2008-05-19 03:09 . 2008-05-19 03:09 244 --ah----- C:\sqmnoopt10.sqm
2008-05-19 03:03 . 2008-05-19 03:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-18 21:46 . 2008-03-01 19:58 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-05-18 21:46 . 2007-04-17 16:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-05-18 21:46 . 2007-03-08 12:10 1,048,576 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-05-18 21:46 . 2008-03-01 19:58 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-05-18 21:46 . 2008-03-01 19:58 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-05-18 21:46 . 2008-03-01 19:58 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-05-18 21:46 . 2008-03-01 19:58 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-05-18 21:46 . 2008-03-01 19:58 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-05-18 21:46 . 2008-02-22 17:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-05-18 21:32 . 2008-05-18 21:32 268 --ah----- C:\sqmdata09.sqm
2008-05-18 21:32 . 2008-05-18 21:32 244 --ah----- C:\sqmnoopt09.sqm
2008-05-18 21:12 . 2008-05-18 21:12 268 --ah----- C:\sqmdata08.sqm
2008-05-18 21:12 . 2008-05-18 21:12 244 --ah----- C:\sqmnoopt08.sqm
2008-05-18 13:17 . 2008-05-18 13:18 <REP> d-------- C:\Program Files\Panda Security
2008-05-17 11:07 . 2008-05-17 11:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 11:07 . 2008-05-17 11:07 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Malwarebytes
2008-05-17 11:07 . 2008-05-17 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 11:07 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-17 11:07 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-17 10:50 . 2008-05-17 10:50 268 --ah----- C:\sqmdata07.sqm
2008-05-17 10:50 . 2008-05-17 10:50 244 --ah----- C:\sqmnoopt07.sqm
2008-05-17 10:08 . 2008-05-17 10:08 268 --ah----- C:\sqmdata06.sqm
2008-05-17 10:08 . 2008-05-17 10:08 244 --ah----- C:\sqmnoopt06.sqm
2008-05-17 10:07 . 2008-05-17 10:07 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-17 10:03 . 2008-05-19 03:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2008-05-17 09:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-05-17 01:11 . 2008-05-17 01:11 268 --ah----- C:\sqmdata05.sqm
2008-05-17 01:11 . 2008-05-17 01:11 244 --ah----- C:\sqmnoopt05.sqm
2008-05-15 14:46 . 2008-05-15 14:46 126,528 --------- C:\WINDOWS\SYSTEM32\ojmscjnm.dll_old
2008-05-13 19:21 . 2008-05-15 14:43 1,794 ---hs---- C:\WINDOWS\SYSTEM32\dughcuky.ini
2008-05-13 06:41 . 2008-05-13 06:41 <REP> d-------- C:\Program Files\Yahoo!
2008-05-13 06:41 . 2008-05-13 06:42 <REP> d-------- C:\Program Files\CCleaner
2008-05-11 23:51 . 2008-05-11 23:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 23:51 . 2008-05-12 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-11 17:30 . 2008-05-11 17:32 <REP> d-------- C:\Program Files\Unlocker
2008-05-11 17:30 . 2008-05-18 13:05 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Desktopicon
2008-05-10 21:41 . 2008-05-10 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 21:39 . 2008-05-10 21:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 12:40 . 2008-05-10 12:40 <REP> d-------- C:\Documents and Settings\Marie\Application Data\reparateurdesysteme
2008-05-10 12:35 . 2008-05-10 12:35 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-05-10 12:25 . 2008-05-10 13:26 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 18:12 . 2008-05-15 16:32 109,858 --a------ C:\WINDOWS\BM679eeb19.xml
2008-04-27 06:34 . 2008-04-27 06:34 268 --ah----- C:\sqmdata04.sqm
2008-04-27 06:34 . 2008-04-27 06:34 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 02:50 --------- d-----w C:\Program Files\Java
2008-05-12 02:40 --------- d-----w C:\Program Files\BearShare
2008-05-11 05:36 --------- d-----w C:\Program Files\eMule
2008-05-10 18:53 --------- d-----w C:\Documents and Settings\Marie\Application Data\SiteAdvisor
2008-05-10 16:15 --------- d-----w C:\Program Files\MSN Messenger
2008-05-10 14:41 --------- d-----w C:\Program Files\Lavasoft
2008-05-05 09:59 --------- d-----w C:\Program Files\FinePixViewer
2008-04-08 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 17:51 --------- d-----w C:\Documents and Settings\Daniel\Application Data\SiteAdvisor
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-04 15:45 606,848 -c--a-w C:\WINDOWS\flashax.exe
2008-03-04 15:45 194,560 ----a-w C:\WINDOWS\screensaver_cadeau_magique.scr
2008-03-04 15:45 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-03-01 11:28 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-01-12 20:57 81,920 ----a-w C:\Documents and Settings\Marie\Application Data\ezpinst.exe
2008-01-12 20:57 47,360 -c--a-w C:\Documents and Settings\Marie\Application Data\pcouffin.sys
2006-08-25 13:14 590,528,652 ----a-w C:\Program Files\premierepro.zip
2005-12-20 19:48 2,000,324 ------w C:\Program Files\cdex_151.exe
.

((((((((((((((((((((((((((((( snapshot_2008-05-17_11.01.18.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:38 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-05-17 03:51:26 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-18 20:11:14 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 11:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 11:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 11:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 11:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 11:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 11:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-13 11:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 11:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 11:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 10:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 09:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 05:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-13 11:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 11:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-13 11:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 11:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-13 11:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 11:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 11:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 11:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-13 11:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-13 11:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 11:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 11:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 11:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 11:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 11:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 11:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 11:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 11:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 11:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-05-18 06:17:04 2,489 -c--a-w C:\WINDOWS\mozver.dat
- 2007-08-13 11:39:00 123,904 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2007-08-13 11:39:00 123,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
- 2007-08-13 11:35:46 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-08-13 11:35:38 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-08-13 11:54:10 131,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-08-13 11:39:26 152,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-08-13 11:39:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-08-13 10:56:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
- 2007-08-13 11:39:50 382,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-08-13 11:39:10 43,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-08-13 11:54:10 27,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2004-08-05 12:00:00 512,029 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
- 2004-08-05 12:00:00 319,517 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
- 2007-08-13 11:54:10 475,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2004-08-05 12:00:00 1,507,356 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll
- 2004-08-05 12:00:00 53,279 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
- 2004-08-05 12:00:00 241,693 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
- 2004-08-05 12:00:00 213,023 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
- 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
- 2007-08-13 11:44:26 192,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2004-08-05 12:00:00 421,919 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
- 2004-08-05 12:00:00 315,423 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
- 2004-08-05 12:00:00 552,989 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
- 2004-08-05 12:00:00 258,077 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
- 2007-08-13 11:54:10 670,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2004-08-05 12:00:00 831,519 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
- 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
- 2007-08-13 11:44:06 101,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2007-08-13 11:36:12 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-08-13 11:44:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-08-13 11:54:10 1,162,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-08-13 11:54:10 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll
+ 2007-07-12 23:30:52 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
- 2007-08-13 11:54:10 231,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-08-13 11:54:10 818,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2007-08-13 11:35:46 346,624 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-08-13 11:35:38 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-08-13 11:54:10 131,584 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-08-13 11:36:26 61,952 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2007-08-13 11:39:06 54,784 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2007-08-13 11:39:26 152,064 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2007-08-13 11:39:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2007-08-13 10:56:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2007-02-12 09:10:12 2,451,312 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dat
- 2007-07-11 05:27:48 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2007-08-13 11:39:50 382,976 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2007-08-13 11:54:10 6,049,280 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-08-13 11:39:10 43,008 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2007-08-13 11:34:04 266,752 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2007-08-13 11:39:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2007-08-13 11:54:10 27,136 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2004-08-05 12:00:00 512,029 -c--a-w C:\WINDOWS\SYSTEM32\MSEXCH40.DLL
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
- 2004-08-05 12:00:00 319,517 -c--a-w C:\WINDOWS\SYSTEM32\MSEXCL40.DLL
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
- 2007-08-13 11:54:10 458,752 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2007-08-13 11:54:10 50,688 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2007-08-13 11:54:12 3,578,368 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-03-01 11:28:10 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-08-13 11:54:10 475,648 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2004-08-05 12:00:00 1,507,356 -c--a-w C:\WINDOWS\SYSTEM32\MSJET40.DLL
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
- 2004-08-05 12:00:00 358,976 ----a-w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
- 2004-08-05 12:00:00 53,279 -c--a-w C:\WINDOWS\SYSTEM32\MSJTER40.DLL
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
- 2004-08-05 12:00:00 241,693 -c--a-w C:\WINDOWS\SYSTEM32\MSJTES40.DLL
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
- 2004-08-05 12:00:00 213,023 -c--a-w C:\WINDOWS\SYSTEM32\MSLTUS40.DLL
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
- 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\SYSTEM32\MSPBDE40.DLL
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
- 2007-08-13 11:44:26 192,000 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2004-08-05 12:00:00 421,919 -c--a-w C:\WINDOWS\SYSTEM32\MSRD2X40.DLL
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
- 2004-08-05 12:00:00 315,423 -c--a-w C:\WINDOWS\SYSTEM32\MSRD3X40.DLL
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
- 2004-08-05 12:00:00 552,989 -c--a-w C:\WINDOWS\SYSTEM32\MSREPL40.DLL
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
- 2004-08-05 12:00:00 258,077 -c--a-w C:\WINDOWS\SYSTEM32\MSTEXT40.DLL
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
- 2007-08-13 11:54:10 670,720 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2004-08-05 12:00:00 831,519 -c--a-w C:\WINDOWS\SYSTEM32\MSWDAT10.DLL
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
- 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\SYSTEM32\MSXBDE40.DLL
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
- 2007-08-13 11:44:06 101,376 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2007-08-13 11:36:12 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-08-13 11:44:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-08-13 11:54:10 1,162,240 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2007-08-13 11:54:10 231,424 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2007-08-13 11:54:10 818,688 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-05-19 01:42:16 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_650.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4E5B4E-7C12-411B-8151-A86EBA2567A0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 17:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 18:06 196608]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 04:18 443968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 23:35 3587120]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 22:42 1404928]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 03:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 03:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 23:54 57344]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 08:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 08:05 127035]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-08 20:11 26112]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" [2005-12-29 17:29 190024]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 17:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 18:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 18:24 217088]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 15:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 15:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 15:36 114688]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-01-29 18:07 3718312]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 11:46 1838592]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-06 02:10 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 03:32 53248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 11:15 15872]
"combofix"="C:\WINDOWS\system32\CF7618.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 19:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-04-22 12:07:07 839680]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-08-06 00:28:54 294912]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-28 00:51:59 450560]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-11-19 06:00:00 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 23:50]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 00:25]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 05:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 00:08:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:00:37 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2005-03-17 08:41:39 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2006-03-24 18:55:08 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (PROSTGP-Daniel).job"
"2008-05-19 04:54:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 12:36:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-19 12:39:55
ComboFix-quarantined-files.txt 2008-05-19 05:39:33

Pre-Run: 8,849,907,712 octets libres
Post-Run: 8,836,517,888 octets libres

466 --- E O F --- 2008-05-18 20:04:43


et le hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:20, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Marie\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D4E5B4E-7C12-411B-8151-A86EBA2567A0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?012ae12d51d84cffa9c8f4e3abe6ff5c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?012ae12d51d84cffa9c8f4e3abe6ff5c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
0
Réponse 8 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tout est ok !

encore des soucis

tu peux faire un spybot aussi effectivement
0
daniel89440 Messages postés 16 Statut Membre
 
bonsoir jlpjlp,

une mauvaise noubvelle du côté spybot, il reste encore un élément virtumonde.
je te joins le début du rapport (qui est très long) :

--- Search result list ---
Virtumonde.dll: [SBI $7442D4BC] Bibliothèque (Fichier, nothing done)
C:\WINDOWS\SYSTEM32\ojmscjnm.dll_old


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

A priori il a bien voulu le corriger.


Du côté panda 1 que j'ai essayé de desinfecter et 23 non desinfectables (payant)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-19 23:58:24
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00059895 adware/instafinder Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Local Settings\Temp\Cookies\audrey@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel\Cookies\daniel@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@fe.lea.lycos[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[fl01.ct2.comclick.com/]
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@adopt.hbmediapro[2].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@terra.com[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[6].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.questionmarket.com/]
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@888[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cassava[1].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@rn11[2].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@stats1.reliablestats[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@go[1].txt
00215545 Cookie/Bettersearch TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@index[1].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@i.screensavers[1].txt
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@winfixer[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@www.errorsafe[2].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@errorsafe[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\jb0b4owx.default\cookies.txt[.smartadserver.com/]
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Audrey\Cookies\audrey@cgi-bin[7].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Marie\Bureau\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01792438 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
;==================================================================================================================================================================================


Vois tu autre chose à faire ?
Je ferai un autre spybot demain pour voir si j'ai vraiment réussi à me débarrasser de cette librairie oj........

sinon que me conseilles tu de faire en préventif ?

encore merci pour tout le temps que tu m'auras consacré
daniel.
0
Réponse 9 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-­90F0-F66AB581A933}
C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________

vire ce qui est dans moved files en allant dans poste de travail puis C puis OTMOVIT
_______________

mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
________________

installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

_________________

recolle un nouvel hijakchits et dis tes soucis
0
Réponse 10 / 15
daniel89440 Messages postés 16 Statut Membre
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-­­90F0-F66AB581A933} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-­­90F0-F66AB581A933}\\ not found.
File/Folder C:\Documents and Settings\Audrey\Local Settings\Temp\MyGlobalSearch.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05202008_123809

J'ai l'impression qu'il ne le trouve pas.
j'ai essayé en coupant en 2 les 2 lignes : idem

j'ai essayé de vérifier sur C:\Documents and Settings\Audrey mais je n'ai pas accès bien que ma fille ne se serve plus de sa session.
dois je me connecter en passant par cette session ?
0
Réponse 11 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si elle n'utilise plus sa session le plus facile est de supprimer la session sinon recomence en te mettant dans sa session
0
Réponse 12 / 15
daniel89440 Messages postés 16 Statut Membre
 
J'ai supprimé de sa session.
puis j'ai supprimé sa session
j'ai installé spywareblaster

et deux spybot n'ont plus rien détecté : SUPER !!!!!!

Merci du fond du coeur pour toute ton assistance et pour le fun un dernier Hijackthis !!!!
Salut
Daniel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:48, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Marie\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D4E5B4E-7C12-411B-8151-A86EBA2567A0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?012ae12d51d84cffa9c8f4e3abe6ff5c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?012ae12d51d84cffa9c8f4e3abe6ff5c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58CB4718-A59C-48C7-ADDC-DD9CE5943BF4}: NameServer = 81.253.149.1 80.10.246.3
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
0
Réponse 13 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon

pour nettoyer les traces utilise ccleaner que tu pourra garder pour le lancer toutes les semaines

https://www.malekal.com/tutoriel-ccleaner/

_____________

pour virer ce que je t'ai fais utiliser:

Télécharge ToolsCleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/ 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-)
0
Réponse 14 / 15
daniel89440 Messages postés 16 Statut Membre
 
ok j'ai mis toolcleaner et tout s'est bien passé

pour ccleaner je le fais régulièrement.

Par contre en plus du vidage conseilles tu de réparer les erreurs de registre systématiquement ou alors faut il
charger regcleaner pour les nettoyer ?

merci
daniel.
0
Réponse 15 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui repare les erreurs avec ccleaner car de toute façon il propose une sauvegarde a chaque nettoyage (faire le nettoyage a 4 reprises jusqu'a ce que plus rien ne soit trouvé)
0