Virus youimgz ??

Résolu
lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,

j'ai reçu sur Msn une demande d'ami que j'ai accepté (qqu'un de la famille) ma fille a continué et a rentré mot de passe et adresse e-mail ....dans la barre d'adresse il y avait " youimgz" .Il paraît que c'est un virus mais pour le moment je n'ai rien remarqué d'anormal......
Alors info ou intox ????
J'ai fait tourner NOD32, SpyBot et Ccleaner.......qui n'ont rien trouvés.
Merci

--
TaPez fOrt......La vIe eSt SoUrdE..........:)))
Configuration: Windows XP
Firefox 3.0.1

9 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

    https://www.androidworld.fr/
    0
    1. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
       
      Re.......... l'ai déjà fait mais je ne m'y connais pas assez.........

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:11:25, on 21/08/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\ATKKBService.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
      C:\Program Files\BroadJump\Client Foundation\CFD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
      C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
      C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Eset\nod32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Muriel\Bureau\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
      O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
      O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      0
  2. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
     
    Re,
    j'ai déjà le rapport mais je ne m'y connais pas assez......

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:25, on 21/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Eset\nod32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Muriel\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    fais ce qui suit stp :

    Télécharger sur le bureau malwarebytes à cette adresse :

    https://www.androidworld.fr/

    Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    Après l analyse, redémarrer le pc et poste le rapport !!

    ensuite :

    télécharge combofix (par sUBs) à cette adresse :

    (c est le numéro 5 en bas de la page) : https://www.androidworld.fr/

    et enregistre le sur le Bureau.

    désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/

    envois le rapport et ensuite refais un nouveau rapport hijackthis stp
    0
    1. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
       
      Re

      Encore merci voici le premier rapport

      Malwarebytes' Anti-Malware 1.25
      Version de la base de données: 1075
      Windows 5.1.2600 Service Pack 2

      14:16:12 21/08/2008
      mbam-log-08-21-2008 (14-16-12).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 94749
      Temps écoulé: 22 minute(s), 55 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 4
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 9

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP382\A0034444.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP382\A0034446.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP382\A0034456.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP382\A0034457.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP382\A0034458.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP384\A0034600.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F54D5551-CB7A-439E-B2C0-7B5833674DC5}\RP399\A0035404.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
      0
      1. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212 > lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention  
         
        Rapport Combo

        ComboFix 08-08-19.06 - Muriel 2008-08-21 14:21:48.1 - NTFSx86
        Microsoft Windows XP Professionnel 5.1.2600.2.1252.32.1036.18.559 [GMT 2:00]
        Endroit: C:\Documents and Settings\Muriel\Bureau\ComboFix.exe
        * Création d'un nouveau point de restauration
        * Resident AV is active


        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\Muriel\Application Data\inst.exe
        C:\WINDOWS\system32\MSINET.oca

        .
        ((((((((((((((((((((((((((((( Fichiers créés 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
        .

        2008-08-21 13:51 . 2008-08-21 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
        2008-08-21 13:51 . 2008-08-21 13:51 <REP> d-------- C:\Documents and Settings\Muriel\Application Data\Malwarebytes
        2008-08-21 13:51 . 2008-08-21 13:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-08-21 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
        2008-08-21 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
        2008-08-09 14:45 . 1999-03-23 00:00 929,844 --------- C:\WINDOWS\system32\MFC42D.DLL
        2008-08-09 14:45 . 1999-03-23 00:00 798,773 --------- C:\WINDOWS\system32\MFCO42D.DLL
        2008-08-09 14:45 . 1998-06-17 00:00 516,173 --------- C:\WINDOWS\system32\MSVCP60D.DLL
        2008-08-09 14:45 . 1999-03-23 00:00 401,484 --------- C:\WINDOWS\system32\Msvcrtd.dll
        2008-08-09 14:45 . 2008-08-09 14:45 0 --a------ C:\WINDOWS\DXT7E.tmp
        2008-08-09 14:39 . 2008-08-09 14:40 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
        2008-08-09 14:39 . 2008-08-09 14:40 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
        2008-08-09 14:39 . 2008-08-09 14:40 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
        2008-08-09 14:38 . 2008-08-09 14:38 <REP> d-------- C:\Program Files\Infogrames
        2008-08-09 13:46 . 2008-08-09 13:46 <REP> d-------- C:\Program Files\Microsoft Silverlight
        2008-08-01 11:54 . 2008-08-01 11:54 <REP> d-------- C:\WINDOWS\system32\AGEIA
        2008-08-01 11:54 . 2008-08-01 11:54 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
        2008-08-01 11:54 . 2008-08-01 11:55 <REP> d-------- C:\Program Files\AGEIA Technologies
        2008-08-01 11:54 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
        2008-08-01 11:54 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
        2008-08-01 11:54 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
        2008-08-01 11:54 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-08-21 12:20 --------- d-----w C:\Documents and Settings\Muriel\Application Data\OpenOffice.org2
        2008-08-21 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-08-21 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-08-21 09:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
        2008-08-12 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
        2008-08-12 09:04 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Apple Computer
        2008-08-09 15:34 --------- d-----w C:\Documents and Settings\Muriel\Application Data\FrostWire
        2008-08-09 09:04 --------- d-----w C:\Program Files\FrostWire
        2008-08-06 09:28 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Vso
        2008-08-01 13:42 --------- d-----w C:\Program Files\TuxMath
        2008-08-01 09:47 --------- d-----w C:\Program Files\Ubisoft
        2008-07-20 13:42 --------- d-----w C:\Program Files\Zylom Games
        2008-07-19 13:01 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Zylom
        2008-07-19 13:01 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Jane s Hotel
        2008-07-18 14:50 --------- d-----w C:\Program Files\Lexmark X1100 Series
        2008-07-11 14:21 --------- d-----w C:\Documents and Settings\Muriel\Application Data\tuxmath
        2008-07-11 07:42 --------- d-----w C:\Program Files\Java
        2008-07-05 09:17 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Planit International
        2008-07-05 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Planit Fusion Live But
        2008-07-04 10:03 --------- d-----w C:\Program Files\QuickTime
        2008-06-26 16:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4
        2008-06-26 16:07 --------- d-----w C:\Program Files\readmes
        2008-06-26 16:07 --------- d-----w C:\Program Files\licenses
        2008-06-22 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
        2008-05-29 20:59 52,116 ----a-w C:\Program Files\openoffice.org-onlineupdate.cab
        2008-05-29 20:59 37,375 ----a-w C:\Program Files\openoffice.org-xsltfilter.cab
        2008-05-29 20:59 207,388 ----a-w C:\Program Files\openoffice.org-testtool.cab
        2008-05-29 20:59 2,650,886 ----a-w C:\Program Files\openoffice.org-writer.cab
        2008-05-29 20:59 2,504,975 ----a-w C:\Program Files\openoffice.org-pyuno.cab
        2008-05-29 20:59 1,183,268 ----a-w C:\Program Files\openoffice.org-math.cab
        2008-05-29 20:58 86,870 ----a-w C:\Program Files\openoffice.org-graphicfilter.cab
        2008-05-29 20:58 2,769 ----a-w C:\Program Files\openoffice.org-emailmerge.cab
        2008-05-29 20:58 118,910 ----a-w C:\Program Files\openoffice.org-javafilter.cab
        2008-05-29 20:58 1,372,593 ----a-w C:\Program Files\openoffice.org-impress.cab
        2008-05-29 20:57 4,164,599 ----a-w C:\Program Files\openoffice.org-core07.cab
        2008-05-29 20:57 306,690 ----a-w C:\Program Files\openoffice.org-core08.cab
        2008-05-29 20:57 28,864,638 ----a-w C:\Program Files\openoffice.org-core06.cab
        2008-05-29 20:57 2,031,954 ----a-w C:\Program Files\openoffice.org-core09.cab
        2008-05-29 20:57 1,025,727 ----a-w C:\Program Files\openoffice.org-draw.cab
        2008-05-29 20:53 18,634,513 ----a-w C:\Program Files\openoffice.org-core05.cab
        2008-05-29 20:52 16,503,595 ----a-w C:\Program Files\openoffice.org-core04.cab
        2008-05-29 20:51 9,117,929 ----a-w C:\Program Files\openoffice.org-core03.cab
        2008-05-29 20:50 3,861,722 ----a-w C:\Program Files\openoffice.org-core02.cab
        2008-05-29 20:50 15,104,538 ----a-w C:\Program Files\openoffice.org-core01.cab
        2008-05-29 20:49 43,005 ----a-w C:\Program Files\openoffice.org-activex.cab
        2008-05-29 20:49 4,845,907 ----a-w C:\Program Files\openoffice.org-calc.cab
        2008-05-29 20:49 4,377,600 ----a-w C:\Program Files\openofficeorg24.msi
        2008-05-29 20:49 217 ----a-w C:\Program Files\setup.ini
        2008-05-29 20:49 1,878,252 ----a-w C:\Program Files\openoffice.org-base.cab
        2007-11-16 16:46 47,360 ----a-w C:\Documents and Settings\Muriel\Application Data\pcouffin.sys
        2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
        2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
        .

        ------- Sigcheck -------

        2007-05-08 16:10 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
        .
        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
        "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-27 09:39 67128]
        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 10:55 68856]
        "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
        "AnumanLive"="C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-11-17 18:23 347136]
        "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
        "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
        "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
        "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
        "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-08 16:04 949376]
        "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
        "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
        "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
        "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
        "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
        "nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

        C:\Documents and Settings\Muriel\Menu D‚marrer\Programmes\D‚marrage\
        Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
        OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

        C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-08-20 09:03:49 217088]
        Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-27 09:39:28 67128]
        Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-10 10:55:33 528384]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
        "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
        SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
        -ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001
        "UpdatesDisableNotify"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
        "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
        "C:\\Program Files\\Messenger\\msmsgs.exe"=
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
        "C:\\WINDOWS\\system32\\dpvsetup.exe"=
        "C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
        "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
        "C:\\Program Files\\FrostWire\\FrostWire.exe"=
        "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
        "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
        "C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
        "C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"=
        "C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=

        R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
        R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
        R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-06-09 16:57]
        S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-12-18 23:02]
        S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 15:19]
        S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
        S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
        S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 06:57]
        S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 14:00]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a770948-5056-11dd-a20d-001a9256e911}]
        \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb7140c-34c4-11dd-a1df-001a9256e911}]
        \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11af6d3-b460-11dc-a11f-001a9256e911}]
        \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3dd554f-7a73-11dc-80f4-001a9256e911}]
        \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

        *Newly Created Service* - CATCHME
        *Newly Created Service* - PROCEXP90
        .
        .
        ------- Supplementary Scan -------
        .
        FireFox -: Profile - C:\Documents and Settings\Muriel\Application Data\Mozilla\Firefox\Profiles\obg4u4ad.default\
        FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
        FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://equisup.fr/
        FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
        FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
        FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npornap.dll
        FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
        FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
        FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
        .

        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-08-21 14:23:44
        Windows 5.1.2600 Service Pack 2 NTFS

        Balayage processus cachés ...

        Balayage caché autostart entries ...

        Balayage des fichiers cachés ...

        Scan terminé avec succès
        Les fichiers cachés: 0

        **************************************************************************
        .
        --------------------- DLLs a chargé sous des processus courants ---------------------

        PROCESS: C:\WINDOWS\system32\lsass.exe
        -> C:\Program Files\Eset\pr_imon.dll
        .
        Temps d'accomplissement: 2008-08-21 14:24:41
        ComboFix-quarantined-files.txt 2008-08-21 12:24:35

        Pre-Run: 50,860,138,496 octets libres
        Post-Run: 50,954,272,768 octets libres

        212 --- E O F --- 2007-08-22 09:34:45
        Rapport Hijackthis

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 14:28:12, on 21/08/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\ATKKBService.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\Program Files\Eset\nod32krn.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\WINDOWS\ehome\ehtray.exe
        C:\Program Files\Analog Devices\Core\smax4pnp.exe
        C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
        C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
        C:\Program Files\Eset\nod32kui.exe
        C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
        C:\Program Files\BroadJump\Client Foundation\CFD.exe
        C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
        C:\Program Files\QuickTime\QTTask.exe
        C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
        C:\WINDOWS\eHome\ehmsas.exe
        C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
        C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
        C:\Program Files\TomTom HOME 2\HOMERunner.exe
        C:\Program Files\Logitech\SetPoint\SetPoint.exe
        C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
        C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
        C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
        C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
        O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
        O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
        O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
        O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
        O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
        O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
        O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
        O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
        O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        0
  4. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
     
    Deuxieme rapport

    ComboFix 08-08-19.06 - Muriel 2008-08-21 14:21:48.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.32.1036.18.559 [GMT 2:00]
    Endroit: C:\Documents and Settings\Muriel\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Muriel\Application Data\inst.exe
    C:\WINDOWS\system32\MSINET.oca

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-21 13:51 . 2008-08-21 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-21 13:51 . 2008-08-21 13:51 <REP> d-------- C:\Documents and Settings\Muriel\Application Data\Malwarebytes
    2008-08-21 13:51 . 2008-08-21 13:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-21 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-21 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-09 14:45 . 1999-03-23 00:00 929,844 --------- C:\WINDOWS\system32\MFC42D.DLL
    2008-08-09 14:45 . 1999-03-23 00:00 798,773 --------- C:\WINDOWS\system32\MFCO42D.DLL
    2008-08-09 14:45 . 1998-06-17 00:00 516,173 --------- C:\WINDOWS\system32\MSVCP60D.DLL
    2008-08-09 14:45 . 1999-03-23 00:00 401,484 --------- C:\WINDOWS\system32\Msvcrtd.dll
    2008-08-09 14:45 . 2008-08-09 14:45 0 --a------ C:\WINDOWS\DXT7E.tmp
    2008-08-09 14:39 . 2008-08-09 14:40 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2008-08-09 14:39 . 2008-08-09 14:40 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2008-08-09 14:39 . 2008-08-09 14:40 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2008-08-09 14:38 . 2008-08-09 14:38 <REP> d-------- C:\Program Files\Infogrames
    2008-08-09 13:46 . 2008-08-09 13:46 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-08-01 11:54 . 2008-08-01 11:54 <REP> d-------- C:\WINDOWS\system32\AGEIA
    2008-08-01 11:54 . 2008-08-01 11:54 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-08-01 11:54 . 2008-08-01 11:55 <REP> d-------- C:\Program Files\AGEIA Technologies
    2008-08-01 11:54 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
    2008-08-01 11:54 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
    2008-08-01 11:54 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
    2008-08-01 11:54 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-21 12:20 --------- d-----w C:\Documents and Settings\Muriel\Application Data\OpenOffice.org2
    2008-08-21 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-21 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-21 09:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-12 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-12 09:04 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Apple Computer
    2008-08-09 15:34 --------- d-----w C:\Documents and Settings\Muriel\Application Data\FrostWire
    2008-08-09 09:04 --------- d-----w C:\Program Files\FrostWire
    2008-08-06 09:28 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Vso
    2008-08-01 13:42 --------- d-----w C:\Program Files\TuxMath
    2008-08-01 09:47 --------- d-----w C:\Program Files\Ubisoft
    2008-07-20 13:42 --------- d-----w C:\Program Files\Zylom Games
    2008-07-19 13:01 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Zylom
    2008-07-19 13:01 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Jane s Hotel
    2008-07-18 14:50 --------- d-----w C:\Program Files\Lexmark X1100 Series
    2008-07-11 14:21 --------- d-----w C:\Documents and Settings\Muriel\Application Data\tuxmath
    2008-07-11 07:42 --------- d-----w C:\Program Files\Java
    2008-07-05 09:17 --------- d-----w C:\Documents and Settings\Muriel\Application Data\Planit International
    2008-07-05 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Planit Fusion Live But
    2008-07-04 10:03 --------- d-----w C:\Program Files\QuickTime
    2008-06-26 16:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-06-26 16:07 --------- d-----w C:\Program Files\readmes
    2008-06-26 16:07 --------- d-----w C:\Program Files\licenses
    2008-06-22 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
    2008-05-29 20:59 52,116 ----a-w C:\Program Files\openoffice.org-onlineupdate.cab
    2008-05-29 20:59 37,375 ----a-w C:\Program Files\openoffice.org-xsltfilter.cab
    2008-05-29 20:59 207,388 ----a-w C:\Program Files\openoffice.org-testtool.cab
    2008-05-29 20:59 2,650,886 ----a-w C:\Program Files\openoffice.org-writer.cab
    2008-05-29 20:59 2,504,975 ----a-w C:\Program Files\openoffice.org-pyuno.cab
    2008-05-29 20:59 1,183,268 ----a-w C:\Program Files\openoffice.org-math.cab
    2008-05-29 20:58 86,870 ----a-w C:\Program Files\openoffice.org-graphicfilter.cab
    2008-05-29 20:58 2,769 ----a-w C:\Program Files\openoffice.org-emailmerge.cab
    2008-05-29 20:58 118,910 ----a-w C:\Program Files\openoffice.org-javafilter.cab
    2008-05-29 20:58 1,372,593 ----a-w C:\Program Files\openoffice.org-impress.cab
    2008-05-29 20:57 4,164,599 ----a-w C:\Program Files\openoffice.org-core07.cab
    2008-05-29 20:57 306,690 ----a-w C:\Program Files\openoffice.org-core08.cab
    2008-05-29 20:57 28,864,638 ----a-w C:\Program Files\openoffice.org-core06.cab
    2008-05-29 20:57 2,031,954 ----a-w C:\Program Files\openoffice.org-core09.cab
    2008-05-29 20:57 1,025,727 ----a-w C:\Program Files\openoffice.org-draw.cab
    2008-05-29 20:53 18,634,513 ----a-w C:\Program Files\openoffice.org-core05.cab
    2008-05-29 20:52 16,503,595 ----a-w C:\Program Files\openoffice.org-core04.cab
    2008-05-29 20:51 9,117,929 ----a-w C:\Program Files\openoffice.org-core03.cab
    2008-05-29 20:50 3,861,722 ----a-w C:\Program Files\openoffice.org-core02.cab
    2008-05-29 20:50 15,104,538 ----a-w C:\Program Files\openoffice.org-core01.cab
    2008-05-29 20:49 43,005 ----a-w C:\Program Files\openoffice.org-activex.cab
    2008-05-29 20:49 4,845,907 ----a-w C:\Program Files\openoffice.org-calc.cab
    2008-05-29 20:49 4,377,600 ----a-w C:\Program Files\openofficeorg24.msi
    2008-05-29 20:49 217 ----a-w C:\Program Files\setup.ini
    2008-05-29 20:49 1,878,252 ----a-w C:\Program Files\openoffice.org-base.cab
    2007-11-16 16:46 47,360 ----a-w C:\Documents and Settings\Muriel\Application Data\pcouffin.sys
    2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
    2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
    .

    ------- Sigcheck -------

    2007-05-08 16:10 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-27 09:39 67128]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 10:55 68856]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
    "AnumanLive"="C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-11-17 18:23 347136]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-08 16:04 949376]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
    "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
    "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    C:\Documents and Settings\Muriel\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-08-20 09:03:49 217088]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-27 09:39:28 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-10 10:55:33 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\FrostWire\\FrostWire.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
    "C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"=
    "C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-06-09 16:57]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-12-18 23:02]
    S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 15:19]
    S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
    S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 06:57]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 14:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a770948-5056-11dd-a20d-001a9256e911}]
    \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb7140c-34c4-11dd-a1df-001a9256e911}]
    \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11af6d3-b460-11dc-a11f-001a9256e911}]
    \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3dd554f-7a73-11dc-80f4-001a9256e911}]
    \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Muriel\Application Data\Mozilla\Firefox\Profiles\obg4u4ad.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://equisup.fr/
    FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npornap.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 14:23:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Temps d'accomplissement: 2008-08-21 14:24:41
    ComboFix-quarantined-files.txt 2008-08-21 12:24:35

    Pre-Run: 50,860,138,496 octets libres
    Post-Run: 50,954,272,768 octets libres

    212 --- E O F --- 2007-08-22 09:34:45
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
     
    Deuxieme Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:28:12, on 21/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Muriel\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    relance hijackthis en cliquant sur scan only et coches ces lignes stp :

    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    puis tu cliques sur fix checked.

    vas faire la mise à niveau d adobe reader à cette adresse :

    https://get2.adobe.com/reader/otherversions/

    et ensuite désinstalle la version antérieure 8.0

    est ce que tu as encore des problemes ??
    0
    1. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
       
      Re,

      j'ai tout fait mais je ne vois aucune différence vu que je n'avais pas spécialement de problèmes (a part qques pages de pub avec IE mais vu que j'utilise Firefox cela ne me gênait pas)...
      Alors si pour toi c'est ok ça l'est pour moi aussi...:)))

      Merci du coup de main
      @+
      0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu peux faire ceci pour terminer stp :

    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

    Télécharge toolscleaner sur ton Bureau :

    (c est le numéro 15 en bas de la page) : https://www.androidworld.fr/

    * Double-clique sur ToolsCleaner2.exe et laisse le travailler
    * Clique sur Recherche et laisse le scan se terminer.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options facultatives.
    * Clique sur Quitter, pour que le rapport puisse se créer.
    * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

    Désactive et réactive la Restauration du système :

    1 Dans la barre des tâches de Windows, clique sur Démarrer.

    2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

    3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

    4 Clique sur Appliquer.

    5 Ensuite décoche "Désactiver la restauration du systeme"

    6 clique sur appliquer puis ok

    7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.

    Tu peux mettre ton problème résolu !!
    0
  9. lapaumeedupc1 Messages postés 392 Date d'inscription   Statut Membre Dernière intervention   212
     
    Re,

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Muriel\Recent\HijackThis.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Muriel\Recent\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    @+
    0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    C est ok ;-)

    @+
    0