Posté le: 30 Juin 2008 14:38 Sujet du message: chevaldetroi MSN /apres execu de MSN.fix j'evoi lerapor HELP
SALUT,
Ayant ete infecter hier par chevale de troie vai contact MSN ,j'ai executer MSN.fix
je vous renvoie le msg msn.fix que j'ai recu apres son execution ,
ne sanchant quoi faire maintenant je vous contact
SVP aidez moi a regler ce pb parce que je panique bcp !
en fait rien ne se passe au niveau de mon pc pas de pb depuis que j'ai attrapper le virus ou le cheval de troie meme MSN marche impeccable je sait pas si ca continue a envoyer encore des fichier a mes contact
j'ai fait analyse par mon antivirus KASPERSKY qui a detecter un chevale de trois aujourd'huit et qui il dis avoir supprimer
Ne me laissez pas tomber please repondez !!!!!!!!!
MSNFix 1.728
C:\WINDOWS\MSNFix
Fix exécuté le 29/06/2008 - 21:42:37,85 By sorriso
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
Posté le: 02 Juil 2008 10:26 Sujet du message: rapport de HIJCKTHIS merci de me conseiller une autre fois
BONJOUR,
Merci MARIE pour m'avoir consacrer un peu de votre temps et repondu a ma question je vous suis tres reconnaissante et comme vous m'avez conseillez je vous revoie le rapport de HIJACKTHIS apres installation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Inscrit le: 07 Mar 2006 Messages: 6850 Localisation: Toulon
Posté le: 02 Juil 2008 11:08 Sujet du message:
Je ne vois pas de trace d'infection MSN.
Par contre, il y a un autre type d'infection:
Ton PC s'est retrouvé infecté après avoir visité ce site http://www.deepmusic.info.
Ce site est dangereux. N'y retourne plus.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\msctx32.pp (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{21f89357-ff5b-4e34-9161-eb05cead8eb6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{89286d74-1e06-4ae0-8aee-4d4363d5d814} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89286d74-1e06-4ae0-8aee-4d4363d5d814} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{95b187db-43c8-4ac7-af7f-c93b79d21f1a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95b187db-43c8-4ac7-af7f-c93b79d21f1a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msctx32.pp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56ef9aeb-9f18-4ca9-9d41-60f24cea4a80} (Trojan.Bocata) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\banneradsgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5158247-a780-411d-afb0-d4bb48f0378a} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a700eff-20f9-406c-b2c6-490bbbb30925} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1a700eff-20f9-406c-b2c6-490bbbb30925} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{89cbb8ea-fa02-4f61-b997-0247e69f002b} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89cbb8ea-fa02-4f61-b997-0247e69f002b} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f30021e9-f833-4cea-8577-7f8c80463b34} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10b64bdf-2e05-4a8a-b470-a3c651d0ad00} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83c35173-e029-42f1-9692-0341ee379a0d} (Adware.AdBand) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\banneradsgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISM (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{95b187db-43c8-4ac7-af7f-c93b79d21f1a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sorriso\Application Data\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\sorriso\Menu Démarrer\Antivirus2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\MSCTX32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\qdrloader.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047204.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047213.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047215.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047216.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047218.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047219.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047222.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047223.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047224.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047226.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047229.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047230.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047231.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047237.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047248.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP105\A0047250.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP73\A0018796.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP73\A0018799.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP80\A0020580.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{a03bb3c8-05c1-0b99-bfa0-e27f3c5b7e4a}.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\001B2F1B.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\QdrDrive15.dll (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\QdrDrive16.dll (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\ilaupd.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\VnrPack16.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\x.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
j'ai desinstaller BOONTY GAMES
j'ai executer la commande
relancer HIJACKTHIS et cocher les lignes
et je te poste le nouveau rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:34, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [L08FXLRD_44164671] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: LocalCooling.lnk = C:\Program Files\Uniblue\LocalCooling\localcooling2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1105\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207519898656
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209035826_a5239a79faef0565669d754459aed697&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Electronic Arts Licensing (vugiil3eeni) - Unknown owner - C:\WINDOWS\system32\aumepxvleh.exe
--
End of file - 9770 bytes
[b]PS : ecoute y des lignes que j'ai pas trouver qui sont les suivants :
- R3 - URLSearchHook: as Class - {95B187DB-43C8-4AC7-AF7F-C93B79D21F1A} - C:\WINDOWS\system32\MSCTX32.dll ( a ca place je trouve R3 Default URL Search Hook is missing )
- O2 - BHO: (no name) - {56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80} - (no file)
- O2 - BHO: pp Class - {89286D74-1E06-4AE0-8AEE-4D4363D5D814} - C:\WINDOWS\system32\MSCTX32.dll
- O2 - BHO: BeSideit IE Helper - {89CBB8EA-FA02-4f61-B997-0247E69F002B} - C:\Program Files\QdrDrive\QdrDrive15.dll
- O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
et pas aussi de -O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
meme si j'ai rien compris de tous ca je te remercie infiniment pour ton aide j'attend ta reponse
Inscrit le: 07 Mar 2006 Messages: 6850 Localisation: Toulon
Posté le: 02 Juil 2008 16:51 Sujet du message:
T'as bien bossé. On est presque au bout.
Arrête le service Boonty Games (c'est le nom exact) de la façon suivante.
Fais Démarrer/Exécuter/ saisis services.msc puis OK. Dans la liste des services cherche celui nommé précisément Boonty Games. Double clique dessus.
Vérifie que dans Chemin d'accès des fichiers executables, tu as bien C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
Si c'est le cas:
Dans Etat du service, Clique sur Arrêter
Dans Type de démarrage, sélectionne Désactivé
Fais OK pour fermer toutes les fenêtres.
Relance HijackThis.
Clique sur None of the above Just start The Program. Clique sur le bouton Config puis sur le bouton Misc Tools. Ensuite choisis Delete a NT Service.
Dans le champ tu copie-colles exactement le nom suivant:
Boonty Games puis OK.
Quitte HijackThis.
Relance HijackThis et coche la ligne suivante:
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
Ferme toutes les fenêtres de IE (y compris celle-là) puis clique sur Fix Checked. Confirme le message qui suit.
Redémarre le PC et poste un nouveau log HijackThis.
Pour être sûres qu'il ne reste aucun fichier infecté, fais un scan antivirus en ligne chez Kaspersky.
Le rapport ne doit montrer aucun fichiers infectés ni aucun fichiers suspects. Si ce n'est pas le cas, enregistre le et poste le dans ta prochaine réponse.
Si besoin, consulte ce tuto pour lancer le scan.
Le scan doit être lancé à partir d'Internet Explorer exclusivement.
Si ton antivirus couine un peu à l'installation des contrôles ActiveX de Kaspersky, désactive le, le temps du scan.
Donne moi aussi des nouvelles du PC. _________________
bonjour Marie , desole pour le retard, comme tu m'as demandé je te poste le rapport HIJACK apres avoir effectuer la procedure demander
Ecoute en fait j'ai presque tous fais mais le probleme que j'ai recontrer est pour installer INTERNET EXPLORER pour pouvoir effectuer un dernier scan ,en fait IE s'execute et me dis qu'il est installer mais je trouve pas le programme ni l'icone pour pouvoir l'utiliser , donc si possible me conseiller que doit je faire dans ce cas sinon me passer un lien que je peux utiliser pour effectuer un scan en ligne qui est compatible avec fire fox ;
MERCI
le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:19, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Clique sur Fix Checked et confirme le message qui suit.
Tu peux lancer le scan en ligne Kaspersky à partir de Firefox. C'est tout récent et je n'ai pas de tuto à te proposer.
Laisse toi guider par le scanner et accepte l'installation des applets java quand il te le propose.
A la fin sauvegarde le rapport et poste le dans ta prochaine réponse.
Ensuite on regardera pourquoi IE fait sa mauvaise tête ...
Ca fait longtemps que tu as ce type de problème avec IE? _________________
Posté le: 04 Juil 2008 13:16 Sujet du message: fichier infecter lors du scan
salut Marie ,
en fait la je suis entrain d'effectuer le scan en ligne avec kaspersky et il a detecter pour le moment apres (8%) un fichier infecter , je trouve ca tres bizarre vue que mon antivirus , qui est le meme que j'utilise mnt en ligne , n'a pas detecter
a la fin du processus de scan et que il en dectecte encore des fichier infecter que doit je faire pour les supprimer et desinfecter mon pc ou il va supprimer tous seul les fichier infecter ?
La je te poste la qst avant fin du processus pour savoir la prochaine etappe
Merci
Posté le: 04 Juil 2008 16:01 Sujet du message: rapport kaspersky apres scan
rapport kaspersky
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 10:57:48
Records in database: 912826
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 64576
Threat name 2
Infected objects 2
Suspicious objects 0
Duration of the scan 02:25:26
File name Threat name Threats count
C:\Documents and Settings\Hassen2\Bureau\CursorManiaSetup2.3.50.19.ZCfox000.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.cb 1
C:\Program Files\Windows Live\Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
The selected area was scanned.
est ce que j'installe logiciel comme bitdefender pour desinfecter mon pc??
Posté le: 04 Juil 2008 21:21 Sujet du message: impossible de supprimer
SLT MARIE
En fait j'ai pu supprimer le premier fichier infecter mais quand j'essaie de supprimer C:\Program Files\Windows Live\Messenger\msimg32.dll il m'affiche le msg suivant :
impossible de supprimermsimg32: Acces refuser
Verifier que le fichier n'est pas plein ou proteger en ecriture,et que le fichier n'est pas utiliser actuellement
Inscrit le: 07 Mar 2006 Messages: 6850 Localisation: Toulon
Posté le: 04 Juil 2008 21:46 Sujet du message:
MSN doit être lancé.
Clique sur son icone dans la zone de notification en bas de l'écran à droite et choisis Quitter.
Essaie ensuite de supprimer le fichier. _________________
Posté le: 04 Juil 2008 21:52 Sujet du message: fichier supprimé et envoi de rapport hijack
Voila j'ai supprimer le fichier et vider la corbeille
et executer hijack et en voila le rapport
j'espere que le pb est mnt est resolu ou je doit effectuer un autre scan en ligne
Ecoute comme tout a l'heure je t'ai dis comment est ce que mon antivirus kaspersky n'a pas detecter ses fichier infecter hors que celui en ligne l'a fait ??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:50, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Génère un log 
)
j'ai desinstaller BOONTY GAMES
est ce que j'installe logiciel comme bitdefender pour desinfecter mon pc??