Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

patched- function

lesmonchs

Par lesmonchs
dans Analyses et éradication malwares

 Partager

Messages recommandés

lesmonchs Junior Member

lesmonchs

Posté(e)
Posté(e)

bonsoir,

je vois que je ne suis pas le seul à avoir récupérer ce "patched function" :P , j' ai suivi les intructions de Bruce Lee, donc voici le résultat de Hijackthis et de black light:

et également avec "silent runners"

merci de votre aide, et j'aimerais bien compendre pourquoi mc afee détecte le virus mais n'arrive pas à le supprimer ??? :P:P

 

Résultat Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 14:17:11, on 27/01/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\McAfee\MSC\mctskshd.exe

C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\windows\system32\eouyqjnw.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Inventel\Gateway\WLANCFG.EXE

C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\McAfee\MSC\mcshell.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [eouyqjnw] c:\windows\system32\eouyqjnw.exe eouyqjnw

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

O4 - Startup: ADILOOK Français sur disque C.LNK = C:\COKTEL\ADI4OEMP\ADILOOK.EXE

O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe

O4 - Global Startup: DVD@ccess.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm636YYFR

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

 

resultat: black

 

01/27/07 14:27:27 [info]: BlackLight Engine 1.0.55 initialized

01/27/07 14:27:27 [info]: OS: 5.1 build 2600 (Service Pack 2)

01/27/07 14:27:28 [Note]: 7019 4

01/27/07 14:27:28 [Note]: 7005 0

01/27/07 14:27:38 [Note]: 7006 0

01/27/07 14:27:38 [Note]: 7011 1640

01/27/07 14:27:38 [Note]: 7026 0

01/27/07 14:27:39 [Note]: 7026 0

01/27/07 14:27:39 [Note]: 7015 2264

01/27/07 14:27:39 [Note]: 7015 87

01/27/07 14:28:01 [Note]: FSRAW library version 1.7.1021

01/27/07 14:44:28 [Note]: 2000 1012

01/27/07 14:46:00 [Note]: 7007 0

 

 

rsultat silent runners

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"MSKAGENTEXE" = "c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" ["McAfee Inc."]

"WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=" [empty string]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" [file not found]

"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\Money Express.exe"" [MS]

"MailSkinner" = "c:\program files\mailskinner\mailskinner.exe" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"DadApp" = "C:\Program Files\Dell\AccessDirect\dadapp.exe" [null data]

"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"MPSExe" = "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding" ["McAfee, Inc"]

"MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" ["McAfee Inc."]

"MSKDetectorExe" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup" ["McAfee, Inc."]

"RoxioEngineUtility" = ""C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"" ["Roxio"]

"RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"" ["Roxio"]

"RoxioAudioCentral" = ""C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"" ["Roxio, Inc."]

"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]

"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"Dit" = "Dit.exe" ["ICSI Technology Ltd."]

"Ulead AutoDetector v2" = "C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]

"(Default)" = "(empty string)" [file not found]

"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"(Default)" = (unknown data type)

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\4608\SiteAdv.dll" ["McAfee, Inc."]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\(Default) = (no title provided)

-> {HKLM...CLSID} = "McBrwHelper Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll" ["McAfee, Inc"]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}\(Default) = (no title provided)

-> {HKLM...CLSID} = "McAfee Privacy Service Popup Blocker"

\InProcServer32\(Default) = "c:\program files\mcafee.com\mps\popupkiller.dll" ["McAfee, Inc"]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\(Default) = (no title provided)

-> {HKLM...CLSID} = "McAfee AntiPhishing Filter"

\InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

-> {HKLM...CLSID} = "scriptproxy"

\InProcServer32\(Default) = "c:\program files\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ST"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MSNToolBandBHO"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Gestionnaire de fichiers Sony Ericsson"

-> {HKLM...CLSID} = "Gestionnaire de fichiers Sony Ericsson"

\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

"{2F860D81-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Shell Extension"

-> {HKLM...CLSID} = "UltimateZip Shell Extension 1"

\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data]

"{2F860D82-AF3C-11D4-BDB3-00E0987D8540}" = "UltimateZip Drag Drop Handler"

-> {HKLM...CLSID} = "UltimateZip Drag Drop Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshldr.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

-> {HKLM...CLSID} = "McVSRightclickScanner Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]

UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"

-> {HKLM...CLSID} = "UltimateZip Shell Extension 1"

\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

-> {HKLM...CLSID} = "McVSRightclickScanner Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]

NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"

-> {HKLM...CLSID} = "NetWare UNC Folder Menu"

\InProcServer32\(Default) = "nwprovau.dll" [MS]

UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"

-> {HKLM...CLSID} = "UltimateZip Shell Extension 1"

\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1\uzshlex.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\PERSO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\Matrix3D.scr" [null data]

 

 

Startup items in "PERSO" & "All Users" startup folders:

-------------------------------------------------------

 

C:\Documents and Settings\PERSO\Menu Démarrer\Programmes\Démarrage

"ADILOOK Français sur disque C" -> shortcut to: "C:\COKTEL\ADI4OEMP\ADILOOK.EXE" [empty string]

"MSN Pictures Displayer" -> shortcut to: "C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe /P" [empty string]

"UltimateZip Quick Start" -> shortcut to: "C:\Program Files\UltimateZip 2007\uzqkst.exe" ["SWE von Schleusen"]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"DVD@ccess" -> shortcut to: "C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe" ["Apple Computer"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"McDefragTask" -> launches: "C:\WINDOWS\system32\defrag.exe C: -f" ["Microsoft Corp. and Executive Software International, Inc."]

"McQcTask" -> launches: "c:\program files\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\mclsp.dll ["Networks Associates Technology, Inc"], 01 - 34, 69

%SystemRoot%\system32\mswsock.dll [MS], 35 - 37, 40 - 68

%SystemRoot%\system32\rsvpsp.dll [MS], 38 - 39

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [MS]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

-> {HKLM...CLSID} = "MSN"

\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [MS]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor"

-> {HKLM...CLSID} = "McAfee SiteAdvisor"

\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\4608\SiteAdv.dll" ["McAfee, Inc."]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{1462651F-F4BA-4C76-A001-C4284D0FE16E}\

"ButtonText" = "Wanadoo"

"Exec" = "http://www.wanadoo.fr" [file not found]

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

 

{39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\

"MenuText" = "McAfee AntiPhishing Filter"

"CLSIDExtension" = "{7DD73374-7187-4103-8F29-622AA25E7C40}"

-> {HKLM...CLSID} = "MyCfgDlgCmdTarget Class"

\InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]

McAfee E-mail Proxy, Emproxy, "C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe" ["McAfee, Inc."]

McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]

McAfee Log Manager, McLogManagerService, "C:\PROGRA~1\McAfee\MSC\mclogsrv.exe" ["McAfee, Inc."]

McAfee Network Agent, McNASvc, ""c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]

McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]

McAfee Protection Manager, mcpromgr, "C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]

McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]

McAfee Redirector Service, McRedirector, "c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe" ["McAfee, Inc."]

McAfee Scanner, McODS, "C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."]

McAfee SpamKiller Server, MskService, "C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe" ["McAfee Inc."]

McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]

McAfee Task Scheduler, McTskshd.exe, "C:\PROGRA~1\McAfee\MSC\mctskshd.exe" ["McAfee, Inc."]

McAfee Update Manager, mcmispupdmgr, "C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe" ["McAfee, Inc."]

McAfee User Manager, mcusrmgr, "C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe" ["McAfee, Inc."]

Service client pour NetWare, NWCWorkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]}

Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}

 

 

----------

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 81 seconds, including 18 seconds for message boxes)

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut et bienvenue :P

 

Tu as nettoyé ton pc tout seul :P car le rapport Blacklight est propre! Tu ne dois plus avoir de pubs normalement!

As tu utilisé le BFU??

Il faut juste ajouter un nettoyage qui va débarrasser ton pc des restes de l'infection (restes visibles dans ton rapport hijackthis).

Il faut que tu refasses un rapport hijackthis car celui que as posté est antérieur au passage de Blacklight !

 

Donc > poste un nouveau rappoprt hijackthis + télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.

 

Pour info, à ne pas oublier> tu as infecté ton pc tout seul sans le savoir!!

 

L'infection qui a pourri tes surfs se nomme MAgic Control Agent .

Cette infection est véhiculée par des logiciels qu'il faut fuir absolument!! en voici une liste non exhaustive pour ne pas tomber dans le piège à nouveau >

  • go-astro
  • GoRecord
  • HotTVPlayer
  • MailSkinner
  • Messenger Skinner
  • Instant Access
  • InternetGameBox
  • sudoplanet
  • Webmediaplayer sauf celui provenant du site suivant > http://www.azertysite.new.fr/

D'une manière générale, méfie toi des utilitaires que tu télécharges!!Utilise Google pour voir si c'e n'est pas un logiciel qui installe un spyware : une simple recherche de quelques minutes te permettra de te faire une idée.

Par exemple : fais une recherche sur MessengerSkinner et tu verras le nombre de discussion ou les gens se plaignent de publicité intempestives ....

 

Voilà une autre liste que tu peux consulter avant d'installer un antispyware si tu es amené à le faire : elle recense tout un tas de faux utilitaires qui n'ont aucune efficacité, et qui peuvent même être dangerueux car pas fiables : http://forum.zebulon.fr/index.php?showtopic=102647

D'autres apparaissent chaque jour(ou presque) ! aussi une recherche encore une fois avant d'installer quoique ce soit!!

 

@+

Modifié par charles ingals
bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

salut charles :P , lesmonchs,

 

lesmonchs, ton problème est prit en charge par l'ami charles merci de rester dedans pour répondre, tu descends en bas de page et tu cliques sur le bouton "répondre" qui se trouve a droite de ton écran.

laurent07 Junior Member

laurent07

Posté(e)
Posté(e)
salut charles :P , lesmonchs,

 

lesmonchs, ton problème est prit en charge par l'ami charles merci de rester dedans pour répondre, tu descends en bas de page et tu cliques sur le bouton "répondre" qui se trouve a droite de ton écran.

Bonjour a tous

 

Je suis nouveau sur votre forum inscrition hier !

Je voulais faire part de mon problème avec MC affee et un Virus patched-function.

j'ai utilisé la procédure que propose le forum et j'ai reussi a supprimer ce virus en utilisant blacklight et ccleaner.

ci dessous le fichier log de blacklight que j'ai renommés et depuis mcaffe ne trouve plus le virus.

 

02/02/07 23:24:26 [info]: BlackLight Engine 1.0.55 initialized

02/02/07 23:24:26 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/02/07 23:24:26 [Note]: 7019 4

02/02/07 23:24:26 [Note]: 7005 0

02/02/07 23:24:29 [Note]: 7006 0

02/02/07 23:24:29 [Note]: 7011 1496

02/02/07 23:24:29 [Note]: 7026 0

02/02/07 23:24:30 [Note]: 7026 0

02/02/07 23:24:30 [Note]: 7024 3 :P:P 02/02/07 23:24:30 [info]: Hidden process: C:\windows\system32\bdsncfrnbd.exe

02/02/07 23:24:34 [Note]: FSRAW library version 1.7.1021

02/02/07 23:28:06 [info]: Hidden file: c:\WINDOWS\system32\bdsncfrnbd.dat

02/02/07 23:28:06 [Note]: 10002 1

02/02/07 23:28:06 [info]: Hidden file: C:\windows\system32\bdsncfrnbd.exe

02/02/07 23:28:06 [Note]: 10002 1

02/02/07 23:28:06 [info]: Hidden file: c:\WINDOWS\system32\bdsncfrnbd_nav.dat

02/02/07 23:28:06 [Note]: 10002 1

02/02/07 23:28:06 [info]: Hidden file: c:\WINDOWS\system32\bdsncfrnbd_navps.dat

02/02/07 23:28:06 [Note]: 10002 1

02/02/07 23:34:15 [Note]: 7007 0

 

je tenais a vous remercier pour votre forum ainsi que tout ceux qui y participe

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

bonjour laurent07 et bienvenue sur zebulon :P

 

Merci de ne pas poster dans un sujet appartenant déjà a quelqu'un :P

 

Il se peut qu'il reste des traces je te conseille donc de créer ton sujet afin qu'un helpeur vérifie

 

@+

lesmonchs Junior Member

lesmonchs

Posté(e)
  • Auteur
Posté(e)
salut et bienvenue :P

 

Tu as nettoyé ton pc tout seul :P car le rapport Blacklight est propre! Tu ne dois plus avoir de pubs normalement!

As tu utilisé le BFU??

Il faut juste ajouter un nettoyage qui va débarrasser ton pc des restes de l'infection (restes visibles dans ton rapport hijackthis).

Il faut que tu refasses un rapport hijackthis car celui que as posté est antérieur au passage de Blacklight !

 

Donc > poste un nouveau rappoprt hijackthis + télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.

 

Pour info, à ne pas oublier> tu as infecté ton pc tout seul sans le savoir!!

 

L'infection qui a pourri tes surfs se nomme MAgic Control Agent .

Cette infection est véhiculée par des logiciels qu'il faut fuir absolument!! en voici une liste non exhaustive pour ne pas tomber dans le piège à nouveau >

  • go-astro
  • GoRecord
  • HotTVPlayer
  • MailSkinner
  • Messenger Skinner
  • Instant Access
  • InternetGameBox
  • sudoplanet
  • Webmediaplayer sauf celui provenant du site suivant > http://www.azertysite.new.fr/

D'une manière générale, méfie toi des utilitaires que tu télécharges!!Utilise Google pour voir si c'e n'est pas un logiciel qui installe un spyware : une simple recherche de quelques minutes te permettra de te faire une idée.

Par exemple : fais une recherche sur MessengerSkinner et tu verras le nombre de discussion ou les gens se plaignent de publicité intempestives ....

 

Voilà une autre liste que tu peux consulter avant d'installer un antispyware si tu es amené à le faire : elle recense tout un tas de faux utilitaires qui n'ont aucune efficacité, et qui peuvent même être dangerueux car pas fiables : http://forum.zebulon.fr/index.php?showtopic=102647

D'autres apparaissent chaque jour(ou presque) ! aussi une recherche encore une fois avant d'installer quoique ce soit!!

 

@+

 

 

Merci Charles de t'occuper de mon pb :P

 

ci dessous nouvceau rapport d hijackthis, par contre qd je lance l'option 1 de DIALER, je n'obtiens rien :P

par contre tu me dis que j'ai nettoyé mon PC, mais Mc afee me détecte tjs le virus ?????

 

Logfile of HijackThis v1.99.1

Scan saved at 18:46:51, on 03/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\McAfee\MSC\mctskshd.exe

C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\vsnpstd.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Money\System\Money Express.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe

C:\Program Files\UltimateZip 2007\uzqkst.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Inventel\Gateway\WLANCFG.EXE

C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SiteAdvisor\4608\SiteAdv.exe

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\PROGRA~1\ULTIMA~1\uzip.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

O4 - Startup: ADILOOK Français sur disque C.LNK = C:\COKTEL\ADI4OEMP\ADILOOK.EXE

O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe

O4 - Global Startup: DVD@ccess.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm636YYFR

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

 

 

alors, qu'en dis tu ?

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut lesmonchs, bruce :P

 

Oui je te disait que tu avais éliminé l'infection car ton rapport Balcklight ne montre pas les fichiers qui en sont responsables.

Par contre il reste des traces que ton antivirus a certainement détecté! Est ce que tu as un rapport de Mc afee , ou peux tu me dire sur quel(s) fichiers(s) il trouve un malware?

 

Aucun rapport ne s'affiche après avoir lancé l'option 1 de Diagelp ?? Tu as accès au menu? Réesaie stp en suivant bien les recommendations de Malekal Morte > http://www.malekal.com/DiagHelp/DiagHelp.php

 

*Démarre Hijackthis et clique sur "Do a system scan only", et coche les lignes suivantes :

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm636YYFR

-Ferme tous les programmes et clique sur "Fix Checked"

 

Si tu ne parviens pas à utiliser DiagHelp, fais ceci >

 

Télécharge WinPFind3U.exe sur ton bureau.

  • Double clique sur le fichier téléchargé : un dossier nommé WinPFind3U va apparaitre sur ton bureau.
  • Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
  • Sous le groupe Files Created Within sélectionne 60 days
  • Sous le groupe Files Modified Within sélectionne 60 days
  • Sous le groupe String Search sélectionne Non-Microsoft
  • A présent clique sur le bouton Run Scan dans la barre d'outils
  • Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
  • Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
  • Copie/Colle le contenu du rapport dans ta prochaine réponse.

@+ :P

lesmonchs Junior Member

lesmonchs

Posté(e)
  • Auteur
Posté(e)
salut lesmonchs, bruce :P

 

Oui je te disait que tu avais éliminé l'infection car ton rapport Balcklight ne montre pas les fichiers qui en sont responsables.

Par contre il reste des traces que ton antivirus a certainement détecté! Est ce que tu as un rapport de Mc afee , ou peux tu me dire sur quel(s) fichiers(s) il trouve un malware?

 

Aucun rapport ne s'affiche après avoir lancé l'option 1 de Diagelp ?? Tu as accès au menu? Réesaie stp en suivant bien les recommendations de Malekal Morte > http://www.malekal.com/DiagHelp/DiagHelp.php

 

*Démarre Hijackthis et clique sur "Do a system scan only", et coche les lignes suivantes :

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm636YYFR

-Ferme tous les programmes et clique sur "Fix Checked"

 

Si tu ne parviens pas à utiliser DiagHelp, fais ceci >

 

Télécharge WinPFind3U.exe sur ton bureau.

  • Double clique sur le fichier téléchargé : un dossier nommé WinPFind3U va apparaitre sur ton bureau.
  • Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
  • Sous le groupe Files Created Within sélectionne 60 days
  • Sous le groupe Files Modified Within sélectionne 60 days
  • Sous le groupe String Search sélectionne Non-Microsoft
  • A présent clique sur le bouton Run Scan dans la barre d'outils
  • Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
  • Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
  • Copie/Colle le contenu du rapport dans ta prochaine réponse.

@+ :P

 

 

Bonsoir,

 

Mc afee me dit que le fichier où serait logé "pached function" est: Memory\ZwquerySystemeInformation

ci dessous résultat de winPFin3u (qd je lance le 1 de Dialer, toujours la meme chose, rien ne se passe :P )

 

WinPFind3 logfile created on: 04/02/2007 19:19:09

WinPFind3U by OldTimer - Version 1.0.14 Folder = C:\Documents and Settings\PERSO\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2900.2180)

 

522672 Kb Total Physical Memory | 132556 Kb Available Physical Memory | 25,36% Memory free

1276860 Kb Paging File | 565356 Kb Available in Paging File | 44,28% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29294492 Kb Total Space | 13008268 Kb Free Space | 44,41% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

 

 

[Processes - Non-Microsoft Only]

application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 16:17:24 | Attr = R ]

ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 29/07/2003 13:11:36 | Attr = ]

ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 29/07/2003 13:11:36 | Attr = ]

atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 29/07/2003 12:30:00 | Attr = ]

capabilitymanager.exe -> %CommonProgramFiles%\Teleca Shared\CapabilityManager.exe -> Teleca Software Solutions AB [Ver = 0.0.1.48 | Size = 278528 bytes | Modified Date = 08/06/2005 16:45:04 | Attr = ]

dadapp.exe -> %ProgramFiles%\Dell\AccessDirect\DadApp.exe -> [Ver = | Size = 209800 bytes | Modified Date = 07/03/2003 11:36:30 | Attr = ]

dit.exe -> %SystemRoot%\Dit.exe -> ICSI Technology Ltd. [Ver = V2.12.0805 | Size = 90112 bytes | Modified Date = 05/08/2004 19:28:42 | Attr = ]

emproxy.exe -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,115,0 | Size = 337488 bytes | Modified Date = 28/10/2006 20:59:38 | Attr = ]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 13/12/2006 04:12:18 | Attr = ]

ftrtsvc.exe -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Modified Date = 10/08/2005 07:54:34 | Attr = R ]

hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.1.105.0 | Size = 554600 bytes | Modified Date = 08/11/2006 13:18:42 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09/11/2006 15:07:30 | Attr = ]

mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,1,133,0 | Size = 566872 bytes | Modified Date = 27/10/2006 15:23:42 | Attr = ]

mcinfo.exe -> %ProgramFiles%\McAfee\MSC\mcinfo.exe -> McAfee, Inc. [Ver = 7,1,128,0 | Size = 525912 bytes | Modified Date = 25/10/2006 15:08:08 | Attr = ]

mclogsrv.exe -> %ProgramFiles%\McAfee\MSC\mclogsrv.exe -> McAfee, Inc. [Ver = 7,1,131,0 | Size = 178264 bytes | Modified Date = 26/10/2006 18:22:00 | Attr = ]

mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,1,110,0 | Size = 2213416 bytes | Modified Date = 07/11/2006 10:44:16 | Attr = ]

mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,1,124,0 | Size = 362064 bytes | Modified Date = 30/10/2006 17:20:26 | Attr = ]

mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,1,131,0 | Size = 485464 bytes | Modified Date = 26/10/2006 18:21:30 | Attr = ]

mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.0.132.x86 | Size = 144960 bytes | Modified Date = 26/10/2006 09:55:50 | Attr = ]

mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,1,125,0 | Size = 624720 bytes | Modified Date = 10/11/2006 15:18:12 | Attr = ]

mctskshd.exe -> %ProgramFiles%\McAfee\MSC\mctskshd.exe -> McAfee, Inc. [Ver = 7,1,133,0 | Size = 189528 bytes | Modified Date = 27/10/2006 15:24:28 | Attr = ]

mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 7,1,128,0 | Size = 251480 bytes | Modified Date = 25/10/2006 15:08:46 | Attr = ]

mcupdmgr.exe -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,1,128,0 | Size = 677464 bytes | Modified Date = 25/10/2006 15:09:04 | Attr = ]

mcusrmgr.exe -> %ProgramFiles%\McAfee\MSC\mcusrmgr.exe -> McAfee, Inc. [Ver = 7,1,131,0 | Size = 321112 bytes | Modified Date = 26/10/2006 18:21:54 | Attr = ]

mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 11,1,124,0 | Size = 370256 bytes | Modified Date = 30/10/2006 17:20:24 | Attr = ]

monitor.exe -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 27/08/2004 19:22:38 | Attr = ]

mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.1.123.0 | Size = 833064 bytes | Modified Date = 10/11/2006 14:50:48 | Attr = ]

mscifapp.exe -> %ProgramFiles%\McAfee.com\MPS\mscifapp.exe -> McAfee, Inc [Ver = 7.1.1.46 | Size = 274432 bytes | Modified Date = 24/05/2005 15:50:24 | Attr = ]

mskagent.exe -> %ProgramFiles%\McAfee\SpamKiller\MSKAgent.exe -> McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Modified Date = 09/11/2005 14:01:00 | Attr = ]

msksrvr.exe -> %ProgramFiles%\McAfee\SpamKiller\MSKSrvr.exe -> McAfee Inc. [Ver = 7.0.1.3 | Size = 963072 bytes | Modified Date = 12/07/2005 17:10:18 | Attr = ]

msn pictures displayer.exe -> %ProgramFiles%\MSN Pictures Displayer\MSN Pictures Displayer.exe -> [Ver = 4.2.0.0 | Size = 4116992 bytes | Modified Date = 08/01/2007 13:20:52 | Attr = ]

redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,1,116,0 | Size = 239200 bytes | Modified Date = 02/11/2006 12:29:40 | Attr = ]

siteadv.exe -> %ProgramFiles%\SiteAdvisor\4608\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35416 bytes | Modified Date = 10/08/2006 20:38:30 | Attr = ]

syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.7 02May03 | Size = 610304 bytes | Modified Date = 02/05/2003 16:15:44 | Attr = ]

syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.7 02May03 | Size = 110592 bytes | Modified Date = 02/05/2003 16:21:48 | Attr = ]

taskbaricon.exe -> %ProgramFiles%\Wanadoo\TaskBarIcon.exe -> France Télécom R&D [Ver = 5.9 (1) | Size = 61440 bytes | Modified Date = 05/10/2004 16:00:12 | Attr = ]

version traduite originale.exe -> %ProgramFiles%\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 220160 bytes | Modified Date = 03/03/2005 18:36:58 | Attr = ]

vsnpstd.exe -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 0, 4 | Size = 40960 bytes | Modified Date = 31/12/2003 16:39:04 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.14.0 | Size = 308224 bytes | Modified Date = 03/02/2007 15:49:48 | Attr = ]

wlancfg.exe -> %ProgramFiles%\Inventel\Gateway\WLANCFG.EXE -> Inventel [Ver = 4, 0, 0, 0 | Size = 1466368 bytes | Modified Date = 04/02/2005 14:47:58 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 29/07/2003 13:11:36 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 20/08/2004 00:09:52 | Attr = ]

(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,115,0 | Size = 337488 bytes | Modified Date = 28/10/2006 20:59:38 | Attr = ]

(FTRTSVC) France Telecom Routing Table Service [Win32_Own | Auto | Running] -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.1.105.0 | Size = 554600 bytes | Modified Date = 08/11/2006 13:18:42 | Attr = ]

(McLogManagerService) McAfee Log Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mclogsrv.exe -> McAfee, Inc. [Ver = 7,1,131,0 | Size = 178264 bytes | Modified Date = 26/10/2006 18:22:00 | Attr = ]

(mcmispupdmgr) McAfee Update Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,1,128,0 | Size = 677464 bytes | Modified Date = 25/10/2006 15:09:04 | Attr = ]

(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,1,110,0 | Size = 2213416 bytes | Modified Date = 07/11/2006 10:44:16 | Attr = ]

(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,1,124,0 | Size = 362064 bytes | Modified Date = 30/10/2006 17:20:26 | Attr = ]

(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,1,131,0 | Size = 485464 bytes | Modified Date = 26/10/2006 18:21:30 | Attr = ]

(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,1,116,0 | Size = 239200 bytes | Modified Date = 02/11/2006 12:29:40 | Attr = ]

(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found

(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,1,125,0 | Size = 624720 bytes | Modified Date = 10/11/2006 15:18:12 | Attr = ]

(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mctskshd.exe -> McAfee, Inc. [Ver = 7,1,133,0 | Size = 189528 bytes | Modified Date = 27/10/2006 15:24:28 | Attr = ]

(mcusrmgr) McAfee User Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcusrmgr.exe -> McAfee, Inc. [Ver = 7,1,131,0 | Size = 321112 bytes | Modified Date = 26/10/2006 18:21:54 | Attr = ]

(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.1.123.0 | Size = 833064 bytes | Modified Date = 10/11/2006 14:50:48 | Attr = ]

(MskService) McAfee SpamKiller Server [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SpamKiller\MSKSrvr.exe -> McAfee Inc. [Ver = 7.0.1.3 | Size = 963072 bytes | Modified Date = 12/07/2005 17:10:18 | Attr = ]

(Wlancfg) Service de lancement de WlanCfg [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Inventel\Gateway\WLANCFG.EXE -> Inventel [Ver = 4, 0, 0, 0 | Size = 1466368 bytes | Modified Date = 04/02/2005 14:47:58 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

-> -> File not found

ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 04/09/2001 15:24:26 | Attr = ]

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 29/07/2003 12:30:00 | Attr = ]

DadApp -> %ProgramFiles%\Dell\AccessDirect\DadApp.exe -> [Ver = | Size = 209800 bytes | Modified Date = 07/03/2003 11:36:30 | Attr = ]

Dit -> %SystemRoot%\Dit.exe -> ICSI Technology Ltd. [Ver = V2.12.0805 | Size = 90112 bytes | Modified Date = 05/08/2004 19:28:42 | Attr = ]

MPSExe -> %ProgramFiles%\McAfee.com\MPS\mscifapp.exe -> McAfee, Inc [Ver = 7.1.1.46 | Size = 274432 bytes | Modified Date = 24/05/2005 15:50:24 | Attr = ]

MSKAGENTEXE -> %ProgramFiles%\McAfee\SpamKiller\MSKAgent.exe -> McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Modified Date = 09/11/2005 14:01:00 | Attr = ]

MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.2.5 | Size = 1121280 bytes | Modified Date = 07/11/2006 14:49:50 | Attr = ]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 05/03/2006 15:47:54 | Attr = ]

RoxioAudioCentral -> %ProgramFiles%\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe -> Roxio, Inc. [Ver = 1.0.117 | Size = 253952 bytes | Modified Date = 26/02/2003 15:50:08 | Attr = ]

RoxioDragToDisc -> %ProgramFiles%\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe -> Roxio [Ver = 6.0.0.209 | Size = 757760 bytes | Modified Date = 27/02/2003 03:36:06 | Attr = ]

RoxioEngineUtility -> %CommonProgramFiles%\Roxio Shared\System\EngUtil.exe -> Roxio [Ver = 6.0.0.3 | Size = 69632 bytes | Modified Date = 27/02/2003 04:31:24 | Attr = ]

snpstd -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 0, 4 | Size = 40960 bytes | Modified Date = 31/12/2003 16:39:04 | Attr = ]

Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 16:17:24 | Attr = R ]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09/11/2006 15:07:30 | Attr = ]

SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.7 02May03 | Size = 610304 bytes | Modified Date = 02/05/2003 16:15:44 | Attr = ]

SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.7 02May03 | Size = 110592 bytes | Modified Date = 02/05/2003 16:21:48 | Attr = ]

Ulead AutoDetector v2 -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 27/08/2004 19:22:38 | Attr = ]

WOOTASKBARICON -> %SystemDrive%\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe -> File not found

WOOWATCH -> %ProgramFiles%\Wanadoo\Watch.exe -> France Télécom R&D [Ver = 11.0 (2) | Size = 20480 bytes | Modified Date = 23/08/2004 13:49:56 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\lib\NMBgMonitor.exe -> File not found

MailSkinner -> %ProgramFiles%\mailskinner\mailskinner.exe -> File not found

MSKAGENTEXE -> %ProgramFiles%\McAfee\SpamKiller\MSKAgent.exe -> McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Modified Date = 09/11/2005 14:01:00 | Attr = ]

WOOKIT -> %ProgramFiles%\Wanadoo\Shell.exe -> [Ver = 10.0 (63) | Size = 122880 bytes | Modified Date = 23/08/2004 13:50:00 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

%AllUsersStartup%\DVD@ccess.lnk -> %ProgramFiles%\Apple Computer\DVD@ccess\DVDAccess.exe -> Apple Computer [Ver = 1, 5, 0, 0 | Size = 884736 bytes | Modified Date = 19/03/2002 20:38:36 | Attr = ]

< User Startup > -> C:\Documents and Settings\PERSO\Menu Démarrer\Programmes\Démarrage

%UserStartup%\ADILOOK Français sur disque C.LNK -> %SystemDrive%\COKTEL\ADI4OEMP\ADILOOK.EXE -> [Ver = | Size = 187904 bytes | Modified Date = 05/09/1997 14:51:44 | Attr = ]

%UserStartup%\MSN Pictures Displayer.lnk -> %ProgramFiles%\MSN Pictures Displayer\MSN Pictures Displayer.exe -> [Ver = 4.2.0.0 | Size = 4116992 bytes | Modified Date = 08/01/2007 13:20:52 | Attr = ]

%UserStartup%\UltimateZip Quick Start.lnk -> %ProgramFiles%\UltimateZip 2007\uzqkst.exe -> SWE von Schleusen [Ver = 3.1.0.0 | Size = 325120 bytes | Modified Date = 06/08/2006 03:11:44 | Attr = ]

< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command

http [open] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 13/12/2006 04:12:18 | Attr = ]

https [open] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 13/12/2006 04:12:18 | Attr = ]

regfile [merge] -> Reg Data - Key not found ->

scrfile [open] -> "%1" /S ->

scrfile [config] -> "%1" ->

*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->

NewLinkHere -> -> File not found

%1 -> -> File not found

*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->

Briefcase_Create -> -> File not found

%2!d! -> -> File not found

%1 -> -> File not found

< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->

{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->

{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->

{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->

{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->

{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->

{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->

{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->

>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->

< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW

*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->

-a -> -> File not found

< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

BootExecute -> autocheck autochk *; ->

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->

Control_RunDLL -> -> File not found

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> •

-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\

0 -> [Key] ->

0 -> FriendlyName = Ma page d'accueil ->

0 -> Source = About:Home ->

0 -> SubscribedURL = About:Home ->

< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts

< Internet Explorer Settings > ->

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->

HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: SearchAssistant -> http://www.google.com/ie ->

HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->

HKCU: Search Bar -> http://www.google.com/ie ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> http://www.wanadoo.fr/ ->

HKCU: SearchAssistant -> http://ie.search.msn.com/fr/srchasst/srchasst.htm ->

HKCU: URLSearchHooks\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} [HKLM] -> %ProgramFiles%\Wanadoo\SearchPageURL.dll [search Class] -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 06/12/2004 14:27:48 | Attr = ]

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

msn.com [ - ] -> ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 16/04/2001 14:39:02 | Attr = ]

{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\4608\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.1.1.35 | Size = 1087064 bytes | Modified Date = 18/11/2006 13:46:34 | Attr = ]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> %ProgramFiles%\McAfee.com\MPS\McBrHlpr.dll [McBrwHelper Class] -> McAfee, Inc [Ver = 7.1.1.46 | Size = 147456 bytes | Modified Date = 24/05/2005 15:52:20 | Attr = ]

{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> %ProgramFiles%\McAfee.com\MPS\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc [Ver = 7.1.1.46 | Size = 126976 bytes | Modified Date = 24/05/2005 15:51:46 | Attr = ]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} [HKLM] -> %ProgramFiles%\McAfee\spamkiller\McApfBHO.dll [McAfee AntiPhishing Filter] -> McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Modified Date = 03/11/2005 14:10:32 | Attr = ]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09/11/2006 15:21:52 | Attr = ]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.0.132.x86 | Size = 67136 bytes | Modified Date = 26/10/2006 09:56:24 | Attr = ]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12/10/2006 10:38:04 | Attr = R ]

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\4608\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.1.1.35 | Size = 1087064 bytes | Modified Date = 18/11/2006 13:46:34 | Attr = ]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12/10/2006 10:38:04 | Attr = R ]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 21:54:42 | Attr = ]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\

ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12/10/2006 10:38:04 | Attr = R ]

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 21:54:42 | Attr = ]

< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8200 - Console Java (Sun) ->

{1462651F-F4BA-4C76-A001-C4284D0FE16E} -> 8195 - Reg Data - Key not found ->

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8199 - McAfee AntiPhishing Filter ->

{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> 8196 - Reg Data - Key not found ->

{946B3E9E-E21A-49c8-9F63-900533FAFE15} -> 8197 - Reg Data - Key not found ->

{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Reg Data - Key not found ->

{FB5F1911-F110-11d2-BB9E-00C04F795683} -> 8198 - Reg Data - Key not found ->

NextId -> 8201 ->

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09/11/2006 15:21:54 | Attr = ]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09/11/2006 15:21:52 | Attr = ]

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> %ProgramFiles%\McAfee\spamkiller\McApfBHO.dll [MenuText: McAfee AntiPhishing Filter] -> McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Modified Date = 03/11/2005 14:10:32 | Attr = ]

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\

&Search -> http:\bar.mywebsearch.com\menusearch.htm -> File not found

E&xporter vers Microsoft Excel -> -> File not found

< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

{2F860D81-AF3C-11D4-BDB3-00E0987D8540} [HKLM] -> %ProgramFiles%\UltimateZip 2007\uzshlex.dll [ultimateZip Shell Extension] -> [Ver = | Size = 424448 bytes | Modified Date = 10/04/2005 04:16:20 | Attr = ]

{2F860D82-AF3C-11D4-BDB3-00E0987D8540} [HKLM] -> %ProgramFiles%\UltimateZip 2007\uzshldr.dll [ultimateZip Drag Drop Handler] -> [Ver = | Size = 563200 bytes | Modified Date = 10/04/2005 06:06:18 | Attr = ]

{A5110426-177D-4e08-AB3F-785F10B4439C} [HKLM] -> %ProgramFiles%\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll [Gestionnaire de fichiers Sony Ericsson] -> Sony Ericsson Mobile Communications AB [Ver = 1, 3, 11, 0 | Size = 397312 bytes | Modified Date = 14/03/2006 15:23:00 | Attr = R ]

< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\

{162EFDC5-2957-465D-887B-590AF4A7E84D} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\mcodsax.dll [MCVSRIGHTCLICKSCANNER] -> McAfee, Inc. [Ver = 11,1,124,0 | Size = 198224 bytes | Modified Date = 30/10/2006 17:20:20 | Attr = ]

{2F860D81-AF3C-11D4-BDB3-00E0987D8540} [HKLM] -> %ProgramFiles%\UltimateZip 2007\uzshlex.dll [ultimateZip] -> [Ver = | Size = 424448 bytes | Modified Date = 10/04/2005 04:16:20 | Attr = ]

< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\

{162EFDC5-2957-465D-887B-590AF4A7E84D} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\mcodsax.dll [MCVSRIGHTCLICKSCANNER] -> McAfee, Inc. [Ver = 11,1,124,0 | Size = 198224 bytes | Modified Date = 30/10/2006 17:20:20 | Attr = ]

{2F860D81-AF3C-11D4-BDB3-00E0987D8540} [HKLM] -> %ProgramFiles%\UltimateZip 2007\uzshlex.dll [ultimateZip] -> [Ver = | Size = 424448 bytes | Modified Date = 10/04/2005 04:16:20 | Attr = ]

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

SV1 -> ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\

{0A604707-A179-471D-A460-13147F1CDD21} -> (802.11g USB 2.0 adapter) ->

{2D6336D4-23AE-497F-81EA-C18CCA86FE69} -> () ->

{5E0F4F78-8A29-4C6D-92A2-B37C5E9B8B65} -> (802.11g USB 2.0 adapter) ->

{6734F6A9-EA4F-4373-946E-9F6CEB0F6345} -> (Broadcom 440x 10/100 Integrated Controller) ->

{B40F6BD8-31EC-4CA8-9E02-FC7626A0069C} -> (Carte réseau 1394) ->

{E2420C4D-8693-4506-8EB0-2F2A2E0FF6C1} -> (Broadcom 440x 10/100 Integrated Controller) ->

{E59DEE3A-994F-4179-95EC-D8C3F3C8F458} -> (802.11g USB 2.0 adapter) ->

{FD687EED-3958-4E61-816C-DF1ECAB7827D} -> (Carte réseau 1394) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

siteadvisor -> %ProgramFiles%\SiteAdvisor\4608\SiteAdv.dll -> McAfee, Inc. [Ver = 2.1.1.35 | Size = 1087064 bytes | Modified Date = 18/11/2006 13:46:34 | Attr = ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\

{00B71CFB-6864-4346-A978-C0A14556272C} -> - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab ->

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

 

[Files - Created Within 60 days]

sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Created Date = 04/01/2007 19:45:20 | Attr = H ]

sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 05/01/2007 10:08:08 | Attr = H ]

sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Created Date = 19/01/2007 18:41:40 | Attr = H ]

sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 03/02/2007 11:17:37 | Attr = H ]

sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 04/01/2007 19:45:20 | Attr = H ]

sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/01/2007 10:08:08 | Attr = H ]

sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 19/01/2007 18:41:39 | Attr = H ]

sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 03/02/2007 11:17:37 | Attr = H ]

meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 22/01/2007 16:14:44 | Attr = ]

MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 22/01/2007 16:14:45 | Attr = ]

mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1168 bytes | Created Date = 31/12/2006 12:52:50 | Attr = ]

nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 31/12/2006 12:48:11 | Attr = ]

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 23/01/2007 21:25:26 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 23/01/2007 21:25:26 | Attr = H ]

super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Created Date = 22/01/2007 16:12:03 | Attr = H ]

Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 9728 bytes | Created Date = 31/01/2007 15:49:47 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->

x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 22/01/2007 16:14:44 | Attr = ]

ac3DX.ax -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Created Date = 22/01/2007 16:12:03 | Attr = RHS]

AVCDX.ax -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 22/01/2007 16:12:03 | Attr = RHS]

AVSredirect.dll -> %System32%\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 22/01/2007 16:14:43 | Attr = ]

CoreAAC.ax -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 22/01/2007 16:12:04 | Attr = RHS]

DiracSplitter.ax -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 22/01/2007 16:12:05 | Attr = RHS]

flvDX.dll -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 22/01/2007 16:12:06 | Attr = RHS]

fmod.dll -> %System32%\fmod.dll -> Firelight Technologies Pty, Ltd [Ver = 3.75 | Size = 162816 bytes | Created Date = 24/01/2007 10:30:17 | Attr = ]

i420vfw.dll -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 22/01/2007 16:14:43 | Attr = ]

java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 29/12/2006 14:38:35 | Attr = ]

javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 29/12/2006 14:38:35 | Attr = ]

javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 29/12/2006 14:38:35 | Attr = ]

MatroskaDX.ax -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 22/01/2007 16:12:06 | Attr = RHS]

RealMediaDX.ax -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 22/01/2007 16:12:07 | Attr = RHS]

RLAPEDec.ax -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 22/01/2007 16:12:08 | Attr = RHS]

RLMPCDec.ax -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 22/01/2007 16:12:08 | Attr = RHS]

RLOgg.ax -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 22/01/2007 16:12:09 | Attr = RHS]

RLSpeexDec.ax -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 22/01/2007 16:12:10 | Attr = RHS]

RLTheoraDec.ax -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 22/01/2007 16:12:10 | Attr = RHS]

RLVorbisDec.ax -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 22/01/2007 16:12:10 | Attr = RHS]

Smab.dll -> %System32%\Smab.dll -> [Ver = | Size = 845312 bytes | Created Date = 22/01/2007 16:14:41 | Attr = ]

subst.inf -> %System32%\subst.inf -> [Ver = | Size = 1802 bytes | Created Date = 07/12/2006 22:37:34 | Attr = ]

x.264.exe -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 22/01/2007 16:14:43 | Attr = ]

yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 22/01/2007 16:14:43 | Attr = ]

DVDAccss.sys -> %System32%\drivers\DVDAccss.sys -> Apple Computer, Inc. [Ver = 1.5 | Size = 29156 bytes | Created Date = 25/12/2006 02:41:19 | Attr = ]

pfc.sys -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 198 | Size = 14572 bytes | Created Date = 25/12/2006 02:41:19 | Attr = ]

 

[Files - Modified Within 60 days]

sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Modified Date = 04/01/2007 19:45:22 | Attr = H ]

sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 05/01/2007 10:08:10 | Attr = H ]

sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 19/01/2007 18:41:42 | Attr = H ]

sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 03/02/2007 11:17:38 | Attr = H ]

sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 04/01/2007 19:45:22 | Attr = H ]

sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/01/2007 10:08:10 | Attr = H ]

sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 19/01/2007 18:41:40 | Attr = H ]

sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 03/02/2007 11:17:38 | Attr = H ]

projectsku.ini -> %CommonProgramFiles%\Roxio Shared\Project Selector\Images\projectsku.ini -> [Ver = | Size = 792 bytes | Modified Date = 03/02/2007 11:17:16 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 04/02/2007 10:27:24 | Attr = S]

imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 19/12/2006 23:14:36 | Attr = ]

mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1168 bytes | Modified Date = 31/12/2006 12:52:54 | Attr = ]

nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 31/12/2006 12:48:12 | Attr = ]

Pex.INI -> %SystemRoot%\Pex.INI -> [Ver = | Size = 72 bytes | Modified Date = 01/01/2007 15:18:04 | Attr = ]

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 23/01/2007 21:25:28 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 02/02/2007 18:29:24 | Attr = H ]

super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Modified Date = 04/01/2007 01:49:22 | Attr = H ]

Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 9728 bytes | Modified Date = 31/01/2007 15:49:50 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 740 bytes | Modified Date = 22/01/2007 18:47:26 | Attr = ]

Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 33160 bytes | Modified Date = 04/02/2007 11:14:34 | Attr = ]

fmod.dll -> %System32%\fmod.dll -> Firelight Technologies Pty, Ltd [Ver = 3.75 | Size = 162816 bytes | Modified Date = 24/01/2007 10:30:18 | Attr = ]

Smab.dll -> %System32%\Smab.dll -> [Ver = | Size = 845312 bytes | Modified Date = 12/12/2006 14:15:08 | Attr = ]

Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 31/01/2007 15:49:56 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 04/02/2007 10:30:32 | Attr = ]

USBCRFT.SYS -> %System32%\drivers\USBCRFT.SYS -> ICSI Technology Ltd. [Ver = V2.11.0718 | Size = 17408 bytes | Modified Date = 04/02/2007 10:30:52 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 02/03/2006 16:18:34 | Attr = ]

USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 09/11/2006 15:38:38 | Attr = ]

WSUD , -> %CommonProgramFiles%\Roxio Shared\floatingFX\FloatingEffects.dll -> Roxio [Ver = 1, 1, 1, 6 | Size = 794624 bytes | Modified Date = 13/12/2002 13:46:24 | Attr = R ]

Thawte Consulting , -> %CommonProgramFiles%\Teleca Shared\xceedzip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.81.0 | Size = 406048 bytes | Modified Date = 18/07/2005 14:44:58 | Attr = R ]

UPX! , UPX0 , Thawte Consulting , -> %SystemRoot%\iaccess32.exe -> [Ver = 1, 0, 6, 5 | Size = 124376 bytes | Modified Date = 12/05/2006 22:08:54 | Attr = ]

UPX! , UPX0 , -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Modified Date = 12/09/2006 12:46:24 | Attr = RHS]

UPX! , UPX0 , -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 13/01/2006 00:23:26 | Attr = RHS]

UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Modified Date = 12/11/2006 13:44:10 | Attr = ]

aspack , -> %System32%\BRICE DE NICE.scr -> Axialis Software [Ver = 3, 5, 6, 0 | Size = 497132 bytes | Modified Date = 25/12/2005 21:21:14 | Attr = ]

UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 16/08/2006 15:53:32 | Attr = RHS]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 22/07/2003 16:51:54 | Attr = ]

UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 18/01/2005 00:26:36 | Attr = RHS]

UPX! , UPX0 , -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 03/05/2006 11:06:54 | Attr = RHS]

UPX! , UPX0 , -> %System32%\fmod.dll -> Firelight Technologies Pty, Ltd [Ver = 3.75 | Size = 162816 bytes | Modified Date = 24/01/2007 10:30:18 | Attr = ]

UPX! , UPX0 , -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 03/01/2004 00:08:00 | Attr = ]

UPX! , UPX0 , -> %System32%\Matrix3D.scr -> [Ver = | Size = 1062912 bytes | Modified Date = 05/04/2003 05:36:46 | Attr = ]

UPX! , UPX0 , -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 10/03/2006 22:48:48 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 25/11/2005 21:46:34 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 21/11/2003 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 27/04/2004 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 13/02/2005 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 13/02/2005 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 13/02/2005 | Attr = RHS]

UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 06/02/2005 | Attr = RHS]

UPX0 , -> %System32%\Voyage of Columbus 3D Screensaver.exe -> 3Planesoft [Ver = 1, 0, 0, 2 | Size = 16995840 bytes | Modified Date = 28/06/2006 12:14:50 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 22/07/2003 17:17:18 | Attr = ]

UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 10/11/2005 13:16:02 | Attr = ]

UPX! , UPX0 , -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 03/01/2004 00:08:00 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 22/07/2003 16:47:38 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 22/07/2003 17:05:30 | Attr = ]

PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 06:41:38 | Attr = ]

 

< End of report >

 

j'ai fait ce que tu m'a conseillé avec Hijackthis.

 

Questions: que cause comme désagrément le virus "patched function" ?, c'est certainement une question de novice, mais pourquoi Mc afee ne l'a t'il pas détecté lorsqu'il a été téléchargé ?????

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Je regarde ton rapport et te dis ce qu'il en est . Pour ce qui est de l'infection MAgic Control Agent , elle affiche des pubs intempestives quand on surfe.(des pubs pornos par ex, ou des pubs pour des logiciels bidons!)

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Va jusqu'au bout et si tu rencontres un problème, n'hésite pas à me le dire :P

 

Tu as deux possiblités pour consulter les instructions qui suivent:

 

-Soit tu copie/colles le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

 

-Tu peux également enregistrer la page web complète, sur laquelle se trouve la procédure,

en le faisant à partir de ton navigateur :

 

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>

-Choisis "Enregistrer sous" et choisis "Bureau".

-Ensuite cliquer sur le bouton "Enregistrer" à droite du champs "nom du fichier".

 

Pour lire la procédure en mode sans échec, tu n'auras qu'à double cliquer sur le fichier patched- function (avec l'icone de ton navigateur) situé sur le bureau.(tu noteras qu'un nouveau dossier va se créer sur le bureau en plus du fichier : c'est normal!) De cette manière, tu conserveras toutes les mises en formes et les couleurs de la procédure, et cela permettra de t'y retrouver.

--------------------------------------------------------------------------------------------------------------------------

 

La procédure:

 

-Télécharge ATF Cleaner by Atribune sur ton bureau.

 

-Télécharge Brute Force Uninstaller (de Merijn).

  • Créé un nouveau dossier directement sur le répertoire C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
     
  • FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica).
     
  • Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". (c'est très important!!)
     
  • Voici ce à quoi doit ressembler l'icone du fichier .Bfu que tu viens de télécharger:
    edgaccessbfu5np.gif
     
  • Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).
  • Quitte le programme.

-Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot code)

dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.

[Registry - Non-Microsoft Only]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> MailSkinner -> %ProgramFiles%\mailskinner\mailskinner.exe
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Search -> http:\bar.mywebsearch.com\menusearch.htm
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , Thawte Consulting , -> %SystemRoot%\iaccess32.exe
[Reboot]

Le Fix va se faire rapidement,puis il te sera demandé de redémarrer ton pc : accepte en cliquant sur Yes.

 

Étape 1:

 

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".

Choisir le compte usuel (et non Administrateur).

 

en cas de problème pour sélectionner le mode sans échec, appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec"

 

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Étape 2:

  • Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
  • Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
    EGDACCESS.bfu
  • Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
  • Clique sur Execute et laisse-le faire son travail.
  • Attendre que Complete script execution apparaîsse et clique sur OK.
  • Clique Exit pour fermer le programme BFU.

Étape 3:

 

Double-clique sur ATF-Cleaner.exe afin de lancer le programme.

  • Double-clique ATF Cleaner afin de lancer le programme.
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected
     
    Si tu utilises le navigateur Firefox :
     
     
  • Clique Firefox au haut et choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
     
    Si tu utilises le navigateur Opera :
     
     
  • Clique Opera au haut et choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
     
    Clique Exit, du menu prinicipal, afin de fermer le programme.

* Si l'onglet "Firefox" est grisé dans ATF,nettoie le cache et les cookies dans Firefox comme ceci :

  • Ouvre Firefox et clique sur Outils=> Options
  • Clique sur l'onglet Vie Privée
  • clique sur le bouton Vider le cache dans l'onglet "Historique"
  • clique sur le bouton Supprimer les cookies dans l'onglet "Cookies"
  • clique sur le bouton Vider le cache dans l'onglet "Cache"
  • clique sur le bouton Ok pour fermer la fenêtre des options et valider tes choix.

Étape 4:

 

Redémarre normalement et poste :

 

- un nouveau rapport hijackthis.

 

- Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

- Ouvre HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

 

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...