Besoin d'aide, virus ? restauration système ? [Résolu]

Réponse 1 / 43

Utilisateur anonyme
6 janv. 2009 à 19:04

Salut,

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

▶ ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 10:20

Bonjour V-x, merci pour ton aide, voici le rapport findykill.txt

N.B. : j'ai eu des messages d'erreur lors du scan :
Fenêtre : Windows / pas de disque
Message : exception processing message c0000013 parameters xxxxxxx

----------------- FindyKill V4.711 ------------------

* User : HP_Administrateur - CELINE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:11:31 le 07/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\Prefetch\PRINTKEY 2000 FR.EXE-106F0A6E.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [07/01/2009 02:26] - C:\WINDOWS\system32\mdelk.exe
Found ! [07/01/2009 02:26] - C:\WINDOWS\system32\wintems.exe
Found ! [07/01/2009 09:28] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\HP_Administrateur\Application Data

Found ! [07/01/2009 06:41] - "C:\Documents and Settings\HP_Administrateur\Application Data\m\flec006.exe"
Found ! [07/01/2009 06:41] - "C:\Documents and Settings\HP_Administrateur\Application Data\m\list.oct"
Found ! [07/01/2009 06:41] - "C:\Documents and Settings\HP_Administrateur\Application Data\m\data.oct"
Found ! [07/01/2009 06:41] - "C:\Documents and Settings\HP_Administrateur\Application Data\m\srvlist.oct"
Found ! [07/01/2009 06:42] - "C:\Documents and Settings\HP_Administrateur\Application Data\m\shared"
Found ! [04/01/2009 09:33] - "C:\Documents and Settings\HP_Administrateur\Application Data\m"
Found ! [07/01/2009 09:48] - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers"
Found ! [06/01/2009 09:46] - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers\srosa.sys"
Found ! [25/01/2005 09:06] - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers\winupgro.exe"
Found ! [07/01/2009 06:50] - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5

Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[1].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[2].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[3].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[4].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[5].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[6].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[7].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[8].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64[9].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_2[1].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_2[2].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_2[3].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_2[4].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_3[1].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_3[2].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_3[3].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_3[4].jpg.bac_a02880
Found ! [07/01/2009 09:48] - C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\b64_3[5].jpg.bac_a02880
Found ! [04/01/2009 09:32] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[1].jpg
Found ! [04/01/2009 09:39] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[2].jpg
Found ! [04/01/2009 19:25] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[3].jpg
Found ! [05/01/2009 07:26] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[4].jpg
Found ! [05/01/2009 15:57] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[5].jpg
Found ! [05/01/2009 16:03] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[6].jpg
Found ! [06/01/2009 22:25] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[7].jpg
Found ! [07/01/2009 06:41] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[8].jpg
Found ! [06/01/2009 22:26] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_2[2].jpg
Found ! [07/01/2009 02:26] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_3[3].jpg
Found ! [04/01/2009 22:48] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_5[1].jpg
Found ! [06/01/2009 13:59] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64[4].jpg
Found ! [06/01/2009 22:19] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64[6].jpg
Found ! [05/01/2009 11:36] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64_1[1].jpg
Found ! [05/01/2009 20:04] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64_1[2].jpg
Found ! [07/01/2009 02:36] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64_2[5].jpg
Found ! [07/01/2009 09:28] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\file[1].txt
Found ! [07/01/2009 02:29] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64[10].jpg
Found ! [04/01/2009 15:08] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[1].jpg
Found ! [05/01/2009 07:33] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[2].jpg
Found ! [05/01/2009 17:38] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[3].jpg
Found ! [05/01/2009 20:10] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[4].jpg
Found ! [06/01/2009 14:06] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[5].jpg
Found ! [07/01/2009 06:49] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_2[5].jpg
Found ! [04/01/2009 10:18] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[1].jpg
Found ! [05/01/2009 11:47] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[2].jpg
Found ! [05/01/2009 17:04] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[3].jpg
Found ! [05/01/2009 18:05] - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[4].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ehTray=C:\WINDOWS\ehome\ehtray.exe
ftutil2=rundll32.exe ftutil2.dll,SetWriteCacheMode
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
DMAScheduler="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
ccApp="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
HPBootOp="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Easy-PrintToolBox=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
UserFaultCheck=%systemroot%\system32\dumprep 0 -u
ISUSScheduler="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
OPTENET_GUI=C:\PROGRA~1\CONTRO~1\bin\optgui.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
KBD=C:\HP\KBD\KBD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

+- Contenu de l'autorun : D:\autorun.inf

[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

+- presence des fichiers :

Found ! [30/04/2004 00:01][---hs----] - D:\autorun.inf
Found ! [29/11/2004 21:01][---hs----] - D:\info.exe

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 2 / 43

levieux
6 janv. 2009 à 19:29

allo moi jai pas le meme système que toi mest té virus je conait et jai règlé mon trouble avec malwarebytes 'anti-malware il est disponible ici sur comment ca marche et scan complet

Réponse 3 / 43

Utilisateur anonyme
7 janv. 2009 à 10:22

Re,

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Réponse 4 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 10:32

merci, question avant de le faire :
j'ai fait mes sauv sur mon disque dur externe... si je le branche pour la suppr des fichiers, et qu'il y a des données corrompues, je risque de les perdre, est ce bien raisonnable ?
puis je dans un premier temps faire la manip sans le disque externe ?

Réponse 5 / 43

Utilisateur anonyme
7 janv. 2009 à 10:36

Re,

Ne t'inquiète pas .

Vire tes cracks aussi .

Sinon c pas la peine de continuer

Réponse 6 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 10:40

V-X, je suis désolée de mes lacunes, mais qu'entends tu par cracks ?

pour les manips, t'inquiètes, je sais faire, mais les expressions, je connais pas tout !!

Réponse 7 / 43

Utilisateur anonyme
7 janv. 2009 à 10:41

Re,

fait l'option 2 de findykill et t'inquiète pas.

Réponse 8 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 12:46

cela fait 3 fois que j'envoie le rapport, et il n'apparaît pas...
je re re re commence,

----------------- FindyKill V4.711 ------------------

* User : HP_Administrateur - CELINE
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 10:50:22 the 07/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\PRINTKEY 2000 FR.EXE-106F0A6E.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\HP_Administrateur\Application Data

Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Acrylic October 2005 Community Technolog.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Alpha Key Saver 3.5.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Apen Audio CD Burner 1.1 Build 2008.8.25.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Asteroids 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\AUAU AVI MP4 to Flash Converter 4.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Audio Dementia 1.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\AutoCount 2006 1.1.3.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Avast!_Professional_Edition_v4.1.268.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Avast.Antivirus.Pro.4.7.817.Keygen.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Avast.Pro.Edition_v4.7.942+keygen.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\AVG.Antivirus.V.7.1.Italiano.Completo.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Axure RP Pro 5.1.0.1699.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Backup My Brain 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Big Mountain Valley - Animated Screensaver 5.11.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Capture Professional 6.05.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\CD-Quick Cache 3.21.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Church of the Saviour on Spilled Blood 3D 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\CleanDesk Organizer 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Community Builder 2.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Crystalfontz CFA-631 WinTest 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\CSI Public 0.2b.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Cucusoft Zune Video Converter 7.08.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Database Workbench Pro 3.2.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\DaySmart 6.0.4.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Denounce 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Devolutions Utils 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Dice Roller 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Dinosaur Dystopia 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Download Express 1.9.341.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\DTCPing 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Easy2share 2.3.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\EasyTorrent 1.0.5.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\EG Color Hex 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Electronic Excel Tutor 2007.10.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\ePrompter 2.0 SR112.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Euromat 1.8.5.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Ewido_Security_Suite_Plus_v3crack.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\EyePlayer 0.3 build #22.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Fast Cleaner Gold 1.61.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\FastOpen XP 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\FastText 2.0.5.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Folder Marker Pro 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\foo input ofr 1.21b.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\fortune 0.3.070927.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Global Mapper 10.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Hieroglyph Library 0.4a.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Image2PDF Dynamic Link Library 2.40.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\ImageOak image adder 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\ImTOO DVD to PSP Converter 5.0.46.1128.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\InstantSync FTP 2.1.3.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\iPod PC Transfer Photo 2.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\iPodAid iPod To Computer Transfer 6.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Jasonsoft DVD to iPod PSP 3GP PPC MP4 Converter 5.00.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\JLC's Internet TV 1.1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\JScript-Encode Decoder 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Kaspersky.Internet.Security.2006.v6.0.0.300.Final.FFF.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Kaspersky_Anti-Virus_Personal_6.0.1.411_-_NEW_version.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Keyboarding 1.5.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\KINK FM The Alternative 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Kongsoft MP3 CD Burner 1.04 p1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\LA Cutfile 0.2a.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Mcafee.firewall.plus.+.crack.[EspaÇñol].zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Message Killer 3.1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\MicroContainerFramework 0.7.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\MightyLinker 1.9.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\mmemento video player 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\MP3 Torpedo 5.5.4.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\MS Access Print Multiple Objects Software 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\MyFm 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Natural Born Chatter 2.9.8.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Nature Illusion Studio 2.90.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\NetCon 4.04.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\News Ticker Application Bar 1.15.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\NOD32.2.70.26.ITAFIX.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\NOD32.Antivirus.System.2.70.9.Beta.for.Windows.NT20002003XP.x64.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\NOD32.Antivirus.v.2.12.3.PT.-.by.Max[PT]SkylineGTR.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\NOD32.v2.51.26.Extreme.Edition.AIO.redlion.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\NoteWorks 2.1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Oasis Clock screensaver 2.3.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\OEComplete 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\OGMDemuxer 2.1 R2.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\OMAL 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Panda.Antivirus.Platinum.Keygen(serial).January.2005.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Panda_Nokia_S60v2_176x208_7610.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\PC Mira 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\PDF FormulaCAD 2009.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\PDFCat 1.5.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\PF Westa Seven 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Phoa 1.1.9.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Photo Tracker 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\PrimeExam 1.2.2.7.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Pwsidenote 1.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\QuickForm Web Tool 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Random Key 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Rays of Hope 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Remora USB Quick Launch 1.9.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\RH Mouse Emulator 2.2.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\RN TitleBar 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Savings meter 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Screen Savers To Go 1.0.7.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\ShortCuts 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Sidebar on Right 0.3.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\SimplecoverPrintXS 1.42.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Simtor 0.4.11.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\SMS Studio 2.0.1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\SNOWBALL SAVER 1.54.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Spamologist 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\SpamPocket 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Stereogram Explorer 2.4 build 241.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Synapse Media Player 1.01.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\SynchronX 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Take-off DataPoint 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\The Fly98 2.7.0.673.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\TimeChimes 2.00.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\TopAZ - Topology Analyzer and visualiZer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Trend Micro Virus Pattern File 5.693.00.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Trigonometry Workshop 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\TsiFlatBtn.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Ultra iPod Movie Converter 4.2.1021.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Useably 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Vegetarian Recipes 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Virtual Earth Map Control SDK 6.2.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\vStrip 0.8f css.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\Weather1 Lite 1.03 Beta.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\whiTunes 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\WinAgents TFTP Server Manager 4.1.0.498.zip
Deleted ! - C:\Documents and Settings\HP_Administrateur\Application Data\m\shared\WinCDEmu 1.0.zip
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\m"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\HP_Administrateur\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[7].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_1[8].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1OTEXXGZ\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64[4].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64[6].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\b64_2[5].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2AZV2S3T\file[1].txt
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64[10].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7V3R93AP\b64_2[5].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GY5G872G\b64_1[4].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-2812550352-2376881600-295783211-1007\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

+- deleting files :

Deleted ! - D:\autorun.inf
Deleted ! - D:\info.exe

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
9c15290ee0d941f08b7ac48a1eaecffb C:\Documents and Settings\HP_Administrateur\Application Data\drivers\winupgro.exe

Suspect ! - 9c15290ee0d941f08b7ac48a1eaecffb C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar.bac_a02880
C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\Dora l-Exploratrice - Autour du Monde - [ Full - crack - serial ].zip.bac_a02880
C:\Documents and Settings\HP_Administrateur\Mes documents\Utils\Replay Converter v2.31_BlaZe\ReplayConverterv231_Crack.exe

---------------- ! End of report ! ------------------

Réponse 9 / 43

Utilisateur anonyme
7 janv. 2009 à 13:27

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar.bac_a02880
C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\Dora l-Exploratrice - Autour du Monde - [ Full - crack - serial ].zip.bac_a02880
C:\Documents and Settings\HP_Administrateur\Mes documents\Utils\Replay Converter v2.31_BlaZe\ReplayConverterv231_Crack.exe

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 10 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 13:59

Effectivement, il a rebooté. voilà le rapport :
========== FILES ==========
C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar.bac_a02880 moved successfully.
C:\Documents and Settings\HP_Administrateur\.housecall6.6\Quarantine\Dora l-Exploratrice - Autour du Monde - [ Full - crack - serial ].zip.bac_a02880 moved successfully.
C:\Documents and Settings\HP_Administrateur\Mes documents\Utils\Replay Converter v2.31_BlaZe\ReplayConverterv231_Crack.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_cmeFACJOrfcube7gcVvc scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF82FA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFFDBC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_214.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_318.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_132956

Files moved on Reboot...
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_cmeFACJOrfcube7gcVvc not found!
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF82FA.tmp moved successfully.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFFDBC.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_214.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\XUL.mfl moved successfully.

Réponse 11 / 43

Utilisateur anonyme
7 janv. 2009 à 14:00

Re,

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Réponse 12 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 14:03

Sitôt dit, sitôt fait !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:27, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\HP_Administrateur\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\HP_Administrateur\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photoservice.photos.orange.fr/migrationorange/index.cfm
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/activex/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Réponse 13 / 43

Utilisateur anonyme
7 janv. 2009 à 14:06

Re,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Réponse 14 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 14:14

Je devrais pouvoir m'en sortir...

je vais faire tt ça !

à tout à l'heure... enfin j'espère !!

Réponse 15 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 14:15

ps : déjà du mieux, j'ai de nouveaux du son, et l'affichage des commandes clavier à l'écran fonctionnent à nouveau...

Réponse 16 / 43

Utilisateur anonyme
7 janv. 2009 à 14:16

Re,

c pas fini fait combofix !!

Réponse 17 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 14:37

voui, c'est fait !

ComboFix 09-01-06.02 - HP_Administrateur 2009-01-07 14:27:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1461 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrateur\Application Data\drivers\downld
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\rnaph.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 ))))))))))))))))))))))))))))))))))))
.

2009-01-07 13:44 . 2009-01-07 14:29 <REP> d--h----- c:\documents and settings\HP_Administrateur\Application Data\drivers
2009-01-07 13:29 . 2009-01-07 13:29 <REP> d-------- C:\_OTMoveIt
2009-01-07 10:29 . 2009-01-07 10:29 <REP> d-------- c:\program files\Trend Micro
2009-01-07 10:00 . 2009-01-07 11:06 <REP> d-------- c:\program files\FindyKill
2009-01-06 12:45 . 2009-01-07 05:12 <REP> d-------- c:\documents and settings\HP_Administrateur\.housecall6.6
2009-01-06 09:40 . 2009-01-06 09:40 <REP> d-------- C:\temp
2009-01-05 18:33 . 2009-01-05 18:33 <REP> d-------- C:\NVIDIA
2009-01-05 18:33 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-05 18:26 . 2009-01-05 18:26 <REP> d-------- c:\program files\SystemRequirementsLab
2009-01-05 18:26 . 2009-01-05 18:26 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\SystemRequirementsLab
2009-01-05 17:20 . 2009-01-05 17:22 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-05 17:10 . 2006-07-22 07:40 143,360 --------- c:\windows\system32\RtlCPAPI.dll
2009-01-05 17:10 . 2005-05-03 18:43 69,632 --------- c:\windows\Alcmtr.exe
2009-01-05 16:31 . 2009-01-05 16:31 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\WinBatch
2009-01-05 15:38 . 2006-11-08 12:46 3,224 --------- c:\windows\sporder.zip
2009-01-04 21:34 . 2006-05-16 18:04 2,879,488 --------- c:\windows\SkyTel.exe
2009-01-04 21:34 . 2005-07-15 16:48 40,960 --------- c:\windows\system32\ChCfg.exe
2009-01-04 21:33 . 2009-01-05 17:10 <REP> d-------- c:\program files\Realtek
2009-01-04 21:33 . 2005-04-16 22:20 487,424 --------- c:\windows\RtlExUpd.dll
2009-01-04 20:55 . 2009-01-04 20:55 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\invibes
2009-01-03 18:17 . 2009-01-03 18:17 <REP> d-------- c:\program files\Pop Art Studio 3.0
2009-01-03 18:03 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-03 18:01 . 2009-01-03 18:01 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-03 18:01 . 2009-01-03 18:01 <REP> d-------- c:\program files\Reference Assemblies
2009-01-03 18:01 . 2009-01-03 18:01 <REP> d-------- c:\program files\MSBuild
2009-01-03 18:01 . 2009-01-03 18:01 222 --a------ c:\windows\system32\spupdsvc.inf
2009-01-03 18:00 . 2009-01-03 18:01 <REP> d-------- C:\3efc840687afe14240ddd53b0ce96d
2009-01-03 18:00 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-03 18:00 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-03 18:00 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-03 18:00 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-03 18:00 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-03 18:00 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-03 18:00 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-03 17:58 . 2009-01-03 17:58 <REP> d-------- c:\program files\MSXML 6.0
2008-12-16 15:17 . 2008-12-16 15:17 <REP> d-------- c:\program files\Audacity
2008-12-11 14:32 . 2009-01-01 13:43 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 14:32 . 2008-12-11 14:32 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 08:38 --------- d-----w c:\program files\Ripp-it_AM
2009-01-07 01:37 70,656 ----a-w c:\windows\system32\dllcache\sysinfo.exe
2009-01-07 01:36 15,360 ----a-w c:\windows\system32\dllcache\register.exe
2009-01-06 23:39 --------- d-----w c:\program files\Symantec
2009-01-05 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 14:38 --------- d-----w c:\program files\Controle Parental
2009-01-05 13:53 --------- d-----w c:\program files\SSC Service Utility
2009-01-04 21:50 --------- d-----w c:\program files\eMule
2009-01-04 19:55 --------- d-----w c:\program files\Micro Application
2009-01-03 17:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-03 15:00 --------- d-----w c:\program files\Microsoft Digital Image 10
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-01 17:04 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-12-01 17:04 --------- d-----w c:\program files\Java
2008-11-18 13:17 --------- d-----w c:\program files\eBay
2008-11-17 06:49 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX
2008-11-16 08:25 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\DivX
2008-11-10 08:53 --------- d-----w c:\program files\ColiPoste
2008-11-05 11:23 49,152 ----a-r c:\windows\system32\inetwh32.dll
2008-11-05 11:23 1,044,480 ----a-r c:\windows\system32\roboex32.dll
2008-11-03 21:45 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-06-17 12:53 0 ----a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2007-01-03 16:48 251 ----a-w c:\program files\wt3d.ini
2006-12-20 17:30 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2009-01-07 52840]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-01 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"ISUSScheduler"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"OPTENET_GUI"="c:\progra~1\CONTRO~1\bin\optgui.exe" [2006-12-20 404536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-01-03 27136]

c:\documents and settings\CEAM\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-01-03 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-01-03 27136]

c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
PrintKey 2000 Fr.lnk - c:\program files\PrintKey 2000 Fr\Printkey 2000 Fr.exe [2001-06-25 869888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DataViz Inc Messenger.lnk - c:\program files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-11-18 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.JDCT"= jl_jdct.drv
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\box\\hl2\\HL2\\hl2.exe"=

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-01-03 2829696]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-01-03 468768]
R4 OPTENET_FILTER;Control Parental;c:\program files\Controle Parental\bin\optproxy.exe [2009-01-05 624376]
S1 7c468ad4;7c468ad4;c:\windows\system32\drivers\7c468ad4.sys --> c:\windows\system32\drivers\7c468ad4.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contenu du dossier 'Tâches planifiées'

2009-01-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - HP_Administrateur.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2009-01-07 09:51]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.yahoo.fr
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
LSP: c:\program files\Controle Parental\bin\lsp.dll

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf

c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll - c:\windows\Downloaded Program Files\EphotoAxRes.dll
c:\windows\Downloaded Program Files\EphotoAx.dll
c:\windows\Downloaded Program Files\EphotoAxResES.dll
c:\windows\Downloaded Program Files\EphotoAxResNL.dll
c:\windows\Downloaded Program Files\EphotoAxResFR.dll
c:\windows\Downloaded Program Files\EphotoAxResEN.dll
O16 -: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D}
hxxp://photos.orange.fr/al/presentation/pc/resources/activex/Ephoto.cab
c:\windows\Downloaded Program Files\Ephoto.inf
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 14:30:43
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a3,16,d1,c2,67,\
69,61,e0,e2,63,26,f1,3f,c8,ff,68,96,e2,f3,c8,c6,b1,ee,81,e2,63,26,f1,3f,c8,\
ff,68,bc,90,ec,2b,04,82,3e,0e,c8,28,51,af,b0,29,a3,98,39,2c,6a,23,64,c4,d1,\
54,18,d7,53,c7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fd,ca,a1,67,71,\
a8,5a,5a,6a,9c,d6,61,af,45,84,18,52,e2,d4,e9,41,d4,d1,64,6a,9c,d6,61,af,45,\
84,18,8d,17,56,f2,b6,b2,92,d1,46,47,15,b0,92,4b,c7,ef,e0,06,9e,12,33,84,e4,\
a5,6f,a0,b5,89

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,5d,1e,18,bb,83,\
53,da,fe,ff,7c,85,e0,43,d4,0e,fe,6f,2b,1e,b1,58,5e,7e,0e,ff,7c,85,e0,43,d4,\
0e,fe,cc,8b,01,95,9d,cf,f3,df,25,da,ec,7e,55,20,c9,26,25,ef,c2,34,74,e7,1f,\
e8,07,54,ed,b8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,58,66,dd,af,9a,\
81,e3,d5,86,8c,21,01,be,91,eb,e7,f6,26,a8,4f,11,08,9f,26,86,8c,21,01,be,91,\
eb,e7,7a,60,16,65,ac,d7,28,52,6b,65,49,6a,7e,99,74,f7,6e,ab,f6,ee,32,83,5d,\
92,91,e1,fb,c5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c3,19,b6,76,27,\
d6,69,98,f5,1d,4d,73,a8,13,5c,05,a4,ab,86,45,e6,53,73,aa,f5,1d,4d,73,a8,13,\
5c,05,20,60,23,8d,00,41,28,27,cd,44,cd,b9,a6,33,6c,cd,a8,72,e9,a9,eb,12,dc,\
55,81,a4,40,5e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,cd,a1,b8,f1,a7,\
25,c5,f2,df,20,58,62,78,6b,cf,c8,54,14,2d,ba,7f,08,2b,f0,df,20,58,62,78,6b,\
cf,c8,61,ad,33,d0,80,a7,16,ab,b0,18,ed,a7,3f,8d,37,a4,55,36,7c,1f,37,d2,e7,\
80,76,f3,06,5e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,11,ab,ec,e1,\
2d,01,40,fb,a7,78,e6,12,2f,9a,ea,b3,cc,e6,a7,7c,23,50,52,fb,a7,78,e6,12,2f,\
9a,ea,20,f8,a7,63,bf,4d,ca,39,31,77,e1,ba,b1,f8,68,02,43,3f,4f,fe,4a,c0,35,\
e5,41,27,c7,f9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e8,98,e0,d9,1e,\
9c,c4,a2,01,3a,48,fc,e8,04,4a,f1,e0,8e,64,ac,4f,93,40,ed,01,3a,48,fc,e8,04,\
4a,f1,e0,83,11,3f,fa,e4,60,ec,83,6c,56,8b,a0,85,96,ab,51,db,c2,6f,a2,fa,ce,\
a8,f6,67,79,bf

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,58,b1,b4,b6,84,\
70,d8,87,f6,0f,4e,58,98,5b,89,c9,c4,d4,94,c1,5f,03,d5,df,f6,0f,4e,58,98,5b,\
89,c9,f9,f0,e0,a4,25,27,be,ec,f6,0f,4e,58,98,5b,89,c9,b3,17,e5,7c,f1,3b,56,\
25,2e,97,8b,1b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,60,04,2f,59,83,\
07,e1,27,3d,ce,ea,26,2d,45,aa,78,8f,74,3b,28,0d,06,1c,d3,3d,ce,ea,26,2d,45,\
aa,78,41,ad,2d,00,cb,1e,14,0a,3d,ce,ea,26,2d,45,aa,78,0b,f4,0c,4e,32,c3,b2,\
f8,90,05,1a,e4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,ac,f2,a2,7e,de,\
7f,dc,b1,2a,b7,cc,b5,b9,7f,41,e7,a7,bf,12,62,ec,55,4c,1c,2a,b7,cc,b5,b9,7f,\
41,e7,06,e1,f3,d9,fa,7d,cf,4e,2a,b7,cc,b5,b9,7f,41,e7,08,66,8b,cc,f6,5f,63,\
09,6a,24,fb,de

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5d,dd,13,e1,02,\
f0,1c,e5,6c,43,2d,1e,aa,22,2f,9c,32,11,bb,a4,0c,70,c7,7a,6c,43,2d,1e,aa,22,\
2f,9c,66,10,15,8e,59,52,a2,f7,6c,43,2d,1e,aa,22,2f,9c,f8,f0,4c,4c,73,31,89,\
7b,d4,cc,3c,e4

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-01-07 14:32:45
ComboFix-quarantined-files.txt 2009-01-07 13:31:50

Avant-CF: 46 456 401 920 octets libres
Après-CF: 46,440,210,432 octets libres

348 --- E O F --- 2008-12-18 16:15:51

Réponse 18 / 43

Utilisateur anonyme
7 janv. 2009 à 14:43

Re,

1. Fermez tous les navigateurs ouverts.

2. Fermez/désactivez tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

3. Ouvrez le Bloc-notes et faites un copier/coller du texte en gras situé dans la boîte Citation ci-dessous dans le Bloc-notes:

Driver::
c:\windows\system32\drivers\sysinfo.exe

Enregistrez le fichier sous le nom CFScript.txt, au même endroit que ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Comme sur l'image ci-dessus, faites glisser CFScript puis déposez-le sur ComboFix.exe

Lorsque l'outil aura terminé, il vous affichera un rapport nommé C:\ComboFix.txt que vous devez m'envoyer dans votre prochain message.

Réponse 19 / 43

ceam57 Messages postés 227 Date d'inscription mardi 6 janvier 2009 Statut Membre Dernière intervention 7 mars 2019 8
7 janv. 2009 à 15:02

au lancement, il y a eu un message de windows comme quoi il manque un fichier (désolée, j'ai pas eu le temps de noter le fichier, veux tu que je relance la manip ??)

ComboFix 09-01-06.02 - HP_Administrateur 2009-01-07 14:57:16.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1411 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 ))))))))))))))))))))))))))))))))))))
.

2009-01-07 13:44 . 2009-01-07 14:29 <REP> d--h----- c:\documents and settings\HP_Administrateur\Application Data\drivers
2009-01-07 13:29 . 2009-01-07 13:29 <REP> d-------- C:\_OTMoveIt
2009-01-07 10:29 . 2009-01-07 10:29 <REP> d-------- c:\program files\Trend Micro
2009-01-07 10:00 . 2009-01-07 11:06 <REP> d-------- c:\program files\FindyKill
2009-01-06 12:45 . 2009-01-07 05:12 <REP> d-------- c:\documents and settings\HP_Administrateur\.housecall6.6
2009-01-06 09:40 . 2009-01-06 09:40 <REP> d-------- C:\temp
2009-01-05 18:33 . 2009-01-05 18:33 <REP> d-------- C:\NVIDIA
2009-01-05 18:33 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-05 18:26 . 2009-01-05 18:26 <REP> d-------- c:\program files\SystemRequirementsLab
2009-01-05 18:26 . 2009-01-05 18:26 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\SystemRequirementsLab
2009-01-05 17:20 . 2009-01-05 17:22 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-05 17:10 . 2006-07-22 07:40 143,360 --------- c:\windows\system32\RtlCPAPI.dll
2009-01-05 17:10 . 2005-05-03 18:43 69,632 --------- c:\windows\Alcmtr.exe
2009-01-05 16:31 . 2009-01-05 16:31 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\WinBatch
2009-01-05 15:38 . 2006-11-08 12:46 3,224 --------- c:\windows\sporder.zip
2009-01-04 21:34 . 2006-05-16 18:04 2,879,488 --------- c:\windows\SkyTel.exe
2009-01-04 21:34 . 2005-07-15 16:48 40,960 --------- c:\windows\system32\ChCfg.exe
2009-01-04 21:33 . 2009-01-05 17:10 <REP> d-------- c:\program files\Realtek
2009-01-04 21:33 . 2005-04-16 22:20 487,424 --------- c:\windows\RtlExUpd.dll
2009-01-04 20:55 . 2009-01-04 20:55 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\invibes
2009-01-03 18:17 . 2009-01-03 18:17 <REP> d-------- c:\program files\Pop Art Studio 3.0
2009-01-03 18:03 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-03 18:01 . 2009-01-03 18:01 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-03 18:01 . 2009-01-03 18:01 <REP> d-------- c:\program files\Reference Assemblies
2009-01-03 18:01 . 2009-01-03 18:01 <REP> d-------- c:\program files\MSBuild
2009-01-03 18:01 . 2009-01-03 18:01 222 --a------ c:\windows\system32\spupdsvc.inf
2009-01-03 18:00 . 2009-01-03 18:01 <REP> d-------- C:\3efc840687afe14240ddd53b0ce96d
2009-01-03 18:00 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-03 18:00 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-03 18:00 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-03 18:00 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-03 18:00 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-03 18:00 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-03 18:00 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-03 17:58 . 2009-01-03 17:58 <REP> d-------- c:\program files\MSXML 6.0
2008-12-16 15:17 . 2008-12-16 15:17 <REP> d-------- c:\program files\Audacity
2008-12-11 14:32 . 2009-01-01 13:43 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 14:32 . 2008-12-11 14:32 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 08:38 --------- d-----w c:\program files\Ripp-it_AM
2009-01-07 01:37 70,656 ----a-w c:\windows\system32\dllcache\sysinfo.exe
2009-01-07 01:36 15,360 ----a-w c:\windows\system32\dllcache\register.exe
2009-01-06 23:39 --------- d-----w c:\program files\Symantec
2009-01-05 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 14:38 --------- d-----w c:\program files\Controle Parental
2009-01-05 13:53 --------- d-----w c:\program files\SSC Service Utility
2009-01-04 21:50 --------- d-----w c:\program files\eMule
2009-01-04 19:55 --------- d-----w c:\program files\Micro Application
2009-01-03 17:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-03 15:00 --------- d-----w c:\program files\Microsoft Digital Image 10
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-01 17:04 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-12-01 17:04 --------- d-----w c:\program files\Java
2008-11-18 13:17 --------- d-----w c:\program files\eBay
2008-11-17 06:49 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX
2008-11-16 08:25 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\DivX
2008-11-10 08:53 --------- d-----w c:\program files\ColiPoste
2008-11-05 11:23 49,152 ----a-r c:\windows\system32\inetwh32.dll
2008-11-05 11:23 1,044,480 ----a-r c:\windows\system32\roboex32.dll
2008-11-03 21:45 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-06-17 12:53 0 ----a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2007-01-03 16:48 251 ----a-w c:\program files\wt3d.ini
2006-12-20 17:30 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2009-01-07 52840]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-01 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"ISUSScheduler"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"OPTENET_GUI"="c:\progra~1\CONTRO~1\bin\optgui.exe" [2006-12-20 404536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-01-03 27136]

c:\documents and settings\CEAM\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-01-03 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-01-03 27136]

c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
PrintKey 2000 Fr.lnk - c:\program files\PrintKey 2000 Fr\Printkey 2000 Fr.exe [2001-06-25 869888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DataViz Inc Messenger.lnk - c:\program files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-11-18 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.JDCT"= jl_jdct.drv
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\box\\hl2\\HL2\\hl2.exe"=

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-01-03 2829696]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-01-03 468768]
R4 OPTENET_FILTER;Control Parental;c:\program files\Controle Parental\bin\optproxy.exe [2009-01-05 624376]
S1 7c468ad4;7c468ad4;c:\windows\system32\drivers\7c468ad4.sys --> c:\windows\system32\drivers\7c468ad4.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contenu du dossier 'Tâches planifiées'

2009-01-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - HP_Administrateur.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2009-01-07 09:51]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.yahoo.fr
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
LSP: c:\program files\Controle Parental\bin\lsp.dll

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf

c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll - c:\windows\Downloaded Program Files\EphotoAxRes.dll
c:\windows\Downloaded Program Files\EphotoAx.dll
c:\windows\Downloaded Program Files\EphotoAxResES.dll
c:\windows\Downloaded Program Files\EphotoAxResNL.dll
c:\windows\Downloaded Program Files\EphotoAxResFR.dll
c:\windows\Downloaded Program Files\EphotoAxResEN.dll
O16 -: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D}
hxxp://photos.orange.fr/al/presentation/pc/resources/activex/Ephoto.cab
c:\windows\Downloaded Program Files\Ephoto.inf
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\a0mo8n7v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 14:57:59
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a3,16,d1,c2,67,\
69,61,e0,e2,63,26,f1,3f,c8,ff,68,96,e2,f3,c8,c6,b1,ee,81,e2,63,26,f1,3f,c8,\
ff,68,bc,90,ec,2b,04,82,3e,0e,c8,28,51,af,b0,29,a3,98,39,2c,6a,23,64,c4,d1,\
54,18,d7,53,c7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fd,ca,a1,67,71,\
a8,5a,5a,6a,9c,d6,61,af,45,84,18,52,e2,d4,e9,41,d4,d1,64,6a,9c,d6,61,af,45,\
84,18,8d,17,56,f2,b6,b2,92,d1,46,47,15,b0,92,4b,c7,ef,e0,06,9e,12,33,84,e4,\
a5,6f,a0,b5,89

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,5d,1e,18,bb,83,\
53,da,fe,ff,7c,85,e0,43,d4,0e,fe,6f,2b,1e,b1,58,5e,7e,0e,ff,7c,85,e0,43,d4,\
0e,fe,cc,8b,01,95,9d,cf,f3,df,25,da,ec,7e,55,20,c9,26,25,ef,c2,34,74,e7,1f,\
e8,07,54,ed,b8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,58,66,dd,af,9a,\
81,e3,d5,86,8c,21,01,be,91,eb,e7,f6,26,a8,4f,11,08,9f,26,86,8c,21,01,be,91,\
eb,e7,7a,60,16,65,ac,d7,28,52,6b,65,49,6a,7e,99,74,f7,6e,ab,f6,ee,32,83,5d,\
92,91,e1,fb,c5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c3,19,b6,76,27,\
d6,69,98,f5,1d,4d,73,a8,13,5c,05,a4,ab,86,45,e6,53,73,aa,f5,1d,4d,73,a8,13,\
5c,05,20,60,23,8d,00,41,28,27,cd,44,cd,b9,a6,33,6c,cd,a8,72,e9,a9,eb,12,dc,\
55,81,a4,40,5e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,cd,a1,b8,f1,a7,\
25,c5,f2,df,20,58,62,78,6b,cf,c8,54,14,2d,ba,7f,08,2b,f0,df,20,58,62,78,6b,\
cf,c8,61,ad,33,d0,80,a7,16,ab,b0,18,ed,a7,3f,8d,37,a4,55,36,7c,1f,37,d2,e7,\
80,76,f3,06,5e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,11,ab,ec,e1,\
2d,01,40,fb,a7,78,e6,12,2f,9a,ea,b3,cc,e6,a7,7c,23,50,52,fb,a7,78,e6,12,2f,\
9a,ea,20,f8,a7,63,bf,4d,ca,39,31,77,e1,ba,b1,f8,68,02,43,3f,4f,fe,4a,c0,35,\
e5,41,27,c7,f9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e8,98,e0,d9,1e,\
9c,c4,a2,01,3a,48,fc,e8,04,4a,f1,e0,8e,64,ac,4f,93,40,ed,01,3a,48,fc,e8,04,\
4a,f1,e0,83,11,3f,fa,e4,60,ec,83,6c,56,8b,a0,85,96,ab,51,db,c2,6f,a2,fa,ce,\
a8,f6,67,79,bf

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,58,b1,b4,b6,84,\
70,d8,87,f6,0f,4e,58,98,5b,89,c9,c4,d4,94,c1,5f,03,d5,df,f6,0f,4e,58,98,5b,\
89,c9,f9,f0,e0,a4,25,27,be,ec,f6,0f,4e,58,98,5b,89,c9,b3,17,e5,7c,f1,3b,56,\
25,2e,97,8b,1b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,60,04,2f,59,83,\
07,e1,27,3d,ce,ea,26,2d,45,aa,78,8f,74,3b,28,0d,06,1c,d3,3d,ce,ea,26,2d,45,\
aa,78,41,ad,2d,00,cb,1e,14,0a,3d,ce,ea,26,2d,45,aa,78,0b,f4,0c,4e,32,c3,b2,\
f8,90,05,1a,e4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,ac,f2,a2,7e,de,\
7f,dc,b1,2a,b7,cc,b5,b9,7f,41,e7,a7,bf,12,62,ec,55,4c,1c,2a,b7,cc,b5,b9,7f,\
41,e7,06,e1,f3,d9,fa,7d,cf,4e,2a,b7,cc,b5,b9,7f,41,e7,08,66,8b,cc,f6,5f,63,\
09,6a,24,fb,de

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5d,dd,13,e1,02,\
f0,1c,e5,6c,43,2d,1e,aa,22,2f,9c,32,11,bb,a4,0c,70,c7,7a,6c,43,2d,1e,aa,22,\
2f,9c,66,10,15,8e,59,52,a2,f7,6c,43,2d,1e,aa,22,2f,9c,f8,f0,4c,4c,73,31,89,\
7b,d4,cc,3c,e4

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-01-07 14:59:04
ComboFix-quarantined-files.txt 2009-01-07 13:59:01
ComboFix2.txt 2009-01-07 13:32:46

Avant-CF: 46 407 479 296 octets libres
Après-CF: 46,391,062,528 octets libres

340 --- E O F --- 2008-12-18 16:15:51

Réponse 20 / 43

Utilisateur anonyme
7 janv. 2009 à 15:06

Re,

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Besoin d'aide, virus ? restauration système ?

43 réponses

Discussions similaires

Newsletters