PC infecté, comment nettoyer roprement?

Résolu/Fermé

M-le-Maudit - 1 oct. 2009 à 15:17
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 - 4 oct. 2009 à 23:24

Bonjour,

Mon ordi rame depuis quelques temps. J'ai décidé aujourd'hui de le nettoyer.
J'ai passé un coup de Ccleaner, Regcleaner et Ad-Aware. A priori, il n'y avait rien de bien méchant.

Pourtant, après avoir passé Trojan Killer, je me rends compte que mon PC n'est pas si clean que ça.

Je vous poste le rapport de Trojan Killer ainsi que celui de Hijackthis.

Je vous serais reconnaissant de bien vouloir m'aider à me débarrasser de ces sales bestioles.

Merci d'avance et à bientôt. ;)

M.

GridinSoft Trojan Killer v.2.0.4.8
Report file date: 01/10/2009 14:26:48

Scanning for 783238 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Microsoft Windows XP (version 5.1)
Username: K & M
Computer name: TOSHIBA

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scaning...
----- C:\Program Files\pdfforge Toolbar\SearchSettings.dll ---- BHO
Threat

MD5: D35BE77297797F2DC4D08B7B04137E21:1153024
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D F8 D4 10 10 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 04 D5 10 10 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:1D5A0FCB725D3288ADD5AE0EAA6A8607:580096
.rdata:D54DDA8925CFBDC366EAB1D7F5B85551:60416
.data:E263A3C02DF34DB8ACC1E0174947E1B2:450560
.rsrc:EE88E3B1CFB4237173727FF4CE8E6967:7168
.reloc:4444F6F4F582BEE3F375D860994091BA:53760

----- c:\windows\system32\mswinsck.ocx ---- General
W32.IRCBot, W32/Sdbot.worm!dz, Backdoor
MD5: E8A2190A9E8EE5E5D2E0B599BBF9DDA6:124688
EP: 8B 44 24 08 56 57 33 FF 2B C7 0F 84 97 00 00 00 48 0F 85 CD 00 00 00 FF 15 8C 10 17 22 33 C9 6A 01 8A CC 3D 00 00 00 80 8A E8 89 3D 0C 20 18 22 89 3D 10 20 18 22 89 3D 14 20 18 22 5E 0F 83 B7 4B
SEC:
.text:6E3005CAB8D33795EF294794842CA8D7:69632
.data:D1DDE3A0C25726B20A2A88413AF3BF9C:4096
.rsrc:CA2C168D9F993F0E3CDB5E424DF07F64:28672
.reloc:6400B9DB7626B7BDDE79F6280CDB795F:8192

----- \Software\Microsoft\Windows NT\CurrentVersion\Winlogon ---- Registry
Rogue.Contraviro

----- \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe ---- Registry
Adware.DoubleD

----- C:\WINDOWS\system32\ansi.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\append.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\avicap.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\avifile.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\comm.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\commdlg.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\compobj.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\country.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ctl3dv2.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\ddeml.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\debug.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\drwatson.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\ds16gt.dLL ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dsound.vxd ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\edlin.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\exe2bin.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\fastopen.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\gdi.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\himem.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\key01.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\keyboard.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\lanman.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\lzexpand.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\mciavi.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\mciole16.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\mciseq.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\mciwave.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\mem.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\mouse.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\msacm.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\mscdexnt.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\msvideo.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\krnl386.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\netapi.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\nlsfunc.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\ntdos.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntdos411.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntdos412.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntdos404.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntdos804.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntio.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntio404.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntio411.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntio412.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\odbc16gt.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\ole2.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\ole2disp.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\ole2nls.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\olecli.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\olesvr.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\pmspl.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\setver.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\share.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\shell.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\sound.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\storage.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\sysedit.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\system.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\tapi.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\timer.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\toolhelp.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\typelib.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\user.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\ver.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\vga.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\wfwnet.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\wifeman.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\win87em.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\winnls.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\winsock.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\winspool.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\wowdeb.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\wowexec.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\redir.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\keyboard.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\ntio804.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\mmsystem.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\javasup.vxd ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dosx.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\_003712_.tmp.dll ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\_003743_.tmp.dll ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\spool\drivers\w32x86\3\WAVS.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\spool\drivers\w32x86\3\HLP256.DLL ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x1100_seriesf27b\WAVS.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x1100_seriesf27b\HLP256.DLL ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ansi.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\append.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\avicap.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\avifile.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\compobj.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\commdlg.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\country.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\ctl3dv2.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\twunk_16.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ddeml.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\typelib.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\debug.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\gdi.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\himem.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\drwatson.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ds16gt.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\edlin.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\exe2bin.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\key01.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\keyboard.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\fastopen.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\keyboard.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\lzexpand.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\mciavi.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\mciole16.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\mciseq.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\mciwave.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\mem.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\msvideo.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\netapi.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\nlsfunc.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\ntdos404.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\ntdos411.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\ntdos.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\ntdos412.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\ntdos804.sys ---- General
Invalid DOS signature
----- C:\WINDOWS\system32\dllcache\mouse.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\odbc16gt.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ole2disp.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ole2nls.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ole2.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\olecli.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\olesvr.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\msacm.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\pmspl.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\mscdexnt.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\storage.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\sysedit.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\system.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\tapi.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\timer.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\toolhelp.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\twain.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\user.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\ver.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\vga.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\share.exe ---- General
Not a PE file
----- C:\WINDOWS\system32\dllcache\shell.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\wfwnet.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\winnls.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\wifeman.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\win87em.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\winhelp.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\winsock.dll ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\winspool.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\wowdeb.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\wowexec.exe ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\dllcache\sound.drv ---- General
Invalid PE signature (probably NE file)
----- C:\WINDOWS\system32\IOSUBSYS\pxhelper.vxd ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\MSN\MSNCoreFiles\Setup\msn9xmig.dll ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\Internet Explorer\iexplore.exe ---- General
Win32.AutoRun.H, W32.Addsones, Worm.Win32.AutoRun.p, PE_AGENT.ZA
MD5: 385D1644E676C96EB07848ADA63E37FA:93184
EP: E8 0A 00 00 00 E9 50 FF FF FF CC CC CC CC CC 8B FF 55 8B EC 83 EC 10 A1 94 30 40 00 85 C0 74 07 3D 40 BB 00 00 75 4D 56 8D 45 F8 50 FF 15 A8 10 40 00 8B 75 FC 33 75 F8 FF 15 58 10 40 00 33 F0 FF
SEC:
.text:95690012BE915072CD7868D00CC7D471:7680
.data:3250EBD1E3513E9AA0C55AD75A9F41C3:512
.rsrc:93E8692532A826F47DC9C34580777A47:83968

----- C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagicBt.exe ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\PQVXD.vxd ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\BTIni.exe ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\FSIMAGE.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\partinfo.exe ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PQBOOT.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PQBOOTX.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PQMAGIC.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PTEDIT.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\SNUTIL.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\WRPROG.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe ---- General
Backdoor.Win32.Hupigon
MD5: C63ED941CF9D3DDB78F2B8B7EA9F1EB8:165888
EP: 55 8B EC 83 EC 44 53 56 FF 15 70 80 40 00 8B F0 33 DB 3B F3 75 08 6A FF FF 15 6C 80 40 00 57 53 53 53 FF 15 68 80 40 00 8B 3D D8 81 40 00 A3 24 A6 40 00 8A 06 3C 22 75 1B 56 FF D7 8B F0 8A 06 3C
SEC:
.text:5DCF24CEA98F3AE15E1BE28E90484754:27648
.rdata:FA18EC528EFA2D13B469F71BE57B56FE:4608
.data:254B09234BB40A020C82152F5087054D:2048
.rsrc:CCD4821307C821A56DD3F1294EBEF202:130560

----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\CHKDSK.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\CONFIG.SYS ---- General
Invalid DOS signature
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\CONFIG9x.SYS ---- General
Invalid DOS signature
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\CONFIGME.SYS ---- General
Invalid DOS signature
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\DISPLAY.SYS ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\EMM386.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\HIMEM.SYS ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\MYDOS.SYS ---- General
Invalid DOS signature
----- C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\NWCDEX.EXE ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\Lexmark X1100 Series\Drivers\French\setup.exe ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\Lexmark X1100 Series\Drivers\French\_isdel.exe ---- General
Invalid PE signature (probably NE file)
----- C:\Program Files\Lexmark X1100 Series\Drivers\French\_setup.dll ---- General
Invalid PE signature (probably NE file)
Scan completed.

Scan result: 6 infected items
Scan completed in: Scan completed in 36 minute(s) 35 sec.
Files were scanned: 11215

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:55, on 01/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\K & M\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmokestart.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

A voir également:

PC infecté, comment nettoyer roprement?
Comment nettoyer mon pc qui rame gratuitement ? - Guide
Nettoyer mac - Guide
Benchmark pc - Guide
Reinitialiser pc - Guide
Nettoyer son pc gratuitement - Guide

23 réponses

Réponse 21 / 23

crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
4 oct. 2009 à 21:46

Oui, tu peux le passer en "Résolu".
Bonne soirée.

Réponse 22 / 23

M-le-Maudit Messages postés 80 Date d'inscription jeudi 1 octobre 2009 Statut Membre Dernière intervention 23 mars 2019 2
4 oct. 2009 à 23:23

Bonne soirée à toi aussi et merci pour tout!

Réponse 23 / 23

crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
4 oct. 2009 à 23:24

A ton service.
Bonne continuation.

Newsletters