Trojan.Agent

spikeur Messages postés 59 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Apres avoir scanne mon PC avec Malwarebytes' Anti-Malware, il semble que je sois infecte par Trojan.Agent
Mais meme apres avoir faire "remove" , quand je redemarre et que je refait un scan complet il est toujours la.

Aussi pendant le scan j'ai le droit a une " Error Code 731 (0,6) " , erreur qui semble survenir au moment du scan de D:\System Volume Information\_restore\(...)\A0006434.exe

J'ai essaye de faire un scan et remove en mode sans echec avec Malwarebytes' Anti-Malware mais la bete est toujours la.

Voici un log Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:27, on 2009/12/05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: NiftyBHO - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{398EEF73-3C7F-4A41-87C7-1BE9F6F30D1E}: NameServer = 61.207.11.153 221.113.139.137
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

--
End of file - 9883 bytes
Configuration: Windows XP
Firefox 3.5.5

11 réponses

  1. Utilisateur anonyme
     
    bonjour,
    poste le rapport de MBAM en copier coller sur ton prochain message
    0
  2. spikeur Messages postés 59 Statut Membre 13
     
    A chaque fois le log est le meme, mais la bete est toujours la.
    Voici le log :

    Malwarebytes' Anti-Malware 1.42
    Database version: 3297
    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    2009/12/05 12:15:46
    mbam-log-2009-12-05 (12-15-46).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 180677
    Time elapsed: 54 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    0
  3. Utilisateur anonyme
     
    on va faire les choses comme il le faut :-)

    tu as un virus dasn la restauration système :
    D:\System Volume Information\_restore\(...)\A0006434.exe

    on va le virer après, pour le moment, je vais vérifier ton pc entièrement :

    •Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
    http://images.malwareremoval.com/random/RSIT.exe

    Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    Double clique sur RSIT.exe pour lancer l'outil.
    Clique sur ' continue ' à l'écran Disclaimer.
    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
    (log.txt & info.txt)
    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    0
  4. spikeur Messages postés 59 Statut Membre 13
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Owner at 2009-12-05 18:00:44
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 16 GB (53%) free of 31 GB
    Total RAM: 2038 MB (65% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:00:47, on 2009/12/05
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
    C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
    C:\Program Files\Fujitsu\chitose\updatenv.exe
    C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
    C:\Program Files\Common Files\Panasonic\PSSCore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTTE\Flets\app\TangoService.exe
    C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
    C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Winamp\winamp.exe
    C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\Telechargement\RSIT.exe
    C:\Program Files\trend micro\HijackThis\Owner.exe

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: NiftyBHO - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
    O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
    O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
    O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
    O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
    O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
    O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{398EEF73-3C7F-4A41-87C7-1BE9F6F30D1E}: NameServer = 61.207.11.153 221.113.139.137
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
    O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
    O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
    O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
    O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
    O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
    O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
    O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. spikeur Messages postés 59 Statut Membre 13
     
    Je precise aussi je suis sous Windows XP en japonais.
    0
  7. Utilisateur anonyme
     
    • Mode Recherche :

    Desactive ton antivirus le temps de la manip ainsi que ton pare-feu si présent

    Télécharge list&Killem.zip et enregistre le sur ton bureau
    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
    Utilise un programme pour dézipper le fichier compressé.
    Exécute le fichier Killem.exe.
    Il ne nécessite pas d'installation
    double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
    choisis la langue puis choisis l'option 1 = Mode Recherche
    laisse travailler l'outil
    le rapport va s’afficher, une fois le scan fini
    colle le contenu sur un forum spécialisé
    0
  8. spikeur Messages postés 59 Statut Membre 13
     
    List'em by g3n-h@ckm@n 1.1.2.0

    Thx to Chiquitine29.....

    User : Owner (Administrators) # FM-A058E6E1FC0F
    Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
    Start at: 18:21:12 | 2009/12/05
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Celeron(R) CPU 2.93GHz
    Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]

    C:\ -> ローカル固定ディスク | 30.01 Go (15.95 Go free) | NTFS
    D:\ -> ローカル固定ディスク | 198.57 Go (10.97 Go free) | NTFS
    E:\ -> CD-ROM ディスク
    F:\ -> CD-ROM ディスク

    、、、、、、、、、、、、、、、、、、、、、、 Processes running

    C:\WINDOWS\System32\smss.exe 504
    C:\WINDOWS\system32\csrss.exe 568
    C:\WINDOWS\system32\winlogon.exe 592
    C:\WINDOWS\system32\services.exe 640
    C:\WINDOWS\system32\lsass.exe 652
    C:\WINDOWS\system32\svchost.exe 804
    C:\WINDOWS\system32\svchost.exe 860
    C:\WINDOWS\System32\svchost.exe 964
    C:\WINDOWS\system32\svchost.exe 1048
    C:\WINDOWS\system32\svchost.exe 1188
    C:\WINDOWS\system32\spoolsv.exe 1316
    C:\WINDOWS\Explorer.EXE 1532
    C:\WINDOWS\SOUNDMAN.EXE 1680
    C:\WINDOWS\AGRSMMSG.exe 1688
    C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE 1696
    C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe 1704
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe 1712
    C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe 1720
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe 1732
    C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe 1740
    C:\Program Files\Fujitsu\chitose\updatenv.exe 1756
    C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe 1764
    C:\Program Files\Microsoft Security Essentials\msseces.exe 1792
    C:\WINDOWS\vsnpstd.exe 1856
    C:\Program Files\Java\jre6\bin\jusched.exe 1900
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1924
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1964
    C:\Program Files\DAEMON Tools Lite\DTLite.exe 2032
    C:\Program Files\Logitech\SetPoint\SetPoint.exe 164
    C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe 172
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 236
    C:\WINDOWS\system32\svchost.exe 544
    C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe 908
    C:\Program Files\Java\jre6\bin\jqs.exe 1068
    C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe 1468
    C:\Program Files\Common Files\Panasonic\PSSCore.exe 764
    C:\WINDOWS\system32\svchost.exe 2080
    C:\Program Files\NTTE\Flets\app\TangoService.exe 2112
    C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe 2148
    C:\WINDOWS\system32\SearchIndexer.exe 2288
    C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe 2356
    C:\WINDOWS\System32\alg.exe 3164
    C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe 3272
    C:\WINDOWS\system32\ctfmon.exe 4012
    C:\Program Files\Windows Live\Contacts\wlcomm.exe 2568
    C:\Program Files\Winamp\winamp.exe 644
    C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe 3844
    C:\Program Files\Mozilla Firefox\firefox.exe 3388
    D:\Telechargement\List_Kill'em.exe 3664
    C:\WINDOWS\system32\conime.exe 3764
    C:\WINDOWS\system32\cmd.exe 3232
    C:\WINDOWS\system32\wbem\wmiprvse.exe 3868
    C:\Documents and Settings\Owner\Local Settings\temp\7C.tmp\pv.exe 1228

    ======================
    Keys "Run"
    ======================

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SoundMan REG_SZ SOUNDMAN.EXE
    AGRSMMSG REG_SZ AGRSMMSG.exe
    KPDrv4Xp REG_SZ "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
    IndicatorUtility REG_SZ C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    LoadFUJ02E3 REG_SZ C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    LoadFujitsuQuickTouch REG_SZ C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    LoadBtnHnd REG_SZ C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    IRRCManager REG_SZ C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
    FJUPDNV_Chitose REG_SZ C:\Program Files\Fujitsu\chitose\updatenv.exe
    WLANNER REG_SZ "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
    TangoManager REG_SZ C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
    MSSE REG_SZ "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
    snpstd REG_SZ C:\WINDOWS\vsnpstd.exe
    IMJPMIG9.0 REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
    =====================
    Other Keys
    =====================

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
    dontdisplaylastusername REG_DWORD 0x0
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 0x1
    undockwithoutlogon REG_DWORD 0x1
    DisableRegistryTools REG_DWORD 0x0
    ===============

    ===============
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    ===============
    BHO :
    ======
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{603EC267-504E-4BD4-97F3-5DD71A271EAF}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B37B14B8-699F-4002-9254-D1AB00FD07B5}]
    @="NiftyBHO"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    "NoExplorer"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    @="JQSIEStartDetectorImpl"
    "NoExplorer"=dword:00000001

    ================
    Internet Explorer :
    ================

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    Start Page REG_SZ https://azby.fmworld.net/information/20171001/

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2
    =========

    =========================
    Environnement variables :
    =========================

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    choix=1
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=FM-A058E6E1FC0F
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\FM-A058E6E1FC0F
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\pcdNavi\bin;;C:\Program Files\Justsystem\BeatJam Music Server;C:\Program Files\Common Files\DivX Shared
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0401
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=FM-A058E6E1FC0F
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS

    ==========
    Programs
    ==========

    、、、、、、、、、、 Files/folders :

    C:\WINDOWS\mbr.exe

    、、、、、、、、、、 Keys :

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run "snpstd"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

    =========
    Rootkits
    =========

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-05 18:24:50
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
    "\xff910\xff710\xff830\xff880 ?\xff790\xff710\xff780\x30fb\x30fb\x30fb ?\xff9f0\xff8b0\xff9d0\x30fb\xff880????"=str(7):"1\0002\0003\0"
    "\xe326\xff65c\xff910\x30fb\x30fb\x30fb????"=str(7):"1\0"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
    "h0"=dword:00000000
    "hdf12"=hex:f3,2b,72,de,6a,e6,8e,12,d5,33,93,52,1c,44,28,d0,e4,6d,bd,52,46,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,57,b3,d0,49,ca,68,f4,50,a3,6e,29,e1,09,4c,95,4c,09,..
    "hdf12"=hex:e2,5a,44,f0,f4,0c,39,a8,d2,c0,71,e3,bc,2b,8c,86,24,50,86,e6,6a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:cb,21,11,a8,23,49,e6,ad,99,38,ed,2c,e5,99,d2,c3,af,93,d5,da,70,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
    "\xff910\xff710\xff830\xff880 ?\xff790\xff710\xff780\x30fb\x30fb\x30fb ?\xff9f0\xff8b0\xff9d0\x30fb\xff880????"=str(7):"1\0002\0003\0"
    "\xe326\xff65c\xff910\x30fb\x30fb\x30fb????"=str(7):"1\0"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
    "h0"=dword:00000000
    "hdf12"=hex:f3,2b,72,de,6a,e6,8e,12,d5,33,93,52,1c,44,28,d0,e4,6d,bd,52,46,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,57,b3,d0,49,ca,68,f4,50,a3,6e,29,e1,09,4c,95,4c,09,..
    "hdf12"=hex:e2,5a,44,f0,f4,0c,39,a8,d2,c0,71,e3,bc,2b,8c,86,24,50,86,e6,6a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:cb,21,11,a8,23,49,e6,ad,99,38,ed,2c,e5,99,d2,c3,af,93,d5,da,70,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
    "\31jィn0D}0\bT\x30fb[0??"="",,,,,,,,,,,,,""
    "Kb ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
    "Kb ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
    "P`\xff9cz"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
    "\xff6a0\x30fb\x30fb\xff890 ?\xff950\xff610\xff830\xff770\x30fb\x30fb????"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
    "\xff730\x30fb\xff800\xff6f0\xff7f0?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
    "x'Y\xff9d0\xff640\x30fb\xff7f0??"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
    "D0\x30fbD0\x30fbj0\xff9d0\xff640\x30fb\xff7f0???"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]
    "-\xf8f33\xf8f3 ?\16f\35g"=dword:0000c080
    "-\xf8f33\xf8f3 ?0\xf8f3\16f\35g"=dword:00004080
    "-\xf8f33\xf8f3 ?\xff740\xff770\xff830\xff6f0"=dword:00008080
    "-\xf8f33\xf8f3 ?0\xf8f3\xff740\xff770\xff830\xff6f0"=dword:00000080
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
    "-\xf8f33\xf8f3 ?\xff740\xff770\xff830\xff6f0 ?&? ?-\xf8f33\xf8f3 ?0\xf8f3\xff740\xff770\xff830\xff6f0 ?&? ?M?S? ?U?I? ?G?o?t?h?i?c? ?(?T?r?u?e?T?y?p?e?)?"="msgoth04.ttc"
    "-\xf8f33\xf8f3 ?\16f\35g ?&? ?-\xf8f33\xf8f3 ?0\xf8f3\16f\35g ?(?T?r?u?e?T?y?p?e?)?"="msmin04.ttc"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
    "\31jィ\16f\35g?"="-3 "
    "\31jィ\xff740\xff770\xff830\xff6f0?"="-3 \x30b4\x30b7\x30c3\x30af"
    "\xff740\xff770\xff830\xff6f0"="-3 \x30b4\x30b7\x30c3\x30af"
    "z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="-3 \x30b4\x30b7\x30c3\x30af"
    "x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
    "\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
    "\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MapGroups]
    "}\xf8f3\x80\xf8f3p\xf8f3\x30fbq\xf8f3o\xf8f3\x30fb\x30fb???"="\x30b9\x30bf\x30fc\x30c8\x30a2\x30c3\x30d7"
    "q\xf8f3x\xf8f3~\xf8f3{\xf8f3\x30fb?"="\x30a2\x30af\x30bb\x30b5\x30ea"
    "y\xf8f3\x30fbp\xf8f3\x30fb??"="\x30b2\x30fc\x30e0"
    "\x30fbr\xf8f3\x30fb??"="\x30e1\x30a4\x30f3"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
    "\xff720\x30fb\x30fb??"="\x30a2\x30af\x30bb\x30b5\x30ea\\x30b2\x30fc\x30e0"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    、、、、、、、、、、 C:\WINDOWS\Prefetch :

    AGRSMMSG.EXE-03227799.pf
    ALG.EXE-2226CE17.pf
    ASPNET_REGIIS.EXE-23567214.pf
    BGSVCLIB.EXE-1736CB3D.pf
    BLASTCLN.EXE-098580DA.pf
    CMD.EXE-137A0D53.pf
    CONTROL.EXE-01F9F0D0.pf
    EXPLORER.EXE-05416907.pf
    FXSSVC.EXE-252A2E0B.pf
    GACUTIL.EXE-266B6500.pf
    IE4UINIT.EXE-2DDA9760.pf
    IE8-WINDOWSXP-X86-JPN.EXE-03712536.pf
    IESETUP.EXE-346E39DF.pf
    IEXPLORE.EXE-06887102.pf
    IMJPMIG.EXE-26FABE38.pf
    INDICATORUTY.EXE-29C3ADC6.pf
    IRRCMANAGER.EXE-31E38EEB.pf
    JUSCHED.EXE-2211C03C.pf
    KPDRV4XP.EXE-05A196BD.pf
    LOGAGENT.EXE-19BB3652.pf
    LOGONUI.EXE-3164D1CB.pf
    MOFCOMP.EXE-011832D2.pf
    MSDTC.EXE-0E0E8DC0.pf
    MSIEXEC.EXE-0CCC6E74.pf
    MYMEDIASERVER.EXE-36322914.pf
    NDP1.0SP3-KB928367-X86-JPN.EX-15E25B83.pf
    NETFXSBS10.EXE-02C47937.pf
    NETFXUPDATE.EXE-024380AF.pf
    NGEN.EXE-03997F61.pf
    NTOSBOOT-B00DFAAD.pf
    PSSCORE.EXE-2C8AE1E7.pf
    REG.EXE-0ECAB75D.pf
    REGSVR32.EXE-10006695.pf
    RUNDLL32.EXE-2DDCDF6F.pf
    RUNDLL32.EXE-2F71E21A.pf
    RUNDLL32.EXE-3C1C2268.pf
    RUNDLL32.EXE-458ED2A6.pf
    RUNDLL32.EXE-57DC0BDA.pf
    RUNDLL32.EXE-625DEF23.pf
    SETUP50.EXE-313C0242.pf
    SHMGRATE.EXE-04666141.pf
    SL12F.TMP-3888E78A.pf
    SOUNDMAN.EXE-1C6229D6.pf
    SPUPDSVC.EXE-3127A20A.pf
    SPUPDWXP.EXE-3651E59A.pf
    SYSTRAY.EXE-1815A4B4.pf
    TANGOM~1.EXE-12374EAE.pf
    TANGOSERVICE.EXE-20791A51.pf
    TINTSETP.EXE-2EF5B8E9.pf
    UNREGMP2.EXE-122B40D1.pf
    UPDATE.EXE-0013A211.pf
    UPDATE.EXE-00A5E249.pf
    UPDATE.EXE-00FDA540.pf
    UPDATE.EXE-0107C283.pf
    UPDATE.EXE-03014D43.pf
    UPDATE.EXE-041D3249.pf
    UPDATE.EXE-044027DA.pf
    UPDATE.EXE-0472DBCD.pf
    UPDATE.EXE-067606C3.pf
    UPDATE.EXE-088A0DC2.pf
    UPDATE.EXE-08B1E321.pf
    UPDATE.EXE-090C8C26.pf
    UPDATE.EXE-0C3CC38D.pf
    UPDATE.EXE-0C475044.pf
    UPDATE.EXE-0D7F8F69.pf
    UPDATE.EXE-0E138749.pf
    UPDATE.EXE-0E282569.pf
    UPDATE.EXE-0FD19190.pf
    UPDATE.EXE-114362AD.pf
    UPDATE.EXE-12452405.pf
    UPDATE.EXE-13D17184.pf
    UPDATE.EXE-15DF5E06.pf
    UPDATE.EXE-176F6CF3.pf
    UPDATE.EXE-18C961D9.pf
    UPDATE.EXE-1A4D39C7.pf
    UPDATE.EXE-1B4B6744.pf
    UPDATE.EXE-1C310A44.pf
    UPDATE.EXE-1DB049DF.pf
    UPDATE.EXE-1DE159B8.pf
    UPDATE.EXE-1DF4BCAA.pf
    UPDATE.EXE-1E042F4D.pf
    UPDATE.EXE-1E54EE98.pf
    UPDATE.EXE-1EB5AA8D.pf
    UPDATE.EXE-1FE19D51.pf
    UPDATE.EXE-20372856.pf
    UPDATE.EXE-20C28DFE.pf
    UPDATE.EXE-2130076C.pf
    UPDATE.EXE-219B44B0.pf
    UPDATE.EXE-220FBA34.pf
    UPDATE.EXE-229E6819.pf
    UPDATE.EXE-235D66A7.pf
    UPDATE.EXE-2419FEB1.pf
    UPDATE.EXE-24DDFA17.pf
    UPDATE.EXE-2514939D.pf
    UPDATE.EXE-2654BDFD.pf
    UPDATE.EXE-26F621B2.pf
    UPDATE.EXE-27F29082.pf
    UPDATE.EXE-2A1EAEF3.pf
    UPDATE.EXE-2AB00DC6.pf
    UPDATE.EXE-2B3F2587.pf
    UPDATE.EXE-2CADF165.pf
    UPDATE.EXE-2DBA1341.pf
    UPDATE.EXE-31458233.pf
    UPDATE.EXE-3153CC67.pf
    UPDATE.EXE-3292FEE1.pf
    UPDATE.EXE-3295ECAE.pf
    UPDATE.EXE-3382E843.pf
    UPDATE.EXE-34D84D09.pf
    UPDATE.EXE-35396016.pf
    UPDATE.EXE-368D7336.pf
    UPDATE.EXE-368DD108.pf
    UPDATE.EXE-37AAFAC9.pf
    UPDATE.EXE-37F3D0FE.pf
    UPDATE.EXE-38483D5D.pf
    UPDATE.EXE-392B21CC.pf
    UPDATE.EXE-397442F9.pf
    UPDATE.EXE-39904B84.pf
    UPDATE.EXE-3A8E5EA2.pf
    UPDATE.EXE-3B556BA9.pf
    UPDATENV.EXE-26F247A9.pf
    USERINIT.EXE-19714419.pf
    VERCLSID.EXE-3B227142.pf
    VRSERVICE.EXE-043E43B9.pf
    WDFMGR.EXE-168EB72D.pf
    WINDOWS-KB890830-V3.0.EXE-0EE439CC.pf
    WMIADAP.EXE-307DE719.pf
    WMIPRVSE.EXE-0E69CB0B.pf
    WSCNTFY.EXE-314E7AE5.pf
    WUAUCLT.EXE-12D8E25E.pf

    、、、、、、、、、、、、、、、、、( EOF )、、、、、、、、、、、、、、、、、、、、、、、
    0
  9. Utilisateur anonyme
     
    Mode Suppression

    REDEMARRE EN MODE SANS ECHEC
    Redémarre l'ordinateur en tapotant la touche F8 plusieurs fois jusqu'à l'apparition d'un menu (blanc sur fond noir).
    Ne t'inquiète pas si les couleurs et les icônes ne sont pas comme d'habitude
    Dans ce menu, à l'aide des touches directionnelles, mettez en surbrillance la ligne Démarrer en mode sans échec.
    Choisir le système d'exploitation à démarrer.
    Choisir votre compte habituel pour vous loguer.
    A l'avertissement disant que l'ordinateur a démarré en mode sans échec, cliquer sur Continuer.
    Remarque: Sur certains ordinateurs, la touche F8 est inopérante. Utiliser dans ce cas la touche F5 ou F12(ordinateur US).
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    Tuto:http://www.vista-xp.fr/forum/topic93.html
    Relance List&Kill'em (clic droit pour vista),
    mais cette fois-ci :
    choisis l'option 2 = Mode Destruction
    laisse travailler l'outil
    après les vérifications , un rapport va s'ouvrir.
    Ferme-le.
    Un deuxième rapport va s’ouvrir,
    colle son contenu dans ta réponse après avoir redémarré en mode normal

    à la fin de cette opération, repasse un autre rsit
    note :
    tu n'auras qu'un seul rapport log.txt
    0
  10. spikeur Messages postés 59 Statut Membre 13
     
    Kill'em by g3n-h@ckm@n 1.1.2.0

    User : Owner () # FM-A058E6E1FC0F
    Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
    Start at: 19:03:34 | 2009/12/05
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Celeron(R) CPU 2.93GHz
    Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Microsoft Security Essentials 2.0.6212.0 [ (!) Disabled | Updated ]

    C:\ -> ローカル固定ディスク | 30.01 Go (15.97 Go free) | NTFS
    D:\ -> ローカル固定ディスク | 198.57 Go (10.97 Go free) | NTFS
    E:\ -> CD-ROM ディスク

    、、、、、、、、、、、、、、、、、、、、、、 Processes running

    C:\WINDOWS\System32\smss.exe 168
    C:\WINDOWS\system32\csrss.exe 216
    C:\WINDOWS\system32\winlogon.exe 240
    C:\WINDOWS\system32\services.exe 284
    C:\WINDOWS\system32\lsass.exe 296
    C:\WINDOWS\system32\svchost.exe 448
    C:\WINDOWS\system32\svchost.exe 508
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe 548
    C:\WINDOWS\system32\svchost.exe 604
    C:\WINDOWS\Explorer.EXE 880
    C:\WINDOWS\system32\NOTEPAD.EXE 1184
    D:\Telechargement\List_Kill'em.exe 1196
    C:\WINDOWS\system32\conime.exe 1212
    C:\WINDOWS\system32\cmd.exe 1220
    C:\WINDOWS\system32\wbem\wmiprvse.exe 1304
    C:\Documents and Settings\Owner\Local Settings\temp\1.tmp\pv.exe 1368

    Detections :
    ==========

    、、、、、、、、、、 Files/folders :

    "C:\WINDOWS\mbr.exe"

    、、、、、、、、、、 Files/folders deleted :

    Quarantine :

    MBR.exe.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

    ============
    Disk Cleaned
    ============

    、、、、、、、、、、 C:\WINDOWS\Prefetch

    NTOSBOOT-B00DFAAD.pf

    、、、、、、、、、、、、、、、、、、、( EOF )、、、、、、、、、、、、、、、、、、、、、
    0
  11. spikeur Messages postés 59 Statut Membre 13
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Owner at 2009-12-05 19:18:59
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 16 GB (53%) free of 31 GB
    Total RAM: 2038 MB (71% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:19:11, on 2009/12/05
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
    C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
    C:\Program Files\Fujitsu\chitose\updatenv.exe
    C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
    C:\Program Files\Common Files\Panasonic\PSSCore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTTE\Flets\app\TangoService.exe
    C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
    C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Telechargement\RSIT.exe
    C:\Program Files\trend micro\HijackThis\Owner.exe

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: NiftyBHO - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
    O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
    O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
    O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
    O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
    O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
    O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{398EEF73-3C7F-4A41-87C7-1BE9F6F30D1E}: NameServer = 61.207.11.153 221.113.139.137
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
    O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
    O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
    O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
    O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
    O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
    O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
    O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
    0
  12. Utilisateur anonyme
     
    Télécharge USBFIX de Chiquitine29, C_xx et Chimay8

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    ou ici :
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .
    • Choisis l'option 1 (Recherche)
    • Laisse travailler l'outil.
    • Ensuite post le rapport UsbFix.txt qui apparaîtra.
    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

    • Tuto : http://pagesperso-orange.fr/nostools/tuto_usbfix2.html
    0