Sujet Précédent Sujet Suivant

Trojan.Agent

Fermé
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 - 5 déc. 2009 à 09:12
 Utilisateur anonyme - 5 déc. 2009 à 11:20
Bonjour,

Apres avoir scanne mon PC avec Malwarebytes' Anti-Malware, il semble que je sois infecte par Trojan.Agent
Mais meme apres avoir faire "remove" , quand je redemarre et que je refait un scan complet il est toujours la.

Aussi pendant le scan j'ai le droit a une " Error Code 731 (0,6) " , erreur qui semble survenir au moment du scan de D:\System Volume Information\_restore\(...)\A0006434.exe

J'ai essaye de faire un scan et remove en mode sans echec avec Malwarebytes' Anti-Malware mais la bete est toujours la.

Voici un log Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:27, on 2009/12/05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: NiftyBHO - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{398EEF73-3C7F-4A41-87C7-1BE9F6F30D1E}: NameServer = 61.207.11.153 221.113.139.137
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

11 réponses

Réponse 1 / 11
Utilisateur anonyme
5 déc. 2009 à 09:51
bonjour,
poste le rapport de MBAM en copier coller sur ton prochain message
0
Réponse 2 / 11
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 13
5 déc. 2009 à 09:55
A chaque fois le log est le meme, mais la bete est toujours la.
Voici le log :

Malwarebytes' Anti-Malware 1.42
Database version: 3297
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2009/12/05 12:15:46
mbam-log-2009-12-05 (12-15-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 180677
Time elapsed: 54 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0
Réponse 3 / 11
Utilisateur anonyme
5 déc. 2009 à 09:58
on va faire les choses comme il le faut :-)

tu as un virus dasn la restauration système :
D:\System Volume Information\_restore\(...)\A0006434.exe

on va le virer après, pour le moment, je vais vérifier ton pc entièrement :

•Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
http://images.malwareremoval.com/random/RSIT.exe

Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Double clique sur RSIT.exe pour lancer l'outil.
Clique sur ' continue ' à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
(log.txt & info.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
0
Réponse 4 / 11
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 13
5 déc. 2009 à 10:04
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-12-05 18:00:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (53%) free of 31 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:47, on 2009/12/05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Telechargement\RSIT.exe
C:\Program Files\trend micro\HijackThis\Owner.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: NiftyBHO - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{398EEF73-3C7F-4A41-87C7-1BE9F6F30D1E}: NameServer = 61.207.11.153 221.113.139.137
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 13
5 déc. 2009 à 10:12
Je precise aussi je suis sous Windows XP en japonais.
0
Réponse 6 / 11
Utilisateur anonyme
5 déc. 2009 à 10:14
• Mode Recherche :

Desactive ton antivirus le temps de la manip ainsi que ton pare-feu si présent

Télécharge list&Killem.zip et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
Utilise un programme pour dézipper le fichier compressé.
Exécute le fichier Killem.exe.
Il ne nécessite pas d'installation
double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisse travailler l'outil
le rapport va s’afficher, une fois le scan fini
colle le contenu sur un forum spécialisé
0
Réponse 7 / 11
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 13
5 déc. 2009 à 10:49
List'em by g3n-h@ckm@n 1.1.2.0

Thx to Chiquitine29.....

User : Owner (Administrators) # FM-A058E6E1FC0F
Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
Start at: 18:21:12 | 2009/12/05
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(R) CPU 2.93GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]

C:\ -> ローカル固定ディスク | 30.01 Go (15.95 Go free) | NTFS
D:\ -> ローカル固定ディスク | 198.57 Go (10.97 Go free) | NTFS
E:\ -> CD-ROM ディスク
F:\ -> CD-ROM ディスク

、、、、、、、、、、、、、、、、、、、、、、 Processes running

C:\WINDOWS\System32\smss.exe 504
C:\WINDOWS\system32\csrss.exe 568
C:\WINDOWS\system32\winlogon.exe 592
C:\WINDOWS\system32\services.exe 640
C:\WINDOWS\system32\lsass.exe 652
C:\WINDOWS\system32\svchost.exe 804
C:\WINDOWS\system32\svchost.exe 860
C:\WINDOWS\System32\svchost.exe 964
C:\WINDOWS\system32\svchost.exe 1048
C:\WINDOWS\system32\svchost.exe 1188
C:\WINDOWS\system32\spoolsv.exe 1316
C:\WINDOWS\Explorer.EXE 1532
C:\WINDOWS\SOUNDMAN.EXE 1680
C:\WINDOWS\AGRSMMSG.exe 1688
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE 1696
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe 1704
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe 1712
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe 1720
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe 1732
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe 1740
C:\Program Files\Fujitsu\chitose\updatenv.exe 1756
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe 1764
C:\Program Files\Microsoft Security Essentials\msseces.exe 1792
C:\WINDOWS\vsnpstd.exe 1856
C:\Program Files\Java\jre6\bin\jusched.exe 1900
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1924
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1964
C:\Program Files\DAEMON Tools Lite\DTLite.exe 2032
C:\Program Files\Logitech\SetPoint\SetPoint.exe 164
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe 172
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 236
C:\WINDOWS\system32\svchost.exe 544
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe 908
C:\Program Files\Java\jre6\bin\jqs.exe 1068
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe 1468
C:\Program Files\Common Files\Panasonic\PSSCore.exe 764
C:\WINDOWS\system32\svchost.exe 2080
C:\Program Files\NTTE\Flets\app\TangoService.exe 2112
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe 2148
C:\WINDOWS\system32\SearchIndexer.exe 2288
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe 2356
C:\WINDOWS\System32\alg.exe 3164
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe 3272
C:\WINDOWS\system32\ctfmon.exe 4012
C:\Program Files\Windows Live\Contacts\wlcomm.exe 2568
C:\Program Files\Winamp\winamp.exe 644
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe 3844
C:\Program Files\Mozilla Firefox\firefox.exe 3388
D:\Telechargement\List_Kill'em.exe 3664
C:\WINDOWS\system32\conime.exe 3764
C:\WINDOWS\system32\cmd.exe 3232
C:\WINDOWS\system32\wbem\wmiprvse.exe 3868
C:\Documents and Settings\Owner\Local Settings\temp\7C.tmp\pv.exe 1228

======================
Keys "Run"
======================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan REG_SZ SOUNDMAN.EXE
AGRSMMSG REG_SZ AGRSMMSG.exe
KPDrv4Xp REG_SZ "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
IndicatorUtility REG_SZ C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
LoadFUJ02E3 REG_SZ C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
LoadFujitsuQuickTouch REG_SZ C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
LoadBtnHnd REG_SZ C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
IRRCManager REG_SZ C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
FJUPDNV_Chitose REG_SZ C:\Program Files\Fujitsu\chitose\updatenv.exe
WLANNER REG_SZ "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
TangoManager REG_SZ C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
MSSE REG_SZ "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
snpstd REG_SZ C:\WINDOWS\vsnpstd.exe
IMJPMIG9.0 REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
DisableRegistryTools REG_DWORD 0x0
===============

===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
===============
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{603EC267-504E-4BD4-97F3-5DD71A271EAF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B37B14B8-699F-4002-9254-D1AB00FD07B5}]
@="NiftyBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001


================
Internet Explorer :
================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://azby.fmworld.net/information/20171001/


========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
choix=1
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FM-A058E6E1FC0F
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\FM-A058E6E1FC0F
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\pcdNavi\bin;;C:\Program Files\Justsystem\BeatJam Music Server;C:\Program Files\Common Files\DivX Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=FM-A058E6E1FC0F
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

==========
Programs
==========


、、、、、、、、、、 Files/folders :

C:\WINDOWS\mbr.exe

、、、、、、、、、、 Keys :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run "snpstd"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 18:24:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xff910\xff710\xff830\xff880 ?\xff790\xff710\xff780\x30fb\x30fb\x30fb ?\xff9f0\xff8b0\xff9d0\x30fb\xff880????"=str(7):"1\0002\0003\0"
"\xe326\xff65c\xff910\x30fb\x30fb\x30fb????"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:f3,2b,72,de,6a,e6,8e,12,d5,33,93,52,1c,44,28,d0,e4,6d,bd,52,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,57,b3,d0,49,ca,68,f4,50,a3,6e,29,e1,09,4c,95,4c,09,..
"hdf12"=hex:e2,5a,44,f0,f4,0c,39,a8,d2,c0,71,e3,bc,2b,8c,86,24,50,86,e6,6a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:cb,21,11,a8,23,49,e6,ad,99,38,ed,2c,e5,99,d2,c3,af,93,d5,da,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xff910\xff710\xff830\xff880 ?\xff790\xff710\xff780\x30fb\x30fb\x30fb ?\xff9f0\xff8b0\xff9d0\x30fb\xff880????"=str(7):"1\0002\0003\0"
"\xe326\xff65c\xff910\x30fb\x30fb\x30fb????"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:f3,2b,72,de,6a,e6,8e,12,d5,33,93,52,1c,44,28,d0,e4,6d,bd,52,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,57,b3,d0,49,ca,68,f4,50,a3,6e,29,e1,09,4c,95,4c,09,..
"hdf12"=hex:e2,5a,44,f0,f4,0c,39,a8,d2,c0,71,e3,bc,2b,8c,86,24,50,86,e6,6a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:cb,21,11,a8,23,49,e6,ad,99,38,ed,2c,e5,99,d2,c3,af,93,d5,da,70,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\31jィn0D}0\bT\x30fb[0??"="",,,,,,,,,,,,,""
"Kb ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"Kb ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"P`\xff9cz"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\xff6a0\x30fb\x30fb\xff890 ?\xff950\xff610\xff830\xff770\x30fb\x30fb????"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xff730\x30fb\xff800\xff6f0\xff7f0?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"x'Y\xff9d0\xff640\x30fb\xff7f0??"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"D0\x30fbD0\x30fbj0\xff9d0\xff640\x30fb\xff7f0???"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]
"-\xf8f33\xf8f3 ?\16f\35g"=dword:0000c080
"-\xf8f33\xf8f3 ?0\xf8f3\16f\35g"=dword:00004080
"-\xf8f33\xf8f3 ?\xff740\xff770\xff830\xff6f0"=dword:00008080
"-\xf8f33\xf8f3 ?0\xf8f3\xff740\xff770\xff830\xff6f0"=dword:00000080
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"-\xf8f33\xf8f3 ?\xff740\xff770\xff830\xff6f0 ?&? ?-\xf8f33\xf8f3 ?0\xf8f3\xff740\xff770\xff830\xff6f0 ?&? ?M?S? ?U?I? ?G?o?t?h?i?c? ?(?T?r?u?e?T?y?p?e?)?"="msgoth04.ttc"
"-\xf8f33\xf8f3 ?\16f\35g ?&? ?-\xf8f33\xf8f3 ?0\xf8f3\16f\35g ?(?T?r?u?e?T?y?p?e?)?"="msmin04.ttc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"\31jィ\16f\35g?"="-3 "
"\31jィ\xff740\xff770\xff830\xff6f0?"="-3 \x30b4\x30b7\x30c3\x30af"
"\xff740\xff770\xff830\xff6f0"="-3 \x30b4\x30b7\x30c3\x30af"
"z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="-3 \x30b4\x30b7\x30c3\x30af"
"x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
"\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
"\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MapGroups]
"}\xf8f3\x80\xf8f3p\xf8f3\x30fbq\xf8f3o\xf8f3\x30fb\x30fb???"="\x30b9\x30bf\x30fc\x30c8\x30a2\x30c3\x30d7"
"q\xf8f3x\xf8f3~\xf8f3{\xf8f3\x30fb?"="\x30a2\x30af\x30bb\x30b5\x30ea"
"y\xf8f3\x30fbp\xf8f3\x30fb??"="\x30b2\x30fc\x30e0"
"\x30fbr\xf8f3\x30fb??"="\x30e1\x30a4\x30f3"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xff720\x30fb\x30fb??"="\x30a2\x30af\x30bb\x30b5\x30ea\\x30b2\x30fc\x30e0"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


、、、、、、、、、、 C:\WINDOWS\Prefetch :

AGRSMMSG.EXE-03227799.pf
ALG.EXE-2226CE17.pf
ASPNET_REGIIS.EXE-23567214.pf
BGSVCLIB.EXE-1736CB3D.pf
BLASTCLN.EXE-098580DA.pf
CMD.EXE-137A0D53.pf
CONTROL.EXE-01F9F0D0.pf
EXPLORER.EXE-05416907.pf
FXSSVC.EXE-252A2E0B.pf
GACUTIL.EXE-266B6500.pf
IE4UINIT.EXE-2DDA9760.pf
IE8-WINDOWSXP-X86-JPN.EXE-03712536.pf
IESETUP.EXE-346E39DF.pf
IEXPLORE.EXE-06887102.pf
IMJPMIG.EXE-26FABE38.pf
INDICATORUTY.EXE-29C3ADC6.pf
IRRCMANAGER.EXE-31E38EEB.pf
JUSCHED.EXE-2211C03C.pf
KPDRV4XP.EXE-05A196BD.pf
LOGAGENT.EXE-19BB3652.pf
LOGONUI.EXE-3164D1CB.pf
MOFCOMP.EXE-011832D2.pf
MSDTC.EXE-0E0E8DC0.pf
MSIEXEC.EXE-0CCC6E74.pf
MYMEDIASERVER.EXE-36322914.pf
NDP1.0SP3-KB928367-X86-JPN.EX-15E25B83.pf
NETFXSBS10.EXE-02C47937.pf
NETFXUPDATE.EXE-024380AF.pf
NGEN.EXE-03997F61.pf
NTOSBOOT-B00DFAAD.pf
PSSCORE.EXE-2C8AE1E7.pf
REG.EXE-0ECAB75D.pf
REGSVR32.EXE-10006695.pf
RUNDLL32.EXE-2DDCDF6F.pf
RUNDLL32.EXE-2F71E21A.pf
RUNDLL32.EXE-3C1C2268.pf
RUNDLL32.EXE-458ED2A6.pf
RUNDLL32.EXE-57DC0BDA.pf
RUNDLL32.EXE-625DEF23.pf
SETUP50.EXE-313C0242.pf
SHMGRATE.EXE-04666141.pf
SL12F.TMP-3888E78A.pf
SOUNDMAN.EXE-1C6229D6.pf
SPUPDSVC.EXE-3127A20A.pf
SPUPDWXP.EXE-3651E59A.pf
SYSTRAY.EXE-1815A4B4.pf
TANGOM~1.EXE-12374EAE.pf
TANGOSERVICE.EXE-20791A51.pf
TINTSETP.EXE-2EF5B8E9.pf
UNREGMP2.EXE-122B40D1.pf
UPDATE.EXE-0013A211.pf
UPDATE.EXE-00A5E249.pf
UPDATE.EXE-00FDA540.pf
UPDATE.EXE-0107C283.pf
UPDATE.EXE-03014D43.pf
UPDATE.EXE-041D3249.pf
UPDATE.EXE-044027DA.pf
UPDATE.EXE-0472DBCD.pf
UPDATE.EXE-067606C3.pf
UPDATE.EXE-088A0DC2.pf
UPDATE.EXE-08B1E321.pf
UPDATE.EXE-090C8C26.pf
UPDATE.EXE-0C3CC38D.pf
UPDATE.EXE-0C475044.pf
UPDATE.EXE-0D7F8F69.pf
UPDATE.EXE-0E138749.pf
UPDATE.EXE-0E282569.pf
UPDATE.EXE-0FD19190.pf
UPDATE.EXE-114362AD.pf
UPDATE.EXE-12452405.pf
UPDATE.EXE-13D17184.pf
UPDATE.EXE-15DF5E06.pf
UPDATE.EXE-176F6CF3.pf
UPDATE.EXE-18C961D9.pf
UPDATE.EXE-1A4D39C7.pf
UPDATE.EXE-1B4B6744.pf
UPDATE.EXE-1C310A44.pf
UPDATE.EXE-1DB049DF.pf
UPDATE.EXE-1DE159B8.pf
UPDATE.EXE-1DF4BCAA.pf
UPDATE.EXE-1E042F4D.pf
UPDATE.EXE-1E54EE98.pf
UPDATE.EXE-1EB5AA8D.pf
UPDATE.EXE-1FE19D51.pf
UPDATE.EXE-20372856.pf
UPDATE.EXE-20C28DFE.pf
UPDATE.EXE-2130076C.pf
UPDATE.EXE-219B44B0.pf
UPDATE.EXE-220FBA34.pf
UPDATE.EXE-229E6819.pf
UPDATE.EXE-235D66A7.pf
UPDATE.EXE-2419FEB1.pf
UPDATE.EXE-24DDFA17.pf
UPDATE.EXE-2514939D.pf
UPDATE.EXE-2654BDFD.pf
UPDATE.EXE-26F621B2.pf
UPDATE.EXE-27F29082.pf
UPDATE.EXE-2A1EAEF3.pf
UPDATE.EXE-2AB00DC6.pf
UPDATE.EXE-2B3F2587.pf
UPDATE.EXE-2CADF165.pf
UPDATE.EXE-2DBA1341.pf
UPDATE.EXE-31458233.pf
UPDATE.EXE-3153CC67.pf
UPDATE.EXE-3292FEE1.pf
UPDATE.EXE-3295ECAE.pf
UPDATE.EXE-3382E843.pf
UPDATE.EXE-34D84D09.pf
UPDATE.EXE-35396016.pf
UPDATE.EXE-368D7336.pf
UPDATE.EXE-368DD108.pf
UPDATE.EXE-37AAFAC9.pf
UPDATE.EXE-37F3D0FE.pf
UPDATE.EXE-38483D5D.pf
UPDATE.EXE-392B21CC.pf
UPDATE.EXE-397442F9.pf
UPDATE.EXE-39904B84.pf
UPDATE.EXE-3A8E5EA2.pf
UPDATE.EXE-3B556BA9.pf
UPDATENV.EXE-26F247A9.pf
USERINIT.EXE-19714419.pf
VERCLSID.EXE-3B227142.pf
VRSERVICE.EXE-043E43B9.pf
WDFMGR.EXE-168EB72D.pf
WINDOWS-KB890830-V3.0.EXE-0EE439CC.pf
WMIADAP.EXE-307DE719.pf
WMIPRVSE.EXE-0E69CB0B.pf
WSCNTFY.EXE-314E7AE5.pf
WUAUCLT.EXE-12D8E25E.pf




、、、、、、、、、、、、、、、、、( EOF )、、、、、、、、、、、、、、、、、、、、、、、
0
Réponse 8 / 11
Utilisateur anonyme
5 déc. 2009 à 10:51
Mode Suppression

REDEMARRE EN MODE SANS ECHEC
Redémarre l'ordinateur en tapotant la touche F8 plusieurs fois jusqu'à l'apparition d'un menu (blanc sur fond noir).
Ne t'inquiète pas si les couleurs et les icônes ne sont pas comme d'habitude
Dans ce menu, à l'aide des touches directionnelles, mettez en surbrillance la ligne Démarrer en mode sans échec.
Choisir le système d'exploitation à démarrer.
Choisir votre compte habituel pour vous loguer.
A l'avertissement disant que l'ordinateur a démarré en mode sans échec, cliquer sur Continuer.
Remarque: Sur certains ordinateurs, la touche F8 est inopérante. Utiliser dans ce cas la touche F5 ou F12(ordinateur US).
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Tuto:http://www.vista-xp.fr/forum/topic93.html
Relance List&Kill'em (clic droit pour vista),
mais cette fois-ci :
choisis l'option 2 = Mode Destruction
laisse travailler l'outil
après les vérifications , un rapport va s'ouvrir.
Ferme-le.
Un deuxième rapport va s’ouvrir,
colle son contenu dans ta réponse après avoir redémarré en mode normal


à la fin de cette opération, repasse un autre rsit
note :
tu n'auras qu'un seul rapport log.txt
0
Réponse 9 / 11
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 13
5 déc. 2009 à 11:17
Kill'em by g3n-h@ckm@n 1.1.2.0

User : Owner () # FM-A058E6E1FC0F
Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
Start at: 19:03:34 | 2009/12/05
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(R) CPU 2.93GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Microsoft Security Essentials 2.0.6212.0 [ (!) Disabled | Updated ]

C:\ -> ローカル固定ディスク | 30.01 Go (15.97 Go free) | NTFS
D:\ -> ローカル固定ディスク | 198.57 Go (10.97 Go free) | NTFS
E:\ -> CD-ROM ディスク


、、、、、、、、、、、、、、、、、、、、、、 Processes running

C:\WINDOWS\System32\smss.exe 168
C:\WINDOWS\system32\csrss.exe 216
C:\WINDOWS\system32\winlogon.exe 240
C:\WINDOWS\system32\services.exe 284
C:\WINDOWS\system32\lsass.exe 296
C:\WINDOWS\system32\svchost.exe 448
C:\WINDOWS\system32\svchost.exe 508
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe 548
C:\WINDOWS\system32\svchost.exe 604
C:\WINDOWS\Explorer.EXE 880
C:\WINDOWS\system32\NOTEPAD.EXE 1184
D:\Telechargement\List_Kill'em.exe 1196
C:\WINDOWS\system32\conime.exe 1212
C:\WINDOWS\system32\cmd.exe 1220
C:\WINDOWS\system32\wbem\wmiprvse.exe 1304
C:\Documents and Settings\Owner\Local Settings\temp\1.tmp\pv.exe 1368

Detections :
==========


、、、、、、、、、、 Files/folders :

"C:\WINDOWS\mbr.exe"


、、、、、、、、、、 Files/folders deleted :

Quarantine :

MBR.exe.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

============
Disk Cleaned
============

、、、、、、、、、、 C:\WINDOWS\Prefetch

NTOSBOOT-B00DFAAD.pf



、、、、、、、、、、、、、、、、、、、( EOF )、、、、、、、、、、、、、、、、、、、、、
0
Réponse 10 / 11
spikeur Messages postés 54 Date d'inscription dimanche 29 novembre 2009 Statut Membre Dernière intervention 26 novembre 2019 13
5 déc. 2009 à 11:19
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-12-05 19:18:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (53%) free of 31 GB
Total RAM: 2038 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:11, on 2009/12/05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Telechargement\RSIT.exe
C:\Program Files\trend micro\HijackThis\Owner.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: NiftyBHO - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
O3 - Toolbar: フレッツ接続ツール - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\NTTE\Flets\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: フレッツ接続ツール - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\NTTE\Flets\app\tangoiebar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{398EEF73-3C7F-4A41-87C7-1BE9F6F30D1E}: NameServer = 61.207.11.153 221.113.139.137
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
0
Réponse 11 / 11
Utilisateur anonyme
5 déc. 2009 à 11:20
Télécharge USBFIX de Chiquitine29, C_xx et Chimay8

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou ici :
https://www.ionos.fr/?affiliate_id=77097

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 (Recherche)
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaîtra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.


• Tuto : http://pagesperso-orange.fr/nostools/tuto_usbfix2.html
0

Discussions similaires

qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
trojan agent
anais -
Malekal_morte- -

6 réponses
Trojan.agent.autoit
sreuter -
bazfile -

1 réponse
trojan.agent
Gil_d -
Gil_d -

37 réponses