Malware recurent smss.exe - Page 2

Précédent
  • 1
  • 2
  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    le rapport est là....C:\List'em.txt
    0
  2. moinele Messages postés 138 Statut Membre 1
     
    Il reste bloqué sur "tests rootkits..... Patience......"
    Est-ce normal?
    Cela fait plus d'1 heure!!!!!!
    0
    1. servabat Messages postés 2073 Statut Membre 269
       
      oui , c'est normal car il cherche partout dans ton pc.
      0
  3. moinele Messages postés 138 Statut Membre 1
     
    Ok Merci!
    Je patiente!!!!
    0
  4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    non c'est trop long, ce n'est pas normal

    essaies en fermant bien toutes tes application et toutes tes protections
    ou
    si ca ne fonctionne pas (c'est en minute que ca doit durer)
    essaies en mode sans echec
    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
    0
    1. servabat Messages postés 2073 Statut Membre 269
       
      oui, c'est vrai que sa fait pas mal de temp ...
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moinele Messages postés 138 Statut Membre 1
     
    List'em by g3n-h@ckm@n 1.1.2.1

    Thx to Chiquitine29.....

    User : Stéphane () # PC-DE-CHARCAST
    Update on 07/12/2009 by g3n-h@ckm@n ::::: 11:00
    Start at: 21:30:10 | 07/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18828
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 220,96 Go (48,44 Go free) | NTFS
    D:\ -> Disque fixe local | 11,93 Go (2,14 Go free) [HP_RECOVERY] | NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe 316
    C:\Windows\system32\csrss.exe 440
    C:\Windows\system32\csrss.exe 476
    C:\Windows\system32\wininit.exe 484
    C:\Windows\system32\winlogon.exe 528
    C:\Windows\system32\services.exe 556
    C:\Windows\system32\lsass.exe 572
    C:\Windows\system32\lsm.exe 580
    C:\Windows\system32\svchost.exe 724
    C:\Windows\system32\svchost.exe 780
    C:\Windows\System32\svchost.exe 816
    C:\Windows\System32\svchost.exe 868
    C:\Windows\system32\svchost.exe 924
    C:\Windows\system32\svchost.exe 992
    C:\Windows\Explorer.EXE 1172
    C:\Windows\system32\wbem\unsecapp.exe 1552
    C:\Windows\system32\wbem\wmiprvse.exe 1628
    C:\Users\Stéphane\Desktop\List_Kill'em.exe 1760
    C:\Windows\system32\cmd.exe 1784
    C:\Windows\system32\wbem\wmiprvse.exe 1936
    C:\Users\Stéphane\AppData\Local\Temp\168C.tmp\pv.exe 1996

    ======================
    Keys "Run"
    ======================

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
    SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    eMuleAutoStart REG_SZ C:\Program Files\eMule\emule.exe -AutoStart

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
    =====================
    Other Keys
    =====================

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
    ConsentPromptBehaviorAdmin REG_DWORD 0x2
    ConsentPromptBehaviorUser REG_DWORD 0x1
    EnableInstallerDetection REG_DWORD 0x1
    EnableLUA REG_DWORD 0x1
    EnableSecureUIAPaths REG_DWORD 0x1
    EnableVirtualization REG_DWORD 0x1
    PromptOnSecureDesktop REG_DWORD 0x1
    ValidateAdminCodeSignatures REG_DWORD 0x0
    dontdisplaylastusername REG_DWORD 0x0
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    scforceoption REG_DWORD 0x0
    shutdownwithoutlogon REG_DWORD 0x1
    undockwithoutlogon REG_DWORD 0x1
    FilterAdministratorToken REG_DWORD 0x0
    EnableUIADesktopToggle REG_DWORD 0x0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
    ===============

    ===============
    ===============
    BHO :
    ======
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29C88E20-4234-41B9-A9DB-982958C95FB1}]
    @="PimpFish Toolbar Opcode Handler"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    @="NCO 2.0 IE BHO"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    @="Symantec Intrusion Prevention"
    "NoExplorer"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    @="Search Helper"
    "NoExplorer"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75B1A646-CDCE-4C06-B52F-84F4463B4FC8}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    "NoExplorer"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96372AB6-15EB-4316-B497-71C741BC548C}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF3C5900-BEC0-470E-AEE8-CE277C60667C}]
    @="iGraalBHO"
    "NoExplorer"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    "NoExplorer"=dword:00000001

    ================
    Internet Explorer :
    ================

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
    Start Page REG_SZ https://www.msn.com/fr-fr/

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    Start Page REG_SZ http://www.sernam.fr/

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    Wlansvc : 0x2
    SharedAccess : 0x3
    windefend : 0x2
    wuauserv : 0x2
    =========

    =========================
    Environnement variables :
    =========================

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\St‚phane\AppData\Roaming
    choix=1
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=PC-DE-CHARCAST
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\St‚phane
    LOCALAPPDATA=C:\Users\St‚phane\AppData\Local
    LOGONSERVER=\\PC-DE-CHARCAST
    NUMBER_OF_PROCESSORS=2
    OnlineServices=Services en ligne
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\PVSW\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Borland\Common Files\BDE;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PCBRAND=Pavilion
    PLATFORM=MCD
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0d
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
    RGSC=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
    RGSCLauncher=C:\Program Files\Rockstar Games\Rockstar Games Social Club
    SAFEBOOT_OPTION=MINIMAL
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\STPHAN~1\AppData\Local\Temp
    TMP=C:\Users\STPHAN~1\AppData\Local\Temp
    USERDOMAIN=PC-de-Charcast
    USERNAME=St‚phane
    USERPART=E:
    USERPROFILE=C:\Users\St‚phane
    windir=C:\Windows

    ==========
    Programs
    ==========

    Adobe
    AGEIA Technologies
    Alwil Software
    Amara - Intro and Banner Builder
    Amara - Slide Show Builder
    AnalogX
    Apple Software Update
    AtomixMP3
    AVG
    Beneton Movie GIF
    BestPractice
    Bonjour
    Borland
    Broadcom
    Canon
    CardDetector
    CCleaner
    Circle Developement
    Codemasters
    Common Files
    Convertisseur 2006
    CSV Converter
    CyberLink
    DAEMON Tools Lite
    DebugMode
    desktop.ini
    DIFX
    DivX
    Easy GIF Animator
    Easy Gif Animator Extension
    eBay
    EBP
    eMule
    Fichiers communs
    FileZilla FTP Client
    GIF Movie Gear
    Google
    Grammatica
    GVAO Install
    Hewlett-Packard
    Hp
    HP Games
    HPQ
    iGraal
    IKEA HomePlanner
    InstallShield Installation Information
    Intel
    Internet Explorer
    iPod
    iTunes
    IVT Corporation
    Java
    jv16 PowerTools
    K-Lite Codec Pack
    KeenfinderSrch
    Lavalys
    ma-config.com
    Messenger Plus! Live
    Micro Application
    Microsoft
    Microsoft Games
    Microsoft Games for Windows - LIVE
    Microsoft Office
    Microsoft Office Outlook Connector
    Microsoft Picture It! 7
    Microsoft Silverlight
    Microsoft SQL Server Compact Edition
    Microsoft Sync Framework
    Microsoft Visual Studio
    Microsoft Visual Studio 8
    Microsoft Visual Studio 8(450)
    Microsoft Windows 7 Upgrade Advisor
    Microsoft Works
    Microsoft Works Suite 2003
    Microsoft.NET
    Middleware
    Motorola
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSXML 4.0
    Nego
    Nero
    Nokia
    Nokia2
    OpenOffice.org 2.4
    Orange
    Ord-ixSofts
    OVH
    PC Connectivity Solution
    Picture Resize
    PimpFish
    Pure Motion
    QuickTime
    Realtek
    Reference Assemblies
    Resize Pictures Plus
    Rippackv3
    RocketDock
    Rockstar Games
    Safari
    Services en ligne
    ShopFactory V6
    Skype
    Sonic Foundry
    Spybot - Search & Destroy
    SWF to GIF
    SWF-AVI-GIF Converter
    Synaptics
    Trackstick Manager
    Ultralingua
    Uninstall Information
    Urban Research
    Utilitaire de configuration iPhone
    Viewpoint
    VirtualDJ
    VSO
    Web Publish
    WebSite Complete eCommerce Edition
    Windows Calendar
    Windows Collaboration
    Windows Defender
    Windows Journal
    Windows Live
    Windows Live SkyDrive
    Windows Mail
    Windows Media Player
    Windows NT
    Windows Photo Gallery
    Windows Portable Devices
    Windows Sidebar
    WindSolutions
    wings3d_1.0.1
    WinRAR
    WinTV
    Zylom Games

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Program Files\Circle Developement
    C:\Windows\system32\MSINET.oca
    C:\Windows\System32\SET6669.tmp
    C:\Windows\System32\SET6718.tmp
    C:\Users\St‚phane\LOCAL Settings\Temp\hijackthis-2.0.2.75917.exe
    C:\Users\St‚phane\LOCAL Settings\Temp\_isBC91.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    =========
    Rootkits
    =========

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-07 21:31:16
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9411ec71]
    "001ccc570099"=hex:97,da,bf,cf,7c,1d,a5,66,59,75,8d,03,21,91,d6,d4
    "0012d20c1a10"=hex:49,50,4f,44,64,b7,d3,01,17,a6,bf,85,7e,ba,46,48
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:e2,a4,15,ba,7b,bb,85,df,eb,14,7b,71,ed,1f,bf,c5,1a,e6,f1,7e,64,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,98,c6,69,b3,d8,1c,8e,df,18,57,15,7a,1c,51,40,04,be,..
    "khjeh"=hex:83,cf,d2,2a,c5,4e,89,9f,ba,73,ea,97,0c,4d,a5,e2,80,87,bf,44,66,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:d1,2d,38,b3,b3,00,53,5e,73,e6,2a,7e,18,a1,8a,55,60,69,a6,66,3e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:6b,db,00,5e,1f,f4,5f,4f,4d,7a,3a,6b,3f,3f,a3,dd,aa,3f,a7,20,97,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9411ec71]
    "001ccc570099"=hex:97,da,bf,cf,7c,1d,a5,66,59,75,8d,03,21,91,d6,d4
    "0012d20c1a10"=hex:49,50,4f,44,64,b7,d3,01,17,a6,bf,85,7e,ba,46,48
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:e2,a4,15,ba,7b,bb,85,df,eb,14,7b,71,ed,1f,bf,c5,1a,e6,f1,7e,64,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,98,c6,69,b3,d8,1c,8e,df,18,57,15,7a,1c,51,40,04,be,..
    "khjeh"=hex:83,cf,d2,2a,c5,4e,89,9f,ba,73,ea,97,0c,4d,a5,e2,80,87,bf,44,66,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:d1,2d,38,b3,b3,00,53,5e,73,e6,2a,7e,18,a1,8a,55,60,69,a6,66,3e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:6b,db,00,5e,1f,f4,5f,4f,4d,7a,3a,6b,3f,3f,a3,dd,aa,3f,a7,20,97,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

    ACROBAT.EXE-5A46C4AA.pf
    ACROBATINFO.EXE-C3F21C5E.pf
    ACRODIST.EXE-45C38D83.pf
    ACROTRAY.EXE-77AD6B7F.pf
    ADOBEUPDATER.EXE-D873744E.pf
    AgAppLaunch.db
    AgCx_S1_S-1-5-21-595985425-2813812186-2760822788-1000.snp.db
    AgCx_SC1.db
    AgCx_SC1.db.trx
    AgCx_SC2.db
    AgGlFaultHistory.db
    AgGlFgAppHistory.db
    AgGlGlobalHistory.db
    AgGlUAD_P_S-1-5-21-595985425-2813812186-2760822788-1000.db
    AgGlUAD_S-1-5-21-595985425-2813812186-2760822788-1000.db
    AgRobust.db
    ASHLOGV.EXE-08D1C944.pf
    ASHMAISV.EXE-6E148274.pf
    ASHWEBSV.EXE-ABC7BAA7.pf
    ATBROKER.EXE-FF58B71D.pf
    AVAST.SETUP-84A5483F.pf
    CABARC.EXE-CB8F9AC3.pf
    CCLEANER.EXE-CC440CDB.pf
    CMD.EXE-89305D47.pf
    CONIME.EXE-B273009A.pf
    CONSENT.EXE-65F6206D.pf
    CONTROL.EXE-9459D5A0.pf
    CSC.EXE-4EF173D0.pf
    CSCRIPT.EXE-E4C98DEB.pf
    CVTRES.EXE-419E4E46.pf
    DAEMON.EXE-5346BAA4.pf
    DLLHOST.EXE-6202E8F2.pf
    DLLHOST.EXE-71214090.pf
    DLLHOST.EXE-893DDF55.pf
    DLLHOST.EXE-C5C55E89.pf
    EBP.WEBCLIENT.EXE-EEE74F9B.pf
    EMULE.EXE-E9D12381.pf
    EXCEL.EXE-63933DC7.pf
    EXPINET.EXE-F5F86120.pf
    EXPLORER.EXE-7A3328DA.pf
    FILEZILLA.EXE-4D5E768E.pf
    FIREFOX.EXE-E60C0AA7.pf
    FIREWALLCONTROLPANEL.EXE-7F212016.pf
    FIREWALLSETTINGS.EXE-59D9DF16.pf
    FLASHUTIL9D.EXE-6EC7BCAE.pf
    FNPLICENSINGSERVICE.EXE-8B3343A3.pf
    FORMDESIGNER.EXE-7FD8CDD6.pf
    GESTION.EXE-979D35E6.pf
    GIFAN.EXE-F07BB2B1.pf
    HCCOMMANDER.EXE-35D58C93.pf
    HPASSET.EXE-71B58925.pf
    HPDOBJECT.EXE-4E420546.pf
    HPDOWNLOAD.EXE-16630A8F.pf
    HPHC.EXE-4C6EDC30.pf
    HPHC_SCHEDULER.EXE-B0CCDC1E.pf
    HPHC_SERVICE.EXE-B8B935C8.pf
    HPQUSGL.EXE-40BE529C.pf
    HPSCRIPT.EXE-A7AAF454.pf
    IELOWUTIL.EXE-79D45B69.pf
    IEXPLORE.EXE-1B894AFB.pf
    IGRAALHELPER.EXE-6BAA0719.pf
    ILLUSTRATOR.EXE-14B23323.pf
    IPODSERVICE.EXE-FE1A6FF7.pf
    LANCEMEDIADICO38.EXE-A9BD4053.pf
    Layout.ini
    LOGONUI.EXE-1BEE4A84.pf
    MEDIADICO38.EXE-B4A3808C.pf
    MOBSYNC.EXE-D8BC6ED2.pf
    MPAS-D_BD1.EXE-B82677C3.pf
    MPMINISIGSTUB.EXE-274F1742.pf
    MPMINISIGSTUB.EXE-5D6500E6.pf
    MPSIGSTUB.EXE-7C60A359.pf
    MSCONFIG.EXE-0B9585D9.pf
    MSFEEDSSYNC.EXE-1F01ED17.pf
    MSIEXEC.EXE-B5AFA339.pf
    MSINFO32.EXE-664C8DF0.pf
    MSNMSGR.EXE-DD43BBF4.pf
    MSXML4-KB973688-ENU.EXE-B84A3F74.pf
    NOTEPAD.EXE-EB1B961A.pf
    NTOSBOOT-B00DFAAD.pf
    OFFICELIVESIGNIN.EXE-3E8ACCCB.pf
    PfSvPerfStats.bin
    PHOTOSNAPVIEWER.EXE-194B42AF.pf
    PIP.EXE-B1197271.pf
    POQEXEC.EXE-CFF63269.pf
    POWERPNT.EXE-C4965CED.pf
    QPSCHED.EXE-67E360C3.pf
    RAC38.EXE-18B1C7EF.pf
    ReadyBoot
    RESETFILETIME.EXE-14D83F34.pf
    RSTRUI.EXE-4841C8C8.pf
    RUNDLL32.EXE-16B1DF16.pf
    RUNDLL32.EXE-25399471.pf
    RUNDLL32.EXE-34B17D05.pf
    RUNDLL32.EXE-7768279B.pf
    RUNDLL32.EXE-7BEFE786.pf
    RUNDLL32.EXE-905D47B9.pf
    RUNDLL32.EXE-908418F6.pf
    RUNDLL32.EXE-CE557EE2.pf
    RUNDLL32.EXE-E447C111.pf
    SCHTASKS.EXE-2DE769BF.pf
    SEARCHFILTERHOST.EXE-AA7A1FDD.pf
    SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
    SETUP_WM.EXE-4A6000A5.pf
    SKYPE.EXE-40964AC7.pf
    SKYPEPM.EXE-2C1AF4F8.pf
    SMSS.EXE-030147DE.pf
    SMSS.EXE-360CE431.pf
    SMSS.EXE-3ECD05CE.pf
    SMSS.EXE-4CC63531.pf
    SMSS.EXE-71D8A221.pf
    SMSS.EXE-F508187B.pf
    SNDVOL.EXE-783DCB11.pf
    SPYBOTSD.EXE-8CD4E785.pf
    SVCHOST.EXE-8FD92526.pf
    SVCHOST.EXE-F03E4D6B.pf
    SYNTPHELPER.EXE-4B6F43CF.pf
    TASKENG.EXE-5BAF290C.pf
    TASKKILL.EXE-609E34DE.pf
    TRUSTEDINSTALLER.EXE-031B6478.pf
    TZUPD.EXE-8566459B.pf
    UNSECAPP.EXE-CD982D99.pf
    UNZIP.EXE-38755058.pf
    VERCLSID.EXE-4D95F5A7.pf
    VSSVC.EXE-04D079CC.pf
    W3LGO103.EXE-F0AEA47F.pf
    WERFAULT.EXE-B7E27BE5.pf
    WERMGR.EXE-2A1BCBC7.pf
    WINWORD.EXE-6AC9169C.pf
    WLCOMM.EXE-648065CA.pf
    WLMAIL.EXE-718CF2A1.pf
    WLTUSER.EXE-A6CDB501.pf
    WLXQUICKTIMECONTROLHOST.EXE-43313B7C.pf
    WMIADAP.EXE-369DF1CD.pf
    WMIPRVSE.EXE-43972D0F.pf
    WMPLAYER.EXE-9DE758AE.pf
    WMPNETWK.EXE-BD0344CA.pf
    WMPNSCFG.EXE-DF1DD51A.pf
    WMPSHARE.EXE-73C9F24C.pf
    WSCRIPT.EXE-65A9658F.pf
    WSQMCONS.EXE-E2CE6542.pf
    WUAUCLT.EXE-830BCC14.pf
    WUDFHOST.EXE-81420B07.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  7. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    1) Suppression :

    REDEMARRE EN MODE SANS ECHEC ,

    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

    puis :

    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil

    ▶ colle le contenu de C:\Kill'em.txt dans ta réponse après avoir redémarré en mode normal

    ...............................................

    2) • Télécharge Random's System Information Tool (RSIT) de Random/Random.

    http://images.malwareremoval.com/random/RSIT.exe

    • Enregistre le sur ton Bureau.

    • Double clique sur RSIT.exe pour lancer l'outil.

    • Clique sur "Continue" à l'écran Disclaimer.

    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

    et tu devras accepter la licence.

    • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

    Les rapports se trouvent à cet endroit:
    C:\rsit\info.txt
    C:\rsit\log.txt

    0
  8. moinele Messages postés 138 Statut Membre 1
     
    Kill'em by g3n-h@ckm@n 1.1.2.1

    User : Stéphane () # PC-DE-CHARCAST
    Update on 07/12/2009 by g3n-h@ckm@n ::::: 11:00
    Start at: 10:50:46 | 08/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18828
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 220,96 Go (48,28 Go free) | NTFS
    D:\ -> Disque fixe local | 11,93 Go (2,14 Go free) [HP_RECOVERY] | NTFS
    E:\ -> Disque fixe local | 200 Mo (168,03 Mo free) | NTFS
    F:\ -> Disque fixe local | 111,59 Go (103,39 Go free) [Emeraude-Corp] | NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe 316
    C:\Windows\system32\csrss.exe 380
    C:\Windows\system32\csrss.exe 416
    C:\Windows\system32\wininit.exe 424
    C:\Windows\system32\winlogon.exe 468
    C:\Windows\system32\services.exe 496
    C:\Windows\system32\lsass.exe 512
    C:\Windows\system32\lsm.exe 520
    C:\Windows\system32\svchost.exe 660
    C:\Windows\system32\svchost.exe 716
    C:\Windows\System32\svchost.exe 752
    C:\Windows\System32\svchost.exe 804
    C:\Windows\system32\svchost.exe 828
    C:\Windows\system32\svchost.exe 900
    C:\Windows\Explorer.EXE 1108
    C:\Windows\system32\wbem\unsecapp.exe 1504
    C:\Windows\system32\wbem\wmiprvse.exe 1584
    C:\Users\Stéphane\Desktop\List_Kill'em.exe 1828
    C:\Windows\system32\cmd.exe 1852
    C:\Windows\system32\wbem\wmiprvse.exe 2020
    C:\Users\Stéphane\AppData\Local\Temp\AA23.tmp\pv.exe 348

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    "C:\Program Files\Circle Developement"
    "C:\Windows\system32\MSINET.oca"
    C:\Windows\System32\SET6669.tmp
    C:\Windows\System32\SET6718.tmp
    C:\Users\St‚phane\LOCAL Settings\Temp\hijackthis-2.0.2.75917.exe
    C:\Users\St‚phane\LOCAL Settings\Temp\_isBC91.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    Circle Developement.Kill'em
    hijackthis-2.0.2.75917.exe.Kill'em
    msinet.oca.Kill'em
    SET6669.tmp.Kill'em
    SET6718.tmp.Kill'em
    _isBC91.exe.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========

    ============
    Disk Cleaned
    ============

    ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch

    AgAppLaunch.db
    AgCx_S1_S-1-5-21-595985425-2813812186-2760822788-1000.snp.db
    AgCx_SC1.db
    AgCx_SC1.db.trx
    AgCx_SC2.db
    AgGlFaultHistory.db
    AgGlFgAppHistory.db
    AgGlGlobalHistory.db
    AgGlUAD_P_S-1-5-21-595985425-2813812186-2760822788-1000.db
    AgGlUAD_S-1-5-21-595985425-2813812186-2760822788-1000.db
    AgRobust.db
    Layout.ini
    NTOSBOOT-B00DFAAD.pf
    PfSvPerfStats.bin
    ReadyBoot

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  9. moinele Messages postés 138 Statut Membre 1
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Stéphane at 2009-12-08 11:10:33
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 49 GB (22%) free of 226 GB
    Total RAM: 3070 MB (50% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:34, on 08/12/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Users\STPHAN~1\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Stéphane\Desktop\RSIT.exe
    C:\Program Files\trend micro\Stéphane.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sernam.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: load=C:\Users\STPHAN~1\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: iGraalBHO - {CF3C5900-BEC0-470E-AEE8-CE277C60667C} - C:\Program Files\iGraal\BHO.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: iGraal Toolbar - {D01B1F7D-9D7F-46C3-8DB9-5A55819E2A7F} - C:\Program Files\iGraal\Toolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Windows Live Mail (2).lnk = C:\Program Files\Windows Live\Mail\wlmail.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
    O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
    O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
    O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
    O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: iGraal - {32893F3D-2B10-4B09-BA6A-8F20E7D33925} - C:\Program Files\iGraal\Button.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: saturne.sernam.fr
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KeenfinderSrch Service - Unknown owner - C:\ProgramData\KeenfinderSrch\keenfinder136.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  10. moinele Messages postés 138 Statut Membre 1
     
    Impossible de poster "info.txt"
    0
  11. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    infection par support USB

    Téléchargez USBFIX de Chiquitine29, C_xx

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    ou
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Utilisateur de vista et windows 7 :
    ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur le bureau .

    • Choisir l'option 1 (Recherche)
    (d’autres options disponibles, voir le tutoriel).
    • Laissez travailler l'outil.

    • Ensuite postez le rapport UsbFix.txt qui apparaîtra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    0
Précédent
  • 1
  • 2