Trojan.clicker.VB.EG et autres Résolu

Question

Bonjour
Suite à un fichier impossible à enlever de mon bureau, bitdefender m'alerte d'un trojan.clicker.VB.EG présent. Je vais sur adaware qui après plusieures tentatives se bloque aux alentours du 86000 ème fichier. Spybot ras de spécial à signaler mais je fais un scan antivirus (je ne l'avais pas fait depuis un moment) avec bitdef et là plusieurs virus apparaissent voilà le rapport :

//-----------------------------------------------------------------
//
// Product: BitDefender 9 Internet Security
// Version: 9.0
//
// Créé le: 15/06/2006 20:41:15
//
//-----------------------------------------------------------------

Statistiques

Dossiers : 9870
Fichiers : 1017908
Archives : 88315
Fichiers empaquetés : 84587
Virus trouvés : 15
Fichiers infectés : 40
Alertes : 0
Fichiers suspects : 0
Fichiers désinfectés : 23
Fichiers effacés : 0
Fichiers copiés : 0
Fichiers déplacés : 0
Fichiers renommés : 0
Erreurs I/O : 36
Temps d'analyse := 06:28:43
Fichiers/seconde :43

Définitions virus : 414142
Plugins d'analyse : 15
Plugins archives : 42
Plug-ins décompression : 5
Plug-ins messagerie : 6
Plug-ins système : 5

Sommaire :

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0575378B.exe=>(Quarantine-2)
Détecté: Adware.Casino.L
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\059A1D19.wmf=>(Quarantine-2)
Infecté avec: Exploit.Win32.WMF-PFV
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\059A1D19.wmf=>(Quarantine-2)
Désinfection impossible
C:\Documents and Settings\Mikel\Bureau\Nouveau dossier (2)\installer.exe Infecté avec: Trojan.Clicker.VB.EG
C:\Documents and Settings\Mikel\Bureau\Nouveau dossier (2)\installer.exe Désinfection impossible
C:\Program Files\Astro\installer.exe Infecté avec: Trojan.Clicker.VB.EG
C:\Program Files\Astro\installer.exe Désinfection impossible
C:\WINDOWS\system32\cdhkkqao.kzx Infecté avec: Trojan.Clicker.Small.JS
C:\WINDOWS\system32\cdhkkqao.kzx Désinfection impossible
C:\WINDOWS\system32\epysaiah.exe Infecté avec: Trojan.Tibs.E
C:\WINDOWS\system32\epysaiah.exe Désinfection impossible
C:\WINDOWS\system32\fekkactb.exe Infecté avec: Trojan.Tibs.E
C:\WINDOWS\system32\fekkactb.exe Désinfection impossible
C:\WINDOWS\system32\ikmsyemf.exe Infecté avec: Trojan.Downloader.VB.OY
C:\WINDOWS\system32\ikmsyemf.exe Désinfection impossible
C:\WINDOWS\system32\kuqvtdeu.exe Infecté avec: Trojan.Tibs.E
C:\WINDOWS\system32\kuqvtdeu.exe Désinfection impossible
C:\WINDOWS\system32\phqghume.exe Infecté avec: Trojan.Downloader.Tibs.FA
C:\WINDOWS\system32\phqghume.exe Désinfection impossible
C:\WINDOWS\system32\xegioozj.exe Infecté avec: Trojan.Tibs.E
C:\WINDOWS\system32\xegioozj.exe Désinfection impossible
C:\WINDOWS\system32\yookyzdv.exe Infecté avec: Trojan.Downloader.VB.AAN
C:\WINDOWS\system32\yookyzdv.exe Désinfection impossible
C:\WINDOWS\system32\zhopaizdupla.exe Infecté avec: Trojan.Downloader.Agent.QR
C:\WINDOWS\system32\zhopaizdupla.exe Désinfection impossible
D:\Clef\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar=>Sudoku Quest 1.1 Crack.exe Infecté avec: Trojan.Downloader.FLQ
D:\Clef\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar=>Sudoku Quest 1.1 Crack.exe Désinfection impossible
D:\Clef\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar=>Sudoku Quest 1.1 Crack.exe Déplacement impossible
F:\LOGICIELS\A graver\WindowsSP2 4.6\$OEM$\$$\system32\cmdow.exe Détecté: Spyware.Hidewindows.I
F:\LOGICIELS\Disque dur\Ulead.DVD.MovieFactory.4.0_KEYGEN.rar=>Ulead.DVD.MovieFactory.4.0_KEYGEN.exe Infecté avec:
MemScan:Trojan.Spy.KeyLogger.DF
F:\LOGICIELS\Disque dur\Ulead.DVD.MovieFactory.4.0_KEYGEN.rar=>Ulead.DVD.MovieFactory.4.0_KEYGEN.exe Désinfection
impossible
F:\LOGICIELS\Disque dur\Ulead.DVD.MovieFactory.4.0_KEYGEN.rar=>Ulead.DVD.MovieFactory.4.0_KEYGEN.exe Déplacement
impossible
F:\LOGICIELS\DIVERS\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar=>Sudoku Quest 1.1 Crack.exe Infecté avec:
Trojan.Downloader.FLQ
F:\LOGICIELS\DIVERS\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar=>Sudoku Quest 1.1 Crack.exe Désinfection
impossible
F:\LOGICIELS\DIVERS\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar=>Sudoku Quest 1.1 Crack.exe Déplacement
impossible

Je veux bien un coup de main
Merci
@+kel

Afficher la suite

^^Marie^^ · Answer

Salut,Eventuellement commencer par la case départ :Il est important d’effectuer la manip dans sa totalité.Télécharge et colle les 2 rapports :  (tuto à lire)A - ad-aware version 1.06 (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite voir demo http://pageperso.aol.fr/balltrap34/adwseflash.zipB - spybot version 1.4 (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite voir demo d utilisation http://pageperso.aol.fr/Balltrap34/demo%20spybot.htmC -  Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..) Télécharge ici : https://www.ccleaner.com/ccleaner/download Tutorial ici: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php D - Ewido (download)- gratuit même après 14 jours d’essai http://perso.wanadoo.fr/entraide-hijackthis/Ewido/ Copie/COLLE le rapport généré sur ce forum Pour certaines versions de Windows antérieures à XP, Ewido peut ne pas être compatible Dans ce cas, il te faudra utiliser a-squared free et demander une clef pour son usage gratuit https://www.emsisoft.com/fr/ F -  Hijackthis - Outil de diagnostic et réparation lire démo http://pageperso.aol.fr/balltrap34/Hijenr.gif http://pageperso.aol.fr/balltrap34/demohijack.htm Télécharge version française ici http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html Copie/colle le rapport Bon courageA++

artkel · Answer

Merci pour ta réponse rapide !ok pour A, B, C + regsupremeje suis en train de scanner avec ewido qui me parait bien et pourrait compléter adaware, je prépare les 2 rapports@+kel

artkel · Answer

Bon alors voilà ; evido m'a supprimé quelques trucs mais tjs le soucis du fichier que je peux pas supprimé du bureau et qui lorsque je clic droit dessus, bitdef me signale toujours le trojan .clicker.VB.Eg1er rapport de  scan d'evido--------------------------------------------------------- ewido anti-malware - Rapport de scan--------------------------------------------------------- + Créé le:		15:12:01, 16/06/2006 + Somme de contrôle:	883BC53D + Résultats du scan:	C:\Documents and Settings\Mikel\Cookies\mikel@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder	C:\Documents and Settings\Mikel\Cookies\mikel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder	C:\Documents and Settings\Mikel\Cookies\mikel@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder	C:\Documents and Settings\Mikel\Cookies\mikel@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder	C:\Documents and Settings\Mikel\Cookies\mikel@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder	C:\Documents and Settings\Mikel\Cookies\mikel@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder	D:\Clef\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar/Sudoku Quest 1.1 Crack.exe -> Hijacker.Delf.eg : Nettoyer et sauvegarder	D:\Diaporamas Pour Münsingen\LeDiaporama - tutos du Diaporama.fr\EffetFlash.zip/Demo.exe -> Trojan.Small : Nettoyer et sauvegarder	D:\Diaporamas Pour Münsingen\New Diaporamas\Herisson.zip/H‚risson.exe -> Trojan.Small : Nettoyer et sauvegarder	F:\LOGICIELS\Disque dur\Ulead.DVD.MovieFactory.4.0_KEYGEN.rar/Ulead.DVD.MovieFactory.4.0_KEYGEN.exe -> Dropper.Small.aez : Erreur durant le nettoyage	F:\LOGICIELS\DIVERS\Sudoku quest\Sudoku Quest 1.1 Crack & serials.rar/Sudoku Quest 1.1 Crack.exe -> Hijacker.Delf.eg : Nettoyer et sauvegarder::Fin du rapport2ème rapport de HijackLogfile of HijackThis v1.99.1Scan saved at 15:14:33, on 16/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\DAP\DAP.EXEC:\Program Files\ScanSoft\PaperPort\PPWebCap.exeC:\Program Files\SuperCopier\SuperCopier.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeC:\Program Files\TechSmith\SnagIt 7\TSCHelp.exeC:\Program Files\ATnotes\ATnotes.exeC:\Program Files\TrayDay\TrayDay.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Softwin\BitDefender9\bdnagent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Softwin\BitDefender9\vsserv.exec:\program files\softwin\bitdefender9\bdmcon.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=artkel&e=comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\FCBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUPO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exeO4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exeO4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exeO4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htmO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXEO9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\FCIEXT.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/hardwaredetection.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FEE8820A-9AC6-441A-A213-B2387CCDC289}: NameServer = 217.27.32.5,213.228.0.168O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)adaware toujours se bloque vers 86000 fichierspas drôle ! malgré le soleil....bon ben ouala @ +kel

artkel · Answer

Ben on m'a laissé tombé !?je maitrise pas bien hijack, ma solution est peut-être là ?

artkel · Answer

BonjourQuelqu'un peut il m'aider , Régis59 qui m'a déjà aidé par exemple ?Merci

incognito02 · Answer

Oui bien sur.Atend je regarde ton probleme. C'est moi regis59; j ai emprunté le pseudo pendant que Mr incognito est en vacances lol

incognito02 · Answer

Re,1-Quel est ce fichier sur ton bureau?2-Télécharge ceci: (merci a S!RI pour ce programme).http://siri.urz.free.fr/Fix/SmitfraudFix.zipExécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapportCopie/colle le sur le poste stp.3-Et remet un hijack this stpa+ ;-)

artkel · Answer

Merci RegisLe fichier que j'arrive pas à effacer est un fichier  installer.exe je ne sais plus d'où ?Voilà le rapport de smifraudSmitFraudFix v2.62Rapport fait à 22:57:37,68, 18/06/2006Executé à partir de C:\Documents and Settings\Mikel\Bureau\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600] - Windows_NTFix executé en mode normal»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikel\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mikel\Favoris»»»»»»»»»»»»»»»»»»»»»»»» Bureau»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Finpuis celui de Hyjack :Logfile of HijackThis v1.99.1Scan saved at 23:01:45, on 18/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\DAP\DAP.EXEC:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exeC:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exeC:\Program Files\ScanSoft\PaperPort\PPWebCap.exeC:\Program Files\SuperCopier\SuperCopier.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeC:\Program Files\ATnotes\ATnotes.exeC:\Program Files\TrayDay\TrayDay.exeC:\Program Files\TechSmith\SnagIt 7\TSCHelp.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Softwin\BitDefender9\vsserv.exec:\progra~1\softwin\bitdef~1\bdmcon.exeC:\Program Files\Azureus\Azureus.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=artkel&e=comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\FCBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUPO4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exeO4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exeO4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exeO4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exeO4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htmO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXEO9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\FCIEXT.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/hardwaredetection.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FEE8820A-9AC6-441A-A213-B2387CCDC289}: NameServer = 217.27.32.5,213.228.0.168O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)merciBye @+Kel

incognito02 · Answer

Re:¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :R3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no fileO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Apres avoir fixé cela, redemarre ton pc et dis moi quels soucis il reste stpa+

artkel · Answer

J'ai fait ce que tu m'as dis , je te joins un nouveau rapport. Je ne peux toujours pas sur un clic droit retirer ce fichier sur mon bureau et qui génère tjs le message de bitdef avec le trojan.clicker.VB.EGLogfile of HijackThis v1.99.1Scan saved at 16:44:54, on 19/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\DAP\DAP.EXEC:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\Program Files\ScanSoft\PaperPort\PPWebCap.exeC:\Program Files\SuperCopier\SuperCopier.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeC:\Program Files\ATnotes\ATnotes.exeC:\Program Files\TrayDay\TrayDay.exeC:\Program Files\TechSmith\SnagIt 7\TSCHelp.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=artkel&e=comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\FCBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUPO4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exeO4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exeO4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exeO4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exeO4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htmO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXEO9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\FCIEXT.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/hardwaredetection.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FEE8820A-9AC6-441A-A213-B2387CCDC289}: NameServer = 217.27.32.5,213.228.0.168O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)@+kel

incognito02 · Answer

Re;Telecharge cecihttps://www.silentrunners.org/Silent%20Runners.vbs Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donneraA+

artkel · Answer

Voilà merci de to aideje voudrais pas avoir à formater, bien sûr ..."Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"PPWebCap" = "C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe" ["ScanSoft, Inc."]"SuperCopier.exe" = "C:\Program Files\SuperCopier\SuperCopier.exe" ["SFX TEAM"]"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"DownloadAccelerator" = "C:\PROGRA~1\DAP\DAP.EXE /STARTUP" ["Speedbit Ltd."]"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]"BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"]"BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data]HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\(Default) = (no title provided)                                       \StubPath   = "C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)  -> {HKLM...CLSID} = "HelperObject Class"                   \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}\(Default) = (no title provided)  -> {HKLM...CLSID} = "FlpLauncher Class"                   \InProcServer32\(Default) = "C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll" [empty string]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]{8B3868B4-EBA8-48FA-A19B-E1DFB99066FA}\(Default) = "FCBHOBHO Class"  -> {HKLM...CLSID} = "BHO Class"                   \InProcServer32\(Default) = "C:\Program Files\FlashCapture\FCBHO.dll" ["Dreamingsoft, Inc."]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

incognito02 · Answer

SalutOn va tout faire pour ne pas que tu formates mais ca demande un peu de patience, ok?Le scan n est pas complet atend quelques minutes avant de relever le rapporta+

artkel · Answer

excuse, j'ai été trop rapide ! ouala "Silent Runners.vbs", revision 46, https://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "PPWebCap" = "C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe" ["ScanSoft, Inc."] "SuperCopier.exe" = "C:\Program Files\SuperCopier\SuperCopier.exe" ["SFX TEAM"] "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "DownloadAccelerator" = "C:\PROGRA~1\DAP\DAP.EXE /STARTUP" ["Speedbit Ltd."] "BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"] "BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ {89B4C1CD-B018-4511-B0A1-5476DBF70820}\(Default) = (no title provided) \StubPath = "C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided) -> {HKLM...CLSID} = "HelperObject Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlpLauncher Class" \InProcServer32\(Default) = "C:\Program Files\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll" [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA}\(Default) = "FCBHOBHO Class" -> {HKLM...CLSID} = "BHO Class" \InProcServer32\(Default) = "C:\Program Files\FlashCapture\FCBHO.dll" ["Dreamingsoft, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Page de propriétés sans fil" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés de la roulette" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés des activités" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés des boutons" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS] "{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page" -> {HKLM...CLSID} = "ITPropertyPage Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS] "{D120D80B-BD26-4A74-8E43-2C2AF0966139}" = "QuickPar ContextMenu extension" -> {HKLM...CLSID} = "QuickParContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\QuickPar\QuickParShlExt.dll" ["Peter B Clements"] "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt" -> {HKLM...CLSID} = "SnagIt" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"] "{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension" -> {HKLM...CLSID} = "SnagItShellExt Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{2F25CF20-C569-11D1-B94C-00608CB45480}" = "TextPad" -> {HKLM...CLSID} = "TextPad" \InProcServer32\(Default) = "C:\Program Files\TextPad 4\System\shellext.dll" ["Helios Software Solutions"] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension" -> {HKLM...CLSID} = "a² Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}" -> {HKLM...CLSID} = "MyPicturesContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\MyPictures3D\Bin\MyPicContext.dll" ["TODO: "] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] Quick Par\(Default) = "{D120D80B-BD26-4A74-8E43-2C2AF0966139}" -> {HKLM...CLSID} = "QuickParContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\QuickPar\QuickParShlExt.dll" ["Peter B Clements"] SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}" -> {HKLM...CLSID} = "SnagItShellExt Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"] TextPad\(Default) = "{2F25CF20-C569-11D1-B94C-00608CB45480}" -> {HKLM...CLSID} = "TextPad" \InProcServer32\(Default) = "C:\Program Files\TextPad 4\System\shellext.dll" ["Helios Software Solutions"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Zeon.ShellExt\(Default) = "{B8E8494C-9300-48AC-BD8E-EDED185E5A04}" -> {HKLM...CLSID} = "ZnShlExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\ScanSoft\PAPERP~1\PDFC!\PDF Create! 2\Plugin\ZnShellExt.dll" ["ScanSoft, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}" -> {HKLM...CLSID} = "MyPicturesContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\MyPictures3D\Bin\MyPicContext.dll" ["TODO: "] SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}" -> {HKLM...CLSID} = "SnagItShellExt Class" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a² Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data] FlipAlbum\(Default) = "{89947519-E64E-4EBE-9FCD-AD84E717809B}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\E-BOOK~1\FLIPAL~1\FlpShell.dll" ["E-Book Systems"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Mes Documents\Mes images\Gifs\fond1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Mikel" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Mikel\Menu Démarrer\Programmes\Démarrage "Adobe Gamma" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "ATnotes" -> shortcut to: "C:\Program Files\ATnotes\ATnotes.exe" ["Thomas Ascher"] "TrayDay" -> shortcut to: "C:\Program Files\TrayDay\TrayDay.exe" ["MJMSoft Design Limited"] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "EPSON Status Monitor 3 Environment Check 2" -> shortcut to: "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE" ["SEIKO EPSON CORPORATION"] "Lancement rapide d'Adobe Acrobat" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data] "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "SnagIt 7" -> shortcut to: "C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe" ["TechSmith Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided) -> {HKLM...CLSID} = "SnagIt" \InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."] {669695BC-A811-4A9D-8CDF-BA8C795F261C}\ "ButtonText" = "Run DAP" "Exec" = "C:\PROGRA~1\DAP\DAP.EXE" ["Speedbit Ltd."] {753BBC4B-CC73-4FB8-A5B5-CA09C804C1DD}\ "ButtonText" = "FlashCapture" "Script" = "res://C:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm" ["Dreamingsoft, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherche" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f" Missing lines (compared with English-language version): [Strings]: 1 line HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] BitDefender Communicator, XCOMM, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."] C-DillaSrv, C-DillaSrv, "C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"] EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"] InCD Helper, InCDsrv, "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"] Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"] hpzlnt09\Driver = "hpzlnt09.dll" ["HP"] Ice Monitor C\Driver = "BiCMonNT.dll" ["Black Ice Software"] Ice Monitor M\Driver = "BiMMonNT.dll" ["Black Ice Software"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 164 seconds, including 14 seconds for message boxes)

incognito02 · Answer

Re,Supprimes tes fichiers temporaires avec ceci:Clean Up 40:http://pageperso.aol.fr/balltrap34/CleanUp40.exe -aide en image:(merci à Balltrap34). http://pageperso.aol.fr/balltrap34/democleanup.htmRedemarre et redis moia+

artkel · Answer

Voilà aillé ! Clean40 + CCleanerpas mieux+ad aware qui bloque dès l'apparition de mon trojanet bitdef antivirus qui n'arrive pas à supprimer les trojan bien qu'il me dise ne pas infecté ma bécane@+ kel

incognito02 · Answer

Re,je n ai pas comprisBitdefender il dit quoi?Ad aware?clean up et ccleaner? OUI?Desole, je fatigue....lol

artkel · Answer

Regisexcuse pour le  manque de clareté :1 suivant tes conseils j'ai passé Clean up 40 et redémarré mais pas mieux2 j'ai aussi passé CCleaner et redémarré pas mieux3 quant à Ad aware , quand je le passe, il se bloque apparament losqu'il trouve le Trojan.clicker.VB.EG  ;  au cours du scan d'ad aware apparaît la menace du bitdef me signalant le trajan.Clicker.VB.EGCette menace de Bitdef aparait aussi quand j'essai de supprimer ce fichier " install.exe " de mon bureau.salutKel

incognito02 · Answer

okLorsque bitdefender te le signale lors du scan d ad aware, quel chemin t indiques t il?a+

artkel · Answer

regisBon j'ai un peu évolué ; en mode sans echec j'ai réussi à enlever ce fichier "install.exe" j'ai fait un smitfraudfix en même temps en mode sans échec.Là je viens de faire un scan entivirus avec bit def qui me donne ce rapportC:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0575378B.exe=>(Quarantine-2)	Détecté: Adware.Casino.LC:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\059A1D19.wmf=>(Quarantine-2)	Infecté avec: Exploit.Win32.WMF-PFVC:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\059A1D19.wmf=>(Quarantine-2)	Désinfection impossibleC:\Program Files\Astro\installer.exe	Infecté avec: Trojan.Clicker.VB.EGC:\Program Files\Astro\installer.exe	Désinfection impossibleC:\WINDOWS\system32\cdhkkqao.kzx	Infecté avec: Trojan.Clicker.Small.JSC:\WINDOWS\system32\cdhkkqao.kzx	Désinfection impossibleC:\WINDOWS\system32\epysaiah.exe	Infecté avec: Trojan.Tibs.EC:\WINDOWS\system32\epysaiah.exe	Désinfection impossibleC:\WINDOWS\system32\fekkactb.exe	Infecté avec: Trojan.Tibs.EC:\WINDOWS\system32\fekkactb.exe	Désinfection impossibleC:\WINDOWS\system32\ikmsyemf.exe	Infecté avec: Trojan.Downloader.VB.OYC:\WINDOWS\system32\ikmsyemf.exe	Désinfection impossibleC:\WINDOWS\system32\kuqvtdeu.exe	Infecté avec: Trojan.Tibs.EC:\WINDOWS\system32\kuqvtdeu.exe	Désinfection impossibleC:\WINDOWS\system32\phqghume.exe	Infecté avec: Trojan.Downloader.Tibs.FAC:\WINDOWS\system32\phqghume.exe	Désinfection impossibleC:\WINDOWS\system32\xegioozj.exe	Infecté avec: Trojan.Tibs.EC:\WINDOWS\system32\xegioozj.exe	Désinfection impossibleC:\WINDOWS\system32\yookyzdv.exe	Infecté avec: Trojan.Downloader.VB.AANC:\WINDOWS\system32\yookyzdv.exe	Désinfection impossibleC:\WINDOWS\system32\zhopaizdupla.exe	Infecté avec: Trojan.Downloader.Agent.QRC:\WINDOWS\system32\zhopaizdupla.exe	Désinfection impossibleje vois pas bien comment enlever ces infections ?voilà où j'en suis mais je suis content d'avoir pu enlever ce fichier du bureaumerci à toi@+Kel

incognito02 · Answer

Re,

Affiche les fichiers caches et supprimes manuellement ceci:

Data\Symantec\Norton AntiVirus\Quarantine < vide la quarantaine
C:\Program Files\Astro\installer.exe
C:\WINDOWS\system32\cdhkkqao.kzx
C:\WINDOWS\system32\epysaiah.exe
C:\WINDOWS\system32\fekkactb.exe
C:\WINDOWS\system32\ikmsyemf.exe
C:\WINDOWS\system32\kuqvtdeu.exe
C:\WINDOWS\system32\phqghume.exe
C:\WINDOWS\system32\xegioozj.exe
C:\WINDOWS\system32\yookyzdv.exe
C:\WINDOWS\system32\zhopaizdupla.exe

A+

artkel · Answer

ok Régis ; gagné !

j'ai plus rien, j'ai fais ce que tu m'as dit sous le mode sans échec

j'avais aussi passé à la moulinette de spyware doctor
et là un nouveau scan sur bitdef et plus rien !!

merci de ton aide
salut @+
Kel

incognito02 · Answer

Salut artkeldsl pour le retard, pas eu le temps de venir.......Content que ce soit gagné !Si t as besoin, n hesites pas ;-)a+

Trojan.clicker.VB.EG et autres

23 réponses

Votre réponse

Newsletters