A L'AIDE ! virus WIN32:Ircbot-CDT[Tjr]'

Résolu
kapinoux Messages postés 23 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour ! au secour mon ordi est infesté par un cheval de troie prénommé Win32:Ircbot-CDT[Trj], je n'arrive pas à m'en débarrasser ,que dois-je faire? il se propage très rapidement dans mes dossiers persos et photos... . Si vous avez quelques infos à me passer n'hésitez pas ! je m'inquiète. Merci. Karine52
Configuration: Windows XP
Internet Explorer 7.0

12 réponses

  1. eclypse16 Messages postés 162 Date d'inscription   Statut Membre
     
    1°) suis cette procedure :
    http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
    1. kapinoux Messages postés 23 Statut Membre
       
      Merci pour ton aide...
      Il y a une amélioration car mon anti virus AD AWARE n'a détecté le cheval de troie qu'une seule fois. Il m'alertait très fréquemment hier. Cependant j'ai un deuxième anti virus AVAST qui ne le détecte pas.
      Voici ce que AD AWARE m'indique :
      Objet critique : Nom : advertbar. Type : regkey. Category : data miner. Objet : hkey users: S-1-5-21-32...
      0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bienvenue sur le forum d’entraide de CommentCaMarche.net

    Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
    De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
    Merci de votre compréhension.

    Télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
    1. kapinoux Messages postés 23 Statut Membre
       
      Merci pour votre aide.
      Je viens d'effectuer les démarches, voici ce qui était inscrit :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:36:15, on 13/08/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16473)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Wanadoo\Watch.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
      C:\DOCUME~1\Karine\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [Showwnd] showwnd.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S176.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
      O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
    2. kapinoux
       
      Je ne suis pas sûre d'avoir fait la bonne démarche tout à l'heure. Voici ce qui doit être le bon rapport :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:56:05, on 13/08/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16473)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
      C:\Documents and Settings\Karine\Mes documents\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [Showwnd] showwnd.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
      O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S176.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
      O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Télécharge Combofix sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    A+
    0
  4. kapinoux Messages postés 23 Statut Membre
     
    Salut, je prends le coup de main.
    Ad aware l'a détecté une fois ce matin.
    A bientôt.

    ComboFix 07-08-14.4 - "Karine" 2007-08-15 10:11:05.1 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.369 [GMT 2:00]
    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Documents and Settings\Karine.\aria.txt

    ((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))

    2007-08-15 10:10 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-15 09:57 <REP> d-------- C:\WINDOWS\LastGood
    2007-08-12 18:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-08-12 18:39 <REP> d-------- C:\Program Files\Yahoo!
    2007-08-12 18:39 <REP> d-------- C:\Program Files\CCleaner
    2007-08-10 23:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-08-10 20:53 <REP> d-------- C:\Program Files\a-squared Anti-Malware

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-15 10:07 --------- d-------- C:\Program Files\Wanadoo
    2007-08-10 23:22 --------- d-------- C:\Program Files\IncrediMail
    2007-08-09 19:20 --------- d-------- C:\Program Files\Windows Live
    2007-08-09 19:20 --------- d-------- C:\Program Files\MSN Messenger
    2007-08-09 14:58 --------- d-------- C:\DOCUME~1\Karine\APPLIC~1\Screenshot Sender
    2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-05-16 17:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 17:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 17:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 17:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 17:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2005-11-04 12:00:05 56 --sh--r C:\WINDOWS\system32\07E9BADCB3.sys
    2005-10-19 19:19:28 8 --sh--r C:\WINDOWS\system32\CFE20AE075.sys
    2005-11-04 12:00:05 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 14:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 06:25]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 18:23 C:\WINDOWS\RTHDCPL.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49]
    "nwiz"="nwiz.exe" [2005-10-10 21:49 C:\WINDOWS\system32\nwiz.exe]
    "CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2005-10-12 15:44]
    "CHotkey"="mHotkey.exe" [2004-12-08 18:57 C:\WINDOWS\mHotkey.exe]
    "ledpointer"="CNYHKey.exe" [2005-11-10 15:41 C:\WINDOWS\CNYHKey.exe]
    "Showwnd"="showwnd.exe" [2003-09-18 21:09 C:\WINDOWS\ShowWnd.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 20:02]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 01:17]
    "InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 14:19]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-10 18:20]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 12:42]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 18:36]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "Felix II"="C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe" [2007-02-18 16:18]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-03 18:49:32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
    R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
    R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys

    Contents of the 'Scheduled Tasks' folder
    2007-08-15 08:08:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-15 10:12:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-15 10:13:08
    C:\ComboFix-quarantined-files.txt ... 2007-08-15 10:13

    --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Adaware te le détecte ou?
    As tu le rapport?

    Merci
    :-)

    A+
    0
  7. kapinoux Messages postés 23 Statut Membre
     
    Salut, voilà ou il se trouve :
    C:\DOCUME~1\Karine\LOCALS~1\Temp\AAWTMP\C2654406\4060E4\photos-08-2007.scr

    Et voici le rapport :

    A+

    MERCI

    Ad-Aware SE Build 1.06r1
    Logfile Created on:jeudi 16 août 2007 14:39:22
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R186 06.08.2007
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    AdvertBar(TAC index:5):1 total references
    MRU List(TAC index:0):18 total references
    Tracking Cookie(TAC index:3):2 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    16-08-2007 14:39:22 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Karine\recent
    Description : list of recently opened documents

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\mediaplayer\player\recentfilelist
    Description : list of recently used files in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\mediaplayer\preferences
    Description : last search path used in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent skins in realplayer

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent clips in realplayer

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\realnetworks\realplayer\6.0\preferences
    Description : last login time in realplayer

    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-21-3208522847-850115167-2157219040-1006\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 368
    ThreadCreationTime : 16-08-2007 11:55:16
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 480
    ThreadCreationTime : 16-08-2007 11:55:21
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 508
    ThreadCreationTime : 16-08-2007 11:55:22
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 552
    ThreadCreationTime : 16-08-2007 11:55:23
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 564
    ThreadCreationTime : 16-08-2007 11:55:23
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 728
    ThreadCreationTime : 16-08-2007 11:55:24
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 776
    ThreadCreationTime : 16-08-2007 11:55:24
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 816
    ThreadCreationTime : 16-08-2007 11:55:24
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 892
    ThreadCreationTime : 16-08-2007 11:55:24
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 932
    ThreadCreationTime : 16-08-2007 11:55:24
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [aswupdsv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 1044
    ThreadCreationTime : 16-08-2007 11:55:25
    BasePriority : Normal
    FileVersion : 4, 7, 1029, 0
    ProductVersion : 4, 7, 0, 0
    ProductName : avast! Antivirus
    CompanyName : ALWIL Software
    FileDescription : avast! Antivirus updating service
    InternalName : aswUpdSv.exe
    LegalCopyright : Copyright (c) 2007 ALWIL Software
    OriginalFilename : aswUpdSv.exe

    #:12 [ashserv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 1100
    ThreadCreationTime : 16-08-2007 11:55:25
    BasePriority : High
    FileVersion : 4, 7, 1029, 0
    ProductVersion : 4, 7, 0, 0
    ProductName : avast! Antivirus
    CompanyName : ALWIL Software
    FileDescription : avast! antivirus service
    InternalName : aswServ
    LegalCopyright : Copyright (c) 2007 ALWIL Software
    OriginalFilename : aswServ.exe

    #:13 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1392
    ThreadCreationTime : 16-08-2007 11:55:27
    BasePriority : Normal
    FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
    ProductVersion : 6.00.2900.3156
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:14 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1512
    ThreadCreationTime : 16-08-2007 11:55:27
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:15 [aolacsd.exe]
    FilePath : C:\PROGRA~1\FICHIE~1\AOL\ACS\
    ProcessID : 1668
    ThreadCreationTime : 16-08-2007 11:55:29
    BasePriority : Normal

    #:16 [clcapsvc.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\
    ProcessID : 1680
    ThreadCreationTime : 16-08-2007 11:55:29
    BasePriority : Normal
    FileVersion : 4.05.1407
    ProductVersion : 4.05.1407
    ProductName : CLCapSvc Module
    FileDescription : CLCapSvc Module
    InternalName : CLCapSvc
    LegalCopyright : Copyright 2004
    OriginalFilename : CLCapSvc.EXE

    #:17 [clmlserver.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\
    ProcessID : 1728
    ThreadCreationTime : 16-08-2007 11:55:29
    BasePriority : Normal
    FileVersion : 2, 1, 0, 2301
    ProductVersion : 2, 1, 0, 2301
    ProductName : Cyberlink Media Library Server
    CompanyName : Cyberlink
    FileDescription : NT CLMLServer
    InternalName : NT CLMLServer
    LegalCopyright : Copyright c 2004
    OriginalFilename : CLMLServer.exe

    #:18 [ftrtsvc.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1752
    ThreadCreationTime : 16-08-2007 11:55:29
    BasePriority : Normal
    FileVersion : 11.0 (4)
    ProductVersion : 11.0 (4)
    ProductName : FTRTSVC NT Service
    CompanyName : France Telecom
    FileDescription : FTRTSVC NT Service
    InternalName : FTRTSVC
    LegalCopyright : France Telecom R&D 2004
    OriginalFilename : FTRTSVC.EXE

    #:19 [googleupdaterservice.exe]
    FilePath : C:\Program Files\Google\Common\Google Updater\
    ProcessID : 1764
    ThreadCreationTime : 16-08-2007 11:55:29
    BasePriority : Normal
    FileVersion : 2.2.824.5515.beta
    ProductVersion : 2.2.824.5515.beta
    ProductName : Google Updater
    CompanyName : Google
    FileDescription : gusvc
    InternalName : gusvc
    LegalCopyright : ©2005-2006 Google. All Rights Reserved.
    OriginalFilename : GoogleUpdaterService.exe
    Comments : Google Updater

    #:20 [inorpc.exe]
    FilePath : C:\Program Files\CA\eTrust Antivirus\
    ProcessID : 1800
    ThreadCreationTime : 16-08-2007 11:55:29
    BasePriority : Normal
    FileVersion : 7.1.194.0
    ProductVersion : 7.1.194.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : InoRpc.exe
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : InoRpc.exe
    Comments : eTrust Antivirus English Version

    #:21 [inort.exe]
    FilePath : C:\Program Files\CA\eTrust Antivirus\
    ProcessID : 1876
    ThreadCreationTime : 16-08-2007 11:55:30
    BasePriority : Normal
    FileVersion : 7.1.194.0
    ProductVersion : 7.1.194.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : InoRT.dll
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : InoRT.dll
    Comments : eTrust Antivirus English Version

    #:22 [inotask.exe]
    FilePath : C:\Program Files\CA\eTrust Antivirus\
    ProcessID : 1904
    ThreadCreationTime : 16-08-2007 11:55:30
    BasePriority : Normal
    FileVersion : 7.1.194.0
    ProductVersion : 7.1.194.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : InoTask.exe
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : InoTask.exe
    Comments : eTrust Antivirus English Version

    #:23 [lssrvc.exe]
    FilePath : C:\Program Files\Fichiers communs\LightScribe\
    ProcessID : 1964
    ThreadCreationTime : 16-08-2007 11:55:30
    BasePriority : Normal
    FileVersion : 1.4.56.1
    ProductName : LightScribe
    CompanyName : Hewlett-Packard Company
    LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP
    OriginalFilename : LSSrvc.exe

    #:24 [nvsvc32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2020
    ThreadCreationTime : 16-08-2007 11:55:30
    BasePriority : Normal
    FileVersion : 6.14.10.8185
    ProductVersion : 6.14.10.8185
    ProductName : NVIDIA Driver Helper Service, Version 81.85
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 81.85
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe

    #:25 [richvideo.exe]
    FilePath : C:\Program Files\CyberLink\Shared Files\
    ProcessID : 152
    ThreadCreationTime : 16-08-2007 11:55:30
    BasePriority : Normal
    FileVersion : 1.1.0808
    ProductVersion : 1.1.0808
    ProductName : RichVideo Module
    FileDescription : RichVideo Module
    InternalName : RichVideo
    LegalCopyright : Copyright 2004
    OriginalFilename : RichVideo.EXE

    #:26 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 316
    ThreadCreationTime : 16-08-2007 11:55:31
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:27 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 428
    ThreadCreationTime : 16-08-2007 11:55:31
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:28 [x10nets.exe]
    FilePath : C:\PROGRA~1\COMMON~1\X10\Common\
    ProcessID : 880
    ThreadCreationTime : 16-08-2007 11:55:31
    BasePriority : Realtime
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : x10 Module
    CompanyName : X10
    FileDescription : X10 Module
    InternalName : x10
    LegalCopyright : Copyright 1999 X10
    OriginalFilename : x10.exe

    #:29 [clsched.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\
    ProcessID : 1792
    ThreadCreationTime : 16-08-2007 11:55:33
    BasePriority : Normal
    FileVersion : 4.05.1407
    ProductVersion : 4.05.1407
    ProductName : CLSched Module
    FileDescription : CLSched Module
    InternalName : CLSched
    LegalCopyright : Copyright 2004
    OriginalFilename : CLSched.EXE

    #:30 [aoldial.exe]
    FilePath : C:\Program Files\Fichiers communs\AOL\ACS\
    ProcessID : 2224
    ThreadCreationTime : 16-08-2007 11:55:36
    BasePriority : Normal
    FileVersion : 2.0.20.1.FR.213
    ProductVersion : 2.0.20.1.FR.213
    ProductName : AOL Connectivity Service
    CompanyName : America Online, Inc
    FileDescription : AOL Connectivity Service Dialer
    LegalCopyright : Copyright © 2003 America Online, Inc.
    OriginalFilename : AOLDial.exe

    #:31 [rthdcpl.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2236
    ThreadCreationTime : 16-08-2007 11:55:36
    BasePriority : Normal
    FileVersion : 2.0.3.9
    ProductVersion : 2.0.3.9
    ProductName : Realtek HD Audio Sound Effect Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek HD Audio Control Panel
    LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
    OriginalFilename : RTHDCPL.EXE

    #:32 [cmucreye.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2300
    ThreadCreationTime : 16-08-2007 11:55:36
    BasePriority : Normal
    FileVersion : 1, 0, 0, 36
    ProductVersion : 1, 0, 0, 36
    ProductName : CmCardMonitor Application
    FileDescription : CmCardMonitor MFC Application
    InternalName : CmCardMonitor
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : CmWatch.EXE

    #:33 [mhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2324
    ThreadCreationTime : 16-08-2007 11:55:37
    BasePriority : Normal
    FileVersion : 3, 0, 0, 10
    ProductVersion : 3, 0, 0, 0
    ProductName : Multimedia Keyboard Driver
    FileDescription : Multimedia Keyboard Driver
    InternalName : Multimedia Hotkey Driver
    LegalCopyright : Copyright (c) 2004.
    OriginalFilename : mHotkey.res

    #:34 [cnyhkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2432
    ThreadCreationTime : 16-08-2007 11:55:38
    BasePriority : Normal
    FileVersion : 2, 2, 0, 2
    ProductVersion : 2, 2, 0, 0
    ProductName : Multimedia Driver
    CompanyName : Chicony
    FileDescription : Chicony Multimedia Keyboard Driver
    InternalName : Multimedia Hotkey Driver
    LegalCopyright : Copyright (c) 2005 Chicony
    OriginalFilename : mHotkey.res

    #:35 [pcmservice.exe]
    FilePath : C:\Program Files\Home Cinema\PowerCinema\
    ProcessID : 2536
    ThreadCreationTime : 16-08-2007 11:55:39
    BasePriority : Realtime
    FileVersion : 4, 5, 0, 0
    ProductVersion : 4, 5, 0, 0
    ProductName : Cyberlink PowerCinema
    CompanyName : CyberLink Corp.
    FileDescription : CyberLink PowerCinema Resident Program
    InternalName : CyberLink PowerCinema Resident Program
    LegalCopyright : Copyright (c) 2005 CyberLink Corp.
    OriginalFilename : PCMService.exe

    #:36 [realmon.exe]
    FilePath : C:\PROGRA~1\CA\ETRUST~1\
    ProcessID : 2564
    ThreadCreationTime : 16-08-2007 11:55:40
    BasePriority : Normal
    FileVersion : 7.1.194.0
    ProductVersion : 7.1.194.0
    ProductName : eTrust Antivirus
    CompanyName : Computer Associates International, Inc.
    InternalName : Realmon.exe
    LegalCopyright : Copyright 2004 Computer Associates International, Inc.
    LegalTrademarks : eTrust (TM) is a trademark of Computer Associates Int'l, Inc.
    OriginalFilename : Realmon.exe
    Comments : eTrust Antivirus English Version

    #:37 [ashmaisv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 2712
    ThreadCreationTime : 16-08-2007 11:55:44
    BasePriority : Normal

    #:38 [taskbaricon.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 2744
    ThreadCreationTime : 16-08-2007 11:55:47
    BasePriority : Normal
    FileVersion : 5.9 (1)
    ProductVersion : 5.9 (1)
    ProductName : Kit de Connexion et de Services
    CompanyName : France Télécom R&D
    FileDescription : Gestion de l'icône de la barre des tâches
    InternalName : TaskBarIcon
    LegalCopyright : Copyright (C) France Télécom R&D 1999 - 2003
    OriginalFilename : TaskBarIcon.exe

    #:39 [googledesktop.exe]
    FilePath : C:\Program Files\Google\Google Desktop Search\
    ProcessID : 2820
    ThreadCreationTime : 16-08-2007 11:55:49
    BasePriority : Normal
    FileVersion : 5.1.707.23222
    ProductVersion : 5.1.707.23222
    ProductName : Google Desktop
    CompanyName : Google
    FileDescription : Google Desktop
    InternalName : Google Desktop
    LegalCopyright : Copyright (c) 2003-07 Google. All Rights Reserved.

    #:40 [ashwebsv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 2852
    ThreadCreationTime : 16-08-2007 11:55:49
    BasePriority : Normal

    #:41 [ashdisp.exe]
    FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
    ProcessID : 2928
    ThreadCreationTime : 16-08-2007 11:55:50
    BasePriority : Normal
    FileVersion : 4, 7, 1029, 0
    ProductVersion : 4, 7, 0, 0
    ProductName : avast! Antivirus
    CompanyName : ALWIL Software
    FileDescription : avast! service GUI component
    InternalName : aswDisp
    LegalCopyright : Copyright (c) 2007 ALWIL Software
    OriginalFilename : aswDisp.exe

    #:42 [wmiprvse.exe]
    FilePath : C:\WINDOWS\system32\wbem\
    ProcessID : 3328
    ThreadCreationTime : 16-08-2007 11:55:53
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : WMI
    InternalName : Wmiprvse.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : Wmiprvse.exe

    #:43 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3424
    ThreadCreationTime : 16-08-2007 11:55:55
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:44 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3480
    ThreadCreationTime : 16-08-2007 11:55:56
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:45 [felix2.exe]
    FilePath : C:\Program Files\ScreenMates\Felix II\Fr\
    ProcessID : 3564
    ThreadCreationTime : 16-08-2007 11:56:00
    BasePriority : Normal

    #:46 [gestionnaireinternet.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 3708
    ThreadCreationTime : 16-08-2007 11:56:04
    BasePriority : Normal
    FileVersion : 5.9 (3)
    ProductVersion : 5.9 (3)
    ProductName : Kit de Connexion et de Services
    CompanyName : France Télécom R&D
    FileDescription : Espace Client
    InternalName : EspaceClient
    LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
    OriginalFilename : EspaceClient.exe

    #:47 [comcomp.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 3784
    ThreadCreationTime : 16-08-2007 11:56:06
    BasePriority : Normal
    FileVersion : 11b.0 (8)
    ProductVersion : 11b.0 (8)
    ProductName : Kit de Connexion et de Services
    CompanyName : France Télécom R&D
    FileDescription : Module de communication
    InternalName : ComComp
    LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
    OriginalFilename : ComComp.exe

    #:48 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3832
    ThreadCreationTime : 16-08-2007 11:56:07
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:49 [googledesktop.exe]
    FilePath : C:\Program Files\Google\Google Desktop Search\
    ProcessID : 3960
    ThreadCreationTime : 16-08-2007 11:56:09
    BasePriority : Normal
    FileVersion : 5.1.707.23222
    ProductVersion : 5.1.707.23222
    ProductName : Google Desktop
    CompanyName : Google
    FileDescription : Google Desktop
    InternalName : Google Desktop
    LegalCopyright : Copyright (c) 2003-07 Google. All Rights Reserved.

    #:50 [toaster.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 4008
    ThreadCreationTime : 16-08-2007 11:56:11
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : Application Toaster
    CompanyName : France Telecom R&D
    FileDescription : Application MFC Toaster
    InternalName : Toaster
    LegalCopyright : Copyright France Telecom R&D (C) 2004
    OriginalFilename : Toaster.EXE

    #:51 [inactivity.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 4024
    ThreadCreationTime : 16-08-2007 11:56:11
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : Application Inactivity
    FileDescription : Application MFC Inactivity
    InternalName : Inactivity
    LegalCopyright : Copyright France Telecom R&D (C) 2004
    OriginalFilename : Inactivity.EXE

    #:52 [pollingmodule.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 4040
    ThreadCreationTime : 16-08-2007 11:56:11
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : Application PollingModule
    FileDescription : Application PollingModule
    InternalName : PollingModule
    LegalCopyright : Copyright France Telecom R&D (C) 2004
    OriginalFilename : PollingModule.EXE

    #:53 [alertm~1.exe]
    FilePath : C:\WINDOWS\System32\ALERTM~1\
    ProcessID : 312
    ThreadCreationTime : 16-08-2007 11:56:12
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : Application AlertModule
    FileDescription : Application MFC AlertModule
    InternalName : AlertModule
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : AlertModule.EXE

    #:54 [googleupdater.exe]
    FilePath : C:\Program Files\Google\Google Updater\
    ProcessID : 1264
    ThreadCreationTime : 16-08-2007 11:56:13
    BasePriority : Normal
    FileVersion : 2.2.940.34809.beta
    ProductVersion : 2.2.940.34809.beta
    ProductName : Google Updater
    CompanyName : Google
    FileDescription : Google Updater
    InternalName : Google Updater
    LegalCopyright : ©2005-2006 Google. All Rights Reserved.
    OriginalFilename : GoogleUpdater.exe
    Comments : Google Updater

    #:55 [watch.exe]
    FilePath : C:\PROGRA~1\Wanadoo\
    ProcessID : 2408
    ThreadCreationTime : 16-08-2007 11:56:18
    BasePriority : Normal
    FileVersion : 11.0 (2)
    ProductVersion : 11.0 (2)
    ProductName : Kit de Connexion et de Services
    CompanyName : France Télécom R&D
    FileDescription : Surveillance des modifications
    InternalName : Watch
    LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
    OriginalFilename : Watch.exe

    #:56 [woobrowser.exe]
    FilePath : C:\PROGRA~1\Wanadoo\WOOBrowser\
    ProcessID : 2624
    ThreadCreationTime : 16-08-2007 12:03:27
    BasePriority : Normal
    FileVersion : 5.9.2
    ProductVersion : 5.9.2
    ProductName : France Telecom Web Browser
    FileDescription : Navigateur Internet
    InternalName : FTBrowser
    LegalCopyright : Copyright © 2004 France Telecom
    OriginalFilename : FTBrowser.exe

    #:57 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 1016
    ThreadCreationTime : 16-08-2007 12:39:12
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 18

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    AdvertBar Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_USERS
    Object : S-1-5-21-3208522847-850115167-2157219040-1006\software\adtools, inc.

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 1
    Objects found so far: 19

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 19

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : karine@weborama[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:karine@weborama.fr/
    Expires : 14-08-2009 10:10:14
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : karine@doubleclick[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:karine@doubleclick.net/
    Expires : 14-08-2009 10:10:54
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 21

    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 21

    Deep scanning and examining files (D:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for D:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 21

    Deep scanning and examining files (E:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for E:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 21

    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 21

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 21

    15:00:13 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:20:51.547
    Objects scanned:189479
    Objects identified:3
    Objects ignored:0
    New critical objects:3
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonjour,

    Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
    - Exécutez l'option R.
    -- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

    - Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

    A+
    0
    1. kapinoux Messages postés 23 Statut Membre
       
      OPERATION REUSSIE!!! ON L'A EU!!!

      Ca y est : je l'ai trouvé dans un fichier s'intitulant webcam video.
      Ad aware ne le détecte plus.

      MSN Fix ne détectait rien pourtant.

      Merci pour ton aide et ta patience.
      0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    D'accord, domage ce fichier m'aurais bien interréssé :-)

    Bonne journée
    0
  10. Danhantan
     
    Bonjour j'ai eu le même virus qui c'est propagé par msn, je me suis fait avoir lors d'une discussion avec un ami qui a du être lui aussi infecté.

    J'ai donc uniquement fait la dernière manipulation c'est à dire télécharger msnfix et je l'ai lancé voici le rapport que j'obtient:

    MSN_Fix 1.464

    C:\Documents and Settings\Andre\Bureau\MSNFix
    Fix exécuté le 19/08/2007 - 11:53:23,03 By Andre
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\libmsns.dll
    ... C:\WINDOWS\album11.zip
    ... C:\WINDOWS\album20.zip
    ... C:\WINDOWS\album29.zip
    ... C:\WINDOWS\album44.zip
    ... C:\WINDOWS\album59.zip
    ... C:\WINDOWS\album62.zip
    ... C:\WINDOWS\album65.zip
    ... C:\WINDOWS\album68.zip
    ... C:\WINDOWS\album71.zip
    ... C:\WINDOWS\album74.zip
    ... C:\WINDOWS\album89.zip
    ... C:\WINDOWS\album95.zip
    ... C:\WINDOWS\images012.zip
    ... C:\WINDOWS\images018.zip
    ... C:\WINDOWS\images021.zip
    ... C:\WINDOWS\images024.zip
    ... C:\WINDOWS\images027.zip
    ... C:\WINDOWS\images033.zip
    ... C:\WINDOWS\images036.zip
    ... C:\WINDOWS\images039.zip
    ... C:\WINDOWS\images045.zip
    ... C:\WINDOWS\images048.zip
    ... C:\WINDOWS\images051.zip
    ... C:\WINDOWS\images054.zip
    ... C:\WINDOWS\images057.zip
    ... C:\WINDOWS\images060.zip
    ... C:\WINDOWS\images066.zip
    ... C:\WINDOWS\images069.zip
    ... C:\WINDOWS\images072.zip
    ... C:\WINDOWS\images081.zip
    ... C:\WINDOWS\images084.zip
    ... C:\WINDOWS\images087.zip
    ... C:\WINDOWS\images09.zip
    ... C:\WINDOWS\images096.zip
    ... C:\WINDOWS\photo12.zip
    ... C:\WINDOWS\photo21.zip
    ... C:\WINDOWS\photo24.zip
    ... C:\WINDOWS\photo27.zip
    ... C:\WINDOWS\photo3.zip
    ... C:\WINDOWS\photo30.zip
    ... C:\WINDOWS\photo39.zip
    ... C:\WINDOWS\photo42.zip
    ... C:\WINDOWS\photo45.zip
    ... C:\WINDOWS\photo51.zip
    ... C:\WINDOWS\photo54.zip
    ... C:\WINDOWS\photo66.zip
    ... C:\WINDOWS\photo69.zip
    ... C:\WINDOWS\photo75.zip
    ... C:\WINDOWS\photo81.zip
    ... C:\WINDOWS\photo90.zip
    ... C:\WINDOWS\photo93.zip
    ... C:\WINDOWS\photo96.zip
    ... C:\WINDOWS\photos010.zip
    ... C:\WINDOWS\photos022.zip
    ... C:\WINDOWS\photos034.zip
    ... C:\WINDOWS\photos037.zip
    ... C:\WINDOWS\photos04.zip
    ... C:\WINDOWS\photos040.zip
    ... C:\WINDOWS\photos043.zip
    ... C:\WINDOWS\photos049.zip
    ... C:\WINDOWS\photos055.zip
    ... C:\WINDOWS\photos07.zip
    ... C:\WINDOWS\photos079.zip
    ... C:\WINDOWS\photos088.zip
    ... C:\WINDOWS\photos094.zip
    ... C:\WINDOWS\webcam-photos014.zip
    ... C:\WINDOWS\webcam-photos017.zip
    ... C:\WINDOWS\webcam-photos023.zip
    ... C:\WINDOWS\webcam-photos026.zip
    ... C:\WINDOWS\webcam-photos032.zip
    ... C:\WINDOWS\webcam-photos035.zip
    ... C:\WINDOWS\webcam-photos038.zip
    ... C:\WINDOWS\webcam-photos041.zip
    ... C:\WINDOWS\webcam-photos047.zip
    ... C:\WINDOWS\webcam-photos05.zip
    ... C:\WINDOWS\webcam-photos050.zip
    ... C:\WINDOWS\webcam-photos059.zip
    ... C:\WINDOWS\webcam-photos062.zip
    ... C:\WINDOWS\webcam-photos068.zip
    ... C:\WINDOWS\webcam-photos071.zip
    ... C:\WINDOWS\webcam-photos074.zip
    ... C:\WINDOWS\webcam-photos077.zip
    ... C:\WINDOWS\webcam-photos08.zip
    ... C:\WINDOWS\webcam-photos080.zip
    ... C:\WINDOWS\webcam-photos083.zip
    ... C:\WINDOWS\webcam-photos092.zip
    ... C:\WINDOWS\webcam-photos098.zip
    ... C:\WINDOWS\itsME19.zip
    ... C:\WINDOWS\itsME22.zip
    ... C:\WINDOWS\itsME25.zip
    ... C:\WINDOWS\itsME34.zip
    ... C:\WINDOWS\itsME37.zip
    ... C:\WINDOWS\itsME40.zip
    ... C:\WINDOWS\itsME43.zip
    ... C:\WINDOWS\itsME46.zip
    ... C:\WINDOWS\itsME49.zip
    ... C:\WINDOWS\itsME52.zip
    ... C:\WINDOWS\itsME55.zip
    ... C:\WINDOWS\itsME58.zip
    ... C:\WINDOWS\itsME67.zip
    ... C:\WINDOWS\itsME7.zip
    ... C:\WINDOWS\itsME70.zip
    ... C:\WINDOWS\itsME79.zip
    ... C:\WINDOWS\itsME82.zip
    ... C:\WINDOWS\itsME88.zip
    ... C:\WINDOWS\itsME91.zip
    ... C:\WINDOWS\itsME97.zip

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    /!\ ... C:\WINDOWS\system32\libmsns.dll
    .. OK ... C:\WINDOWS\album11.zip
    .. OK ... C:\WINDOWS\album20.zip
    .. OK ... C:\WINDOWS\album29.zip
    .. OK ... C:\WINDOWS\album44.zip
    .. OK ... C:\WINDOWS\album59.zip
    .. OK ... C:\WINDOWS\album62.zip
    .. OK ... C:\WINDOWS\album65.zip
    .. OK ... C:\WINDOWS\album68.zip
    .. OK ... C:\WINDOWS\album71.zip
    .. OK ... C:\WINDOWS\album74.zip
    .. OK ... C:\WINDOWS\album89.zip
    .. OK ... C:\WINDOWS\album95.zip
    .. OK ... C:\WINDOWS\images012.zip
    .. OK ... C:\WINDOWS\images018.zip
    .. OK ... C:\WINDOWS\images021.zip
    .. OK ... C:\WINDOWS\images024.zip
    .. OK ... C:\WINDOWS\images027.zip
    .. OK ... C:\WINDOWS\images033.zip
    .. OK ... C:\WINDOWS\images036.zip
    .. OK ... C:\WINDOWS\images039.zip
    .. OK ... C:\WINDOWS\images045.zip
    .. OK ... C:\WINDOWS\images048.zip
    .. OK ... C:\WINDOWS\images051.zip
    .. OK ... C:\WINDOWS\images054.zip
    .. OK ... C:\WINDOWS\images057.zip
    .. OK ... C:\WINDOWS\images060.zip
    .. OK ... C:\WINDOWS\images066.zip
    .. OK ... C:\WINDOWS\images069.zip
    .. OK ... C:\WINDOWS\images072.zip
    .. OK ... C:\WINDOWS\images081.zip
    .. OK ... C:\WINDOWS\images084.zip
    .. OK ... C:\WINDOWS\images087.zip
    .. OK ... C:\WINDOWS\images09.zip
    .. OK ... C:\WINDOWS\images096.zip
    .. OK ... C:\WINDOWS\photo12.zip
    .. OK ... C:\WINDOWS\photo21.zip
    .. OK ... C:\WINDOWS\photo24.zip
    .. OK ... C:\WINDOWS\photo27.zip
    .. OK ... C:\WINDOWS\photo3.zip
    .. OK ... C:\WINDOWS\photo30.zip
    .. OK ... C:\WINDOWS\photo39.zip
    .. OK ... C:\WINDOWS\photo42.zip
    .. OK ... C:\WINDOWS\photo45.zip
    .. OK ... C:\WINDOWS\photo51.zip
    .. OK ... C:\WINDOWS\photo54.zip
    .. OK ... C:\WINDOWS\photo66.zip
    .. OK ... C:\WINDOWS\photo69.zip
    .. OK ... C:\WINDOWS\photo75.zip
    .. OK ... C:\WINDOWS\photo81.zip
    .. OK ... C:\WINDOWS\photo90.zip
    .. OK ... C:\WINDOWS\photo93.zip
    .. OK ... C:\WINDOWS\photo96.zip
    .. OK ... C:\WINDOWS\photos010.zip
    .. OK ... C:\WINDOWS\photos022.zip
    .. OK ... C:\WINDOWS\photos034.zip
    .. OK ... C:\WINDOWS\photos037.zip
    .. OK ... C:\WINDOWS\photos04.zip
    .. OK ... C:\WINDOWS\photos040.zip
    .. OK ... C:\WINDOWS\photos043.zip
    .. OK ... C:\WINDOWS\photos049.zip
    .. OK ... C:\WINDOWS\photos055.zip
    .. OK ... C:\WINDOWS\photos07.zip
    .. OK ... C:\WINDOWS\photos079.zip
    .. OK ... C:\WINDOWS\photos088.zip
    .. OK ... C:\WINDOWS\photos094.zip
    .. OK ... C:\WINDOWS\webcam-photos014.zip
    .. OK ... C:\WINDOWS\webcam-photos017.zip
    .. OK ... C:\WINDOWS\webcam-photos023.zip
    .. OK ... C:\WINDOWS\webcam-photos026.zip
    .. OK ... C:\WINDOWS\webcam-photos032.zip
    .. OK ... C:\WINDOWS\webcam-photos035.zip
    .. OK ... C:\WINDOWS\webcam-photos038.zip
    .. OK ... C:\WINDOWS\webcam-photos041.zip
    .. OK ... C:\WINDOWS\webcam-photos047.zip
    .. OK ... C:\WINDOWS\webcam-photos05.zip
    .. OK ... C:\WINDOWS\webcam-photos050.zip
    .. OK ... C:\WINDOWS\webcam-photos059.zip
    .. OK ... C:\WINDOWS\webcam-photos062.zip
    .. OK ... C:\WINDOWS\webcam-photos068.zip
    .. OK ... C:\WINDOWS\webcam-photos071.zip
    .. OK ... C:\WINDOWS\webcam-photos074.zip
    .. OK ... C:\WINDOWS\webcam-photos077.zip
    .. OK ... C:\WINDOWS\webcam-photos08.zip
    .. OK ... C:\WINDOWS\webcam-photos080.zip
    .. OK ... C:\WINDOWS\webcam-photos083.zip
    .. OK ... C:\WINDOWS\webcam-photos092.zip
    .. OK ... C:\WINDOWS\webcam-photos098.zip
    .. OK ... C:\WINDOWS\itsME19.zip
    .. OK ... C:\WINDOWS\itsME22.zip
    .. OK ... C:\WINDOWS\itsME25.zip
    .. OK ... C:\WINDOWS\itsME34.zip
    .. OK ... C:\WINDOWS\itsME37.zip
    .. OK ... C:\WINDOWS\itsME40.zip
    .. OK ... C:\WINDOWS\itsME43.zip
    .. OK ... C:\WINDOWS\itsME46.zip
    .. OK ... C:\WINDOWS\itsME49.zip
    .. OK ... C:\WINDOWS\itsME52.zip
    .. OK ... C:\WINDOWS\itsME55.zip
    .. OK ... C:\WINDOWS\itsME58.zip
    .. OK ... C:\WINDOWS\itsME67.zip
    .. OK ... C:\WINDOWS\itsME7.zip
    .. OK ... C:\WINDOWS\itsME70.zip
    .. OK ... C:\WINDOWS\itsME79.zip
    .. OK ... C:\WINDOWS\itsME82.zip
    .. OK ... C:\WINDOWS\itsME88.zip
    .. OK ... C:\WINDOWS\itsME91.zip
    .. OK ... C:\WINDOWS\itsME97.zip

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\libmsns.dll

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\WINDOWS\system32\ygpss.scr] FDF159E6C4EE927B245C4B1C83882C10

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 19082007_12020196.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt
    0
  12. Danhantan
     
    Que dois je faire maintenant?

    Est ce que le cheval de troie est retiré?

    Faut il faire autre chose?

    D'avance merci André
    0
  13. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt
    0