Sujet Précédent Sujet Suivant

Cheval de troie

Fermé
raitoum - 6 oct. 2007 à 21:53
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 - 7 oct. 2007 à 00:55
Bonjour,
svp aider moi mon pc est attein d'un torjan ke mon antivirus kasperskey n'a pas pu le supprimé dont voici le virus et son emplassement:
""""BAD_STATUS(5) cheval de Troie Trojan-Proxy.Win32.Horst.aae Le fichier: C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\15exinjs.ab.exe""""
j'en ai 32 comme sa
et j'ai fait une analyse avec hijackthis dont voici le rapport:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:41:46, on 06/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\windows\system32\ewdskokaqo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\63exhmml.2.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\PL 35\HiJackThis_v2.exe
C:\Program Files\Opera\Opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ewdskokaqo] c:\windows\system32\ewdskokaqo.exe ewdskokaqo
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1985142628-1328156241-3252351550-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-21-1985142628-1328156241-3252351550-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')
O4 - S-1-5-21-1985142628-1328156241-3252351550-500 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Administrateur')
O4 - S-1-5-21-1985142628-1328156241-3252351550-500 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Administrateur')
O4 - S-1-5-21-1985142628-1328156241-3252351550-501 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Invité')
O4 - S-1-5-21-1985142628-1328156241-3252351550-501 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Invité')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42403F06-7107-44F9-95CC-1954ECB6D9A0}: NameServer = 193.95.93.77 193.95.122.40
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

5 réponses

Réponse 1 / 5
hervé
6 oct. 2007 à 22:06
Bonjour,
Commence par ça: virus methode preliminaire de desinfection version fr
0
Réponse 2 / 5
hervé
6 oct. 2007 à 22:09
Bonjour,
Et puis spybot, ad aware et a2 squared:
spybot eliminer un logiciel espion spyware

et poste les rapports obtenus
0
Réponse 3 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
6 oct. 2007 à 22:12
bonsoir,

peux tu faire ceci :

* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

avec un nouveau log Hijackthis

0
Réponse 4 / 5
raitoum
7 oct. 2007 à 00:40
Bonjour,
merci evré merci philae83
par rapporta report.txt voici le rapport :
SDFix: Version 1.107

Run by HP_Propri‚taire on 07/10/2007 at 00:05

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\HP_PRO~1\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\0exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\10exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\14exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\15exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\19exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\25exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\26exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\31exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\35exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\38exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\40exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\42exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\43exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\46exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\48exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\49exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\4exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\51exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\52exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\54exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\56exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\59exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\5exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\60exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\66exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\67exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\69exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\72exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\73exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\82exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\84exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\86exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\87exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\88exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\89exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\90exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\95exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\98exinjs.ab.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\injs.ab.exe.conf - Deleted
C:\WINDOWS\system\smss.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Assistant Transfert de fichiers et de paramŠtres"
"C:\\Program Files\\ACE Mega CoDecS Pack\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\ACE Mega CoDecS Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\67exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\67exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\22exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\22exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\30exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\30exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\59exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\59exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\83exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\83exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\43exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\43exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\42exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\42exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\3exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\3exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\27exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\27exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\5exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\5exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\38exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\38exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\95exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\95exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\17exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\17exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\28exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\28exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\91exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\91exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\98exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\98exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\9exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\9exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\10exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\10exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\52exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\52exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\84exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\84exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\87exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\87exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\90exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\90exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\4exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\4exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\54exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\54exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\86exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\86exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\89exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\89exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\0exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\0exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\88exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\88exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\49exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\49exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\40exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\40exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\15exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\15exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\60exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\60exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\25exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\25exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\66exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\66exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\46exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\46exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\35exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\35exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\31exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\31exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\82exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\82exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\69exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\69exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\14exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\14exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\73exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\73exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\51exinjs.ab.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\51exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\86exed32_2.e.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\86exed32_2.e.exe:*:Enabled:Microsoft Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\HP_PRO~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 9 May 2007 218 A.SHR --- "C:\BOOT.BAK"
Sat 22 Apr 2006 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Tue 3 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Fri 3 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64e594df5de9258be376fcbfc53c7318\BIT84.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\73e2e9ec90b2a8bdc65c191633d70158\BIT8A.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a1feda554f795971fda237333f75243f\BIT89.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79817f6eaff5d013a81bd2aff4f2954\BIT85.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be055ba2b2ed973399d61482c6723317\BIT88.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c728fd35e0fbfbad19770aaa8086c1e4\BIT86.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d87fb8947e75ca18dc081689c7a9b0bf\BIT87.tmp"
Sat 17 Mar 2007 1,287,040 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\027a59d992dff23d0bef67a9f75bdfca\BIT7F.tmp"
Mon 7 May 2007 5,629,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\09cb817dc3540e715f6f79d4a0adf6be\BIT5D.tmp"
Mon 7 May 2007 497,392 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\BIT61.tmp"
Sun 6 May 2007 1,202,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT67.tmp"
Sun 6 May 2007 1,043,256 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\35d393cc95d186da27d915128e0b31b4\BIT6D.tmp"
Sat 31 Mar 2007 5,954,520 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5514e65b633fea538ae256458d4950b8\BIT11F.tmp"
Mon 5 Feb 2007 907,008 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7039435cbcb0652994017275f19e6e5a\BIT6A.tmp"
Sun 6 May 2007 6,350,296 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\80340438e0f91553e7f1455bc22fd0b7\BIT8C.tmp"
Sat 5 May 2007 784,712 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8fe41575b7c5135c5481192ab0c1266b\BIT6A.tmp"
Sun 6 May 2007 2,393,936 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e0d35b1a9afd12850e9b854d046f6d\BIT5E.tmp"
Mon 7 May 2007 398,568 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\aa84e9a6d9369755b7830c702c6b6e7f\BIT64.tmp"
Wed 14 Mar 2007 5,702,560 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4248c4c189bf5460d6eb98122ea18be\BITFA.tmp"
Mon 5 Feb 2007 100,017 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b5e09bc917afa4d382c3d83a8fea8126\BIT6E.tmp"
Sun 6 May 2007 2,559,312 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be5406dd83b313de669f120c86c4b9f5\BIT97.tmp"
Sun 6 May 2007 1,577,248 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be7040d5a665d4944b8fe7b015b546ce\BIT63.tmp"
Sun 6 May 2007 618,760 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT66.tmp"
Sun 6 May 2007 7,861,144 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fc371c080845c60b9b2e56a9618dc839\BIT65.tmp"
Fri 30 Mar 2007 154,022 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\11bda45ddac56c922dc03bbcfa39ab38\download\BIT68.tmp"
Sun 6 May 2007 41,251 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\download\BIT71.tmp"
Sun 6 May 2007 1,028,217 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\309266066c4a71d5da0ed1a55fbc90c1\download\BIT11.tmp"
Sun 6 May 2007 120,625 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\36b5592e74c8c35cb5b23faed8f385d3\download\BIT6F.tmp"
Sun 6 May 2007 208,755 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5224af626898b31ba0c7476966921e26\download\BIT69.tmp"
Mon 7 May 2007 2,807,715 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\download\BIT6C.tmp"
Sat 5 May 2007 54,303 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\download\BIT6B.tmp"
Mon 7 May 2007 520,054 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a1a09926ba55692e4bb839d62c2c1e21\download\BIT62.tmp"
Sat 5 May 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bdbc2001decde12012366b57c981e5e9\download\BIT6C.tmp"
Mon 7 May 2007 139,778 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\download\BIT8B.tmp"
Sun 6 May 2007 250,147 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c431dc4bbdccd59d7eec2075c4336ebf\download\BIT8.tmp"

Finished!


et pour voici le log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:35:14, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\windows\system32\ewdskokaqo.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\PL 35\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ewdskokaqo] c:\windows\system32\ewdskokaqo.exe ewdskokaqo
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42403F06-7107-44F9-95CC-1954ECB6D9A0}: NameServer = 193.95.93.77 193.95.122.40
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
7 oct. 2007 à 00:55
re
ok, merci

* lance hijackthis puis coche ces lignes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ewdskokaqo] c:\windows\system32\ewdskokaqo.exe ewdskokaqo
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

* ferme toutes tes applications ouvertes et HORS CONNEXION, clique sur "fix checked"'


puis

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe


double-clique sur OTMoveIt.exe pour le lancer.
copie ce qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 
c:\windows\system32\ewdskokaqo.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

puis

* Fait un scan antivirus en ligne ICI
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et reposte également un nouveau rapport hijackthis stp

0

Discussions similaires

Présence ou non de cheval de troie ?
hunter55 -
Malekal_morte- -

14 réponses
L'antivirus ESET NOD32 bloque UPTOBOX ( HTML/ScrInject.B ).
Logan -
Snoopyx -

10 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses
J'ai recu un message cheval de troie
am -
DeNisCoOl -

1 réponse
windows defender cheval de troie
dplonguet -
Faarid.31 -

3 réponses