Sujet Précédent Sujet Suivant

PB: Your computer is infected => AntiSpyware

Résolu
Zarbibi49 Messages postés 72 Statut Membre -  
 gen-hackman -
Bonjour,

Depuis 3 jours, j'ai un pb!
En fait je naviguais sur mes site habituels => Info, sport. Rien de répréhensible je vous rassure.
Puis une icône ronde rouge avec une croix s'est mise en bas à droite dans la barre d'icône. J'ai un peu paniqué quand j'ai lu : "Your computer is infected"!!!

Il me propose d'installer AntiSpyware XP2009 et en toute précipitation je l'installe puis le vire en me disant que c'était lui qui était le problème mais rien n'y fait!

Tout mes raccourcis sont morts, le pc m'indiquant que ces raccourcis "ne sont pas des applications Win32 valides..."

J'ai des fichiers à priori endommagé. Je ne peux plus ouvrir ni mes raccourcis de site que je m'étais créé sur le Bureau, ni mes logiciels.

(Pour info, il y a un message qui s'ouvre avait que j'ouvre une session sur le PC: Le fichier ou le répertoire checkit est endommagé et illisible. Utiliser l'utilitaire chkdsk)

Je ferme le message puis quand j'ouvre ma session, plein de message me disant que j'ai des fichiers endommagés ou illisibles, ou encore que tel image n'est pas valide pour un raccourci, enfin bref un pèle-mêle de message qui pulule sur le centre de l'écran.

J'ai cru comprendre qu'il s'agissait d'un virus : un malware!
J'ai bien tenté la solution présentée ici => http://www.commentcamarche.net/faq/sujet 2964 virus your computer is infected

Sans pour autant poster les rapports sur le forums mais le problème est toujours là.

Je précise que j'ai retiré tout document de ma session PC. Mais à priori cela ne viens pas de là.
Par ailleurs, il s'agit d'un PC portalbe. Je post donc grace à la grosse bécane de papa! Ouf!

Merci d'avance pour votre aide et votre générosité. A très bientôt! Pour une solution ^^ j'espère... ^^

83 réponses

Précédent
Réponse 61 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si tu retrouve le cd de windows repare le avec
0
Zarbibi49 Messages postés 72 Statut Membre
 
Voici le "rapport" de Kaspersky :

File C:\Documents and Settings\Max\Mes documents\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Program Files\Fichiers communs\Real\Codecs\8Tuë.¦ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Fichiers communs\Teleca Shared\DCU-11\Àf°{V³9ó.b infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Real\RealPlayer\Setup\àë infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Real\RealPlayer\Setup\PVÞ I infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\-½ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Õ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\: infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\æ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\, infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\4 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\x infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\' infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\t infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ù infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Å infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\k infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\} infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\| infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Ä infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\i infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\9 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ñ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\® infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¦ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\+ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\+ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\õ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ý infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¶ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\5 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ã infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\z infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\D infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\l infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\T infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\k infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\_ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\( infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\z infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¦ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\V infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ï infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ö infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\£ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ñ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\% infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\© infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¥ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\b infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Á infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\° infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\% infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Ò infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¾ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\³ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\» infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\  infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\" infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\$ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\4 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\+ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\H infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\} infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ó infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\| infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ê infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ø infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Ö infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Ç infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\$ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Ñ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\/ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\© infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\i infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\t infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Þ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\: infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\° infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\{ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\
 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\u infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Æ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\$ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\- infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\5 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\= infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\d infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\M infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\] infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\- infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\f infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\n infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\/ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ü infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\z infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\  infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ñ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¦ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\È infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\+ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ó infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\9 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\¡ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\à infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\! infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\/ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\N infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\M infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\; infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\y infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\H infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\z infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\( infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\l infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\\ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\½ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\Ñ infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\á infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Infinite Loop\The Outforce\Outforce\û infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\AOL\AOL One-click Fix service\n infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\AOL\AOL One-click Fix service\h infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\FindyKill\Tools\Kill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.
File C:\SDFix\backups\backups.zip infected by "Trojan.Win32.FraudPack.gsr" Virus. Action Taken: File Deleted.
File C:\SDFix\backups\catchme.zip infected by "Backdoor.Win32.UltimateDefender.a" Virus. Action Taken: File Renamed.
File C:\_OTMoveIt\MovedFiles\11062008_134356\WINDOWS\system32\TDSSxhyf.dll infected by "Trojan.Win32.Agent.akki" Virus. Action Taken: File Deleted.


Sinon, pour le cd, je vais essayer de le retrouver. Mais ne compte pas tout de suite dessus...
0
Réponse 62 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

__________________

encore des soucis????
0
Zarbibi49 Messages postés 72 Statut Membre
 
Après renseignement auprès de mon père, on n'a jamais eu de CD Windows avec le pc portable car il garde tout tout tout tout mon père.
Parcontre, il avait fait des CD de sauvegarde pour le pc portable, ça peut servir?


Sinon, voici le rapport de ToolsCleaner :

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\FindyKill.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Max\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\Max\Mes documents\SmitFraudfix: trouvé !
C:\Documents and Settings\Max\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Max\Bureau\OTMoveIt3.exe: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Max\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Max\Bureau\OTMoveIt3.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\Max\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Documents and Settings\Max\Mes documents\SmitFraudfix: supprimé !
C:\Program Files\FindyKill: supprimé !
0
Zarbibi49 Messages postés 72 Statut Membre
 
J'ai redémarré le pc pour voir et :

- toujours pas de possibilité de lancer internet (icone internet explorer / raccourcis bureau divers)
- les logiciels sont inutilisables.
0
Réponse 63 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Bonsoir à tous les deux

Depuis le début je suis ce topic ( sujet, donc ) ---> je constate que Combo a été utilisé( plusieurs fois ), mais ton helpeur, n'a pas su en tirer une synthèse => éditer un script, pour te désinfecter

Cordialement

Edite :19H27
81 postes quand même => Heummmm, !!! => posez vous les bonnes questions !!!!!!
0
Zarbibi49 Messages postés 72 Statut Membre
 
Si tu es si bon Evasion60/PCA je te suggère de nous éclairer afin que je puisse mettre "résolu" à mon problème!
Je n'attends que ça! Moi et jlpjlp serions très heureux que tu nous éclaires.
0
Réponse 64 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

si tu suis participe puisque tu a l'air de savoir...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt scan avec ceci:

1/
https://downloads.exterminate-it.com/install/ExterminateItSetup.exe

2/ trojan remover en version gratos 30 jours: et colle le rapport
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/12884.html
0
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Bonjour Jlpjlp

... J'aurais bien tenté de rentrer en profondeur dans cette machine, si tu es d'accord bien sûr :
Demande lui ceci à notre visiteur :
Télécharge DiagHelp.zip sur ton bureau(Merci Malekal)
http://www.malekal.com/download/DiagHelp.zip

Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
Un nouveau dossier chercher va être créé.
Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

Bonne réception

0
Réponse 66 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok bien sûr

pour diaghelp
0
Réponse 67 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
RE Jlpjlp
... Dès qu'il revient, propose lui le poste 84, et nous regarderons
Bonne réception
0
Zarbibi49 Messages postés 72 Statut Membre
 
Et 1 Trojan 1!!!!
J'ai d'abord entreprit de faire Exterminate-It,
Il m'a trouvé 29 "truc" :
- 27 tracking cookies.
- 1 rootkit.
- 1 trojan (Bifrost).
Parcontre, il faut prendre la version payante pour Exterminate? (je suppose)


Ensuite,
Trojan Remover : Le rapport

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 17:15:27 14 nov. 2008
Using Database v7198
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: FAT32
Data directory: C:\Documents and Settings\Max\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Max\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
17:15:27: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
17:15:27: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
17:15:27: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
17:15:27: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: preload
Value Data: C:\Windows\RUNXMLPL.exe
C:\Windows\RUNXMLPL.exe
32768 bytes
Created: 06/07/2005
Modified: 19/05/2005
Company: Wistron
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 06/07/2005
Modified: 23/01/2005
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 06/07/2005
Modified: 23/01/2005
Company: Intel Corporation
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
77824 bytes
Created: 06/07/2005
Modified: 15/04/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SynTPLpr
Value Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
102490 bytes
Created: 06/07/2005
Modified: 04/02/2005
Company: Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
708698 bytes
Created: 06/07/2005
Modified: 04/02/2005
Company: Synaptics, Inc.
--------------------
Value Name: EPM-DM
Value Data: c:\acer\epm\epm-dm.exe
c:\acer\epm\epm-dm.exe
192512 bytes
Created: 06/07/2005
Modified: 01/06/2005
Company: Acer Inc
--------------------
Value Name: ePowerManagement
Value Data: C:\Acer\ePM\ePM.exe boot
C:\Acer\ePM\ePM.exe
2893824 bytes
Created: 06/07/2005
Modified: 15/03/2005
Company: Acer Value Labs, Taiwan
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 06/07/2005
Modified: 05/08/2004
Company:
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 06/07/2005
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: LaunchAp
Value Data: "C:\Program Files\Launch Manager\LaunchAp.exe"
C:\Program Files\Launch Manager\LaunchAp.exe
32768 bytes
Created: 14/01/2006
Modified: 25/07/2005
Company:
--------------------
Value Name: LManager
Value Data: "C:\Program Files\Launch Manager\HotkeyApp.exe"
C:\Program Files\Launch Manager\HotkeyApp.exe
69632 bytes
Created: 14/01/2006
Modified: 06/06/2005
Company: Wistron
--------------------
Value Name: eRecoveryService
Value Data: C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
352256 bytes
Created: 14/01/2006
Modified: 29/06/2005
Company: acer Inc.
--------------------
Value Name: SpeedTouch USB Diagnostics
Value Data: "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
861184 bytes
Created: 14/01/2006
Modified: 06/06/2002
Company: THOMSON multimedia
--------------------
Value Name: AOLSAV
Value Data: C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
73728 bytes
Created: 14/01/2006
Modified: 15/03/2004
Company: TechCity Solutions France
--------------------
Value Name: AOLDialer
Value Data: C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
-R- 70952 bytes
Created: 21/06/2007
Modified: 21/06/2007
Company: AOL LLC
--------------------
Value Name: HostManager
Value Data: C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
50736 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: America Online, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
132496 bytes
Created: 15/10/2007
Modified: 25/09/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: RealTray
Value Data: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
C:\Program Files\Real\RealPlayer\RealPlay.exe
26112 bytes
Created: 14/01/2006
Modified: 14/01/2006
Company: RealNetworks, Inc.
--------------------
Value Name: BDMCon
Value Data: "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
290816 bytes
Created: 02/04/2007
Modified: 02/04/2007
Company: SOFTWIN S.R.L.
--------------------
Value Name: BDAgent
Value Data: "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
C:\Program Files\Softwin\BitDefender10\bdagent.exe
69632 bytes
Created: 26/03/2007
Modified: 26/03/2007
Company: SOFTWIN S.R.L.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 14/11/2008
Modified: 08/11/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Google Inc.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
17:15:30: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
17:15:30: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
17:15:30: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
17:15:30: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
----------
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
C:\WINDOWS\INF\wmp10.inf
34820 bytes
Created: 21/07/2007
Modified: 28/01/2005
Company:
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
----------
Key: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
102280 bytes
Created: 01/01/1980
Modified: 05/08/2004
Company:
----------

************************************************************
17:15:31: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 15/10/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
17:15:32: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp480n5
ImagePath: system32\DRIVERS\ABP480N5.SYS
C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23552 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: adpu160m
ImagePath: system32\DRIVERS\adpu160m.sys
C:\WINDOWS\system32\DRIVERS\adpu160m.sys
101888 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: agpCPQ
ImagePath: system32\DRIVERS\agpCPQ.sys
C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
44928 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: Aha154x
ImagePath: system32\DRIVERS\aha154x.sys
C:\WINDOWS\system32\DRIVERS\aha154x.sys
12800 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: aic78u2
ImagePath: system32\DRIVERS\aic78u2.sys
C:\WINDOWS\system32\DRIVERS\aic78u2.sys
55168 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: system32\DRIVERS\aic78xx.sys
C:\WINDOWS\system32\DRIVERS\aic78xx.sys
56960 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: alcan5ln
ImagePath: system32\DRIVERS\alcan5ln.sys
C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
36048 bytes
Created: 14/01/2006
Modified: 06/06/2002
Company: THOMSON multimedia
----------
Key: alcaudsl
ImagePath: system32\DRIVERS\alcaudsl.sys
C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
743136 bytes
Created: 14/01/2006
Modified: 06/06/2002
Company: THOMSON multimedia
----------
Key: alim1541
ImagePath: system32\DRIVERS\alim1541.sys
C:\WINDOWS\system32\DRIVERS\alim1541.sys
42752 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: amdagp
ImagePath: system32\DRIVERS\amdagp.sys
C:\WINDOWS\system32\DRIVERS\amdagp.sys
43008 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Advanced Micro Devices, Inc.
----------
Key: amsint
ImagePath: system32\DRIVERS\amsint.sys
C:\WINDOWS\system32\DRIVERS\amsint.sys
12032 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: anbmService
ImagePath: C:\Acer\eManager\anbmServ.exe
C:\Acer\eManager\anbmServ.exe
1273344 bytes
Created: 06/06/2005
Modified: 06/06/2005
Company: OSA Technologies Inc.
----------
Key: AOL ACS
ImagePath: C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
-R- 46640 bytes
Created: 23/10/2006
Modified: 23/10/2006
Company: AOL LLC
----------
Key: asc
ImagePath: system32\DRIVERS\asc.sys
C:\WINDOWS\system32\DRIVERS\asc.sys
26496 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Advanced System Products, Inc.
----------
Key: asc3350p
ImagePath: system32\DRIVERS\asc3350p.sys
C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22400 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: asc3550
ImagePath: system32\DRIVERS\asc3550.sys
C:\WINDOWS\system32\DRIVERS\asc3550.sys
14848 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Advanced System Products, Inc.
----------
Key: BCMNTIO
ImagePath: \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys
C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [file not found to scan]
----------
Key: bdfdll
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
C:\Program Files\Softwin\BitDefender10\bdfdll.sys [file not found to scan]
----------
Key: BDFsDrv
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [file not found to scan]
----------
Key: BDRsDrv
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [file not found to scan]
----------
Key: bdss
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
81920 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company:
----------
Key: catchme
ImagePath: \??\C:\ComboFix2\catchme.sys - this file is globally excluded
----------
Key: cbidf
ImagePath: system32\DRIVERS\cbidf2k.sys
C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13952 bytes
Created: 17/08/2001
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: cd20xrnt
ImagePath: system32\DRIVERS\cd20xrnt.sys
C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
7680 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: CmdIde
ImagePath: system32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\DRIVERS\cmdide.sys
6656 bytes
Created: 15/10/2004
Modified: 23/08/2001
Company: CMD Technology, Inc.
----------
Key: comHost
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe [file not found to scan]
----------
Key: Cpqarray
ImagePath: system32\DRIVERS\cpqarray.sys
C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14976 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: dac2w2k
ImagePath: system32\DRIVERS\dac2w2k.sys
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
179584 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Mylex Corporation
----------
Key: dac960nt
ImagePath: system32\DRIVERS\dac960nt.sys
C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14720 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: dpti2o
ImagePath: system32\DRIVERS\dpti2o.sys
C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20192 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys [file not found to scan]
----------
Key: EpmPsd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-psd.sys
C:\WINDOWS\system32\drivers\epm-psd.sys
4096 bytes
Created: 06/07/2005
Modified: 19/07/2004
Company: Acer Value Labs, USA
----------
Key: EpmShd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-shd.sys
C:\WINDOWS\system32\drivers\epm-shd.sys
78208 bytes
Created: 06/07/2005
Modified: 07/04/2005
Company: Acer Value Labs, USA
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [file not found to scan]
----------
Key: gagp30kx
ImagePath: system32\DRIVERS\gagp30kx.sys
C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
46464 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [file not found to scan]
----------
Key: hpn
ImagePath: system32\DRIVERS\hpn.sys
C:\WINDOWS\system32\DRIVERS\hpn.sys
25952 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 06/07/2005
Modified: 15/12/2004
Company: Conexant Systems, Inc.
----------
Key: i2omp
ImagePath: system32\DRIVERS\i2omp.sys
C:\WINDOWS\system32\DRIVERS\i2omp.sys
18560 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
804317 bytes
Created: 06/07/2005
Modified: 23/01/2005
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: ini910u
ImagePath: system32\DRIVERS\ini910u.sys
C:\WINDOWS\system32\DRIVERS\ini910u.sys
16000 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: int15.sys
ImagePath: \??\C:\Program Files\Acer\eRecovery\int15.sys
C:\Program Files\Acer\eRecovery\int15.sys [file not found to scan]
----------
Key: LIVESRV
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
278528 bytes
Created: 22/10/2007
Modified: 11/11/2008
Company: SOFTWIN S.R.L.
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [file not found to scan]
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [file not found to scan]
----------
Key: MAPMEM
ImagePath: \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys
C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys [file not found to scan]
----------
Key: mraid35x
ImagePath: system32\DRIVERS\mraid35x.sys
C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17280 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: American Megatrends Inc.
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081023.003\NAVENG.SYS
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081023.003\NAVENG.SYS
89104 bytes
Created: 23/10/2008
Modified: 20/08/2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081023.003\NAVEX15.SYS
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081023.003\NAVEX15.SYS
873552 bytes
Created: 23/10/2008
Modified: 20/08/2008
Company: Symantec Corporation
----------
Key: NSCIRDA
ImagePath: system32\DRIVERS\nscirda.sys
C:\WINDOWS\system32\DRIVERS\nscirda.sys
28672 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: National Semiconductor Corporation
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 06/07/2005
Modified: 14/01/2006
Company: NewTech Infosystems, Inc.
----------
Key: osaio
ImagePath: \??\C:\WINDOWS\system32\drivers\osaio.sys
C:\WINDOWS\system32\drivers\osaio.sys
8704 bytes
Created: 14/01/2006
Modified: 04/03/2005
Company: Avocent/OSA Technologies Inc.
----------
Key: osanbm
ImagePath: \??\C:\WINDOWS\system32\drivers\osanbm.sys
C:\WINDOWS\system32\drivers\osanbm.sys
4010 bytes
Created: 14/01/2006
Modified: 14/01/2005
Company: Windows (R) 2000 DDK provider
----------
Key: perc2
ImagePath: system32\DRIVERS\perc2.sys
C:\WINDOWS\system32\DRIVERS\perc2.sys
27296 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: perc2hib
ImagePath: system32\DRIVERS\perc2hib.sys
C:\WINDOWS\system32\DRIVERS\perc2hib.sys
5504 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 06/07/2005
Modified: 05/12/2003
Company: Padus, Inc.
----------
Key: Planificateur LiveUpdate automatique
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [file not found to scan]
----------
Key: POWERKEY
ImagePath: \??\C:\Program Files\Launch Manager\POWERKEY.sys
C:\Program Files\Launch Manager\POWERKEY.sys [file not found to scan]
----------
Key: ql1080
ImagePath: system32\DRIVERS\ql1080.sys
C:\WINDOWS\system32\DRIVERS\ql1080.sys
40320 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: Ql10wnt
ImagePath: system32\DRIVERS\ql10wnt.sys
C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
33152 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ql12160
ImagePath: system32\DRIVERS\ql12160.sys
C:\WINDOWS\system32\DRIVERS\ql12160.sys
45312 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: ql1240
ImagePath: system32\DRIVERS\ql1240.sys
C:\WINDOWS\system32\DRIVERS\ql1240.sys
40448 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ql1280
ImagePath: system32\DRIVERS\ql1280.sys
C:\WINDOWS\system32\DRIVERS\ql1280.sys
49024 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: QLogic Corporation
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtlnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
70912 bytes
Created: 06/07/2005
Modified: 02/12/2004
Company: Realtek Semiconductor Corporation
----------
Key: se44bus
ImagePath: system32\DRIVERS\se44bus.sys
C:\WINDOWS\system32\DRIVERS\se44bus.sys
-R- 61536 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: se44mdfl
ImagePath: system32\DRIVERS\se44mdfl.sys
C:\WINDOWS\system32\DRIVERS\se44mdfl.sys
-R- 9360 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: se44mdm
ImagePath: system32\DRIVERS\se44mdm.sys
C:\WINDOWS\system32\DRIVERS\se44mdm.sys
-R- 97088 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: se44mgmt
ImagePath: system32\DRIVERS\se44mgmt.sys
C:\WINDOWS\system32\DRIVERS\se44mgmt.sys
-R- 88624 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: se44nd5
ImagePath: system32\DRIVERS\se44nd5.sys
C:\WINDOWS\system32\DRIVERS\se44nd5.sys
-R- 18704 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: se44obex
ImagePath: system32\DRIVERS\se44obex.sys
C:\WINDOWS\system32\DRIVERS\se44obex.sys
-R- 86432 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: se44unic
ImagePath: system32\DRIVERS\se44unic.sys
C:\WINDOWS\system32\DRIVERS\se44unic.sys
-R- 90800 bytes
Created: 01/07/2007
Modified: 30/11/2006
Company: MCCI
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
40960 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Silicon Integrated Systems Corporation
----------
Key: Sparrow
ImagePath: system32\DRIVERS\sparrow.sys
C:\WINDOWS\system32\DRIVERS\sparrow.sys
19072 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Adaptec, Inc.
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys [file not found to scan]
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 30/11/2007
Modified: 30/11/2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 30/11/2007
Modified: 30/11/2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 30/11/2007
Modified: 30/11/2007
Company: Symantec Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{ECDE7233-FB90-483B-BECC-D60256BB2265}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [file not found to scan]
----------
Key: symc810
ImagePath: system32\DRIVERS\symc810.sys
C:\WINDOWS\system32\DRIVERS\symc810.sys
16256 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Symbios Logic Inc.
----------
Key: symc8xx
ImagePath: system32\DRIVERS\symc8xx.sys
C:\WINDOWS\system32\DRIVERS\symc8xx.sys
32640 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
12984 bytes
Created: 10/01/2007
Modified: 10/01/2007
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 14/10/2006
Modified: 17/06/2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
145976 bytes
Created: 10/01/2007
Modified: 10/01/2007
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
40120 bytes
Created: 10/01/2007
Modified: 10/01/2007
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20081023.001\SymIDSCo.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20081023.001\SymIDSCo.sys [file not found to scan]
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
35256 bytes
Created: 10/01/2007
Modified: 10/01/2007
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
27576 bytes
Created: 10/01/2007
Modified: 10/01/2007
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
191544 bytes
Created: 10/01/2007
Modified: 10/01/2007
Company: Symantec Corporation
----------
Key: sym_hi
ImagePath: system32\DRIVERS\sym_hi.sys
C:\WINDOWS\system32\DRIVERS\sym_hi.sys
28384 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: sym_u3
ImagePath: system32\DRIVERS\sym_u3.sys
C:\WINDOWS\system32\DRIVERS\sym_u3.sys
30688 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: LSI Logic
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
193216 bytes
Created: 06/07/2005
Modified: 04/02/2005
Company: Synaptics, Inc.
----------
Key: TosIde
ImagePath: system32\DRIVERS\toside.sys
C:\WINDOWS\system32\DRIVERS\toside.sys
4992 bytes
Created: 15/10/2004
Modified: 23/08/2001
Company: Microsoft Corporation
----------
Key: ultra
ImagePath: system32\DRIVERS\ultra.sys
C:\WINDOWS\system32\DRIVERS\ultra.sys
36736 bytes
Created: 15/10/2004
Modified: 17/08/2001
Company: Promise Technology, Inc.
----------
Key: usbser
ImagePath: system32\DRIVERS\usbser.sys
C:\WINDOWS\system32\DRIVERS\usbser.sys
26112 bytes
Created: 27/01/2006
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe [file not found to scan]
----------
Key: viaagp
ImagePath: system32\DRIVERS\viaagp.sys
C:\WINDOWS\system32\DRIVERS\viaagp.sys
42240 bytes
Created: 15/10/2004
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: VSSERV
ImagePath: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
C:\Program Files\Softwin\BitDefender10\vsserv.exe
462848 bytes
Created: 24/10/2007
Modified: 24/10/2007
Company: SOFTWIN S.R.L.
----------
Key: Wbutton
ImagePath: \SystemRoot\system32\drivers\Wbutton.sys
C:\WINDOWS\system32\drivers\Wbutton.sys [file not found to scan]
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
38528 bytes
Created: 28/01/2005
Modified: 18/10/2006
Company: Microsoft Corporation
----------
Key: XCOMM
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
86016 bytes
Created: 09/11/2006
Modified: 09/11/2006
Company: SOFTWIN S.R.L
----------

************************************************************
17:15:46: Scanning -----VXD ENTRIES-----

************************************************************
17:15:46: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 06/07/2005
Modified: 23/01/2005
Company: Intel Corporation
----------

************************************************************
17:15:47: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ShellExtension
CLSID: [empty]
----------
Key: {D653647D-D607-4df6-A5B8-48D2BA195F7B}
Path: C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
58368 bytes
Created: 15/05/2006
Modified: 15/05/2006
Company:
----------

************************************************************
17:15:47: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
17:15:47: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
17:15:47: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 01/01/1980
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
17:15:47: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
17:15:47: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
17:15:47: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
17:15:48: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
17:15:48: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 15/10/2004
Modified: 15/10/2004
Company:
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
28672 bytes
Created: 06/04/2003
Modified: 06/04/2003
Company: Hewlett-Packard
hpoddt01.exe.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
--------------------
AOL 9.0 Icône AOL.lnk - links to C:\Program Files\AOL 9.0\aoltray.exe [file not found to scan]
--------------------
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [file not found to scan]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
17:16:12: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
17:16:12: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
17:16:12: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Max\Mes documents\Mes images\fond noir.bmp
C:\Documents and Settings\Max\Mes documents\Mes images\fond noir.bmp
752694 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Mes documents\Mes images\fond noir.bmp
C:\Documents and Settings\Max\Mes documents\Mes images\fond noir.bmp
752694 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company:
----------
Additional checks completed

************************************************************
17:16:16: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Acer\eManager\anbmServ.exe - file already scanned
--------------------
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\wanmpsvc.exe
--------------------
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file already scanned
--------------------
C:\acer\epm\epm-dm.exe - file already scanned
--------------------
C:\Program Files\Launch Manager\LaunchAp.exe - file already scanned
--------------------
C:\Program Files\Launch Manager\HotkeyApp.exe - file already scanned
--------------------
C:\Program Files\Acer\eRecovery\Monitor.exe - file already scanned
--------------------
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe - file already scanned
--------------------
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Real\RealPlayer\RealPlay.exe - file already scanned
--------------------
C:\Program Files\Softwin\BitDefender10\bdmcon.exe - file already scanned
--------------------
C:\Program Files\Softwin\BitDefender10\bdagent.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe - file already scanned
--------------------
C:\Program Files\Softwin\BitDefender10\vsserv.exe - file already scanned
--------------------
C:\Program Files\Exterminate It!\ExterminateIt.exe
--------------------
C:\Documents and Settings\Max\Application Data\Simply Super Software\Trojan Remover\fve41.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
17:16:19: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
17:16:19: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 17:16:19 14 nov. 2008
Total Scan time: 00:00:52
************************************************************
0
Réponse 68 / 83
Zarbibi49 Messages postés 72 Statut Membre
 
Et enfin, le rapport de DiagHelp :

DiagHelp version v1.4 - http://www.malekal.com
excute le 14/11/2008 à 17:18:33,15

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->14/11/2008 17:18:26
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->14/11/2008 17:18:22
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->14/11/2008 17:17:50
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->14/11/2008 17:17:08
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf -->14/11/2008 17:16:32
C:\WINDOWS\prefetch\FVE41.EXE-3140DE72.pf -->14/11/2008 17:15:30
C:\WINDOWS\prefetch\SSCHK.EXE-023138FD.pf -->14/11/2008 17:15:28
C:\WINDOWS\prefetch\RMVTRJAN.EXE-03FEE826.pf -->14/11/2008 17:15:20
C:\WINDOWS\prefetch\TRUPD.EXE-1B3A63A9.pf -->14/11/2008 17:12:58
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf -->14/11/2008 17:12:42

C:\WINDOWS\System32\drivers\mrxsmb.sys -->24/10/2008 12:21:10
C:\WINDOWS\System32\drivers\srv.sys -->08/09/2008 12:41:42
C:\WINDOWS\System32\drivers\afd.sys -->14/08/2008 12:04:36
C:\WINDOWS\System32\drivers\beep.sys -->07/08/2008 15:27:24
C:\WINDOWS\System32\drivers\COH_Mon.sys -->30/07/2008 17:42:12
C:\WINDOWS\System32\drivers\COH_Mon.inf -->30/07/2008 17:28:04
C:\WINDOWS\System32\drivers\COH_Mon.cat -->30/07/2008 17:28:04

C:\WINDOWS\System32\bdod.bin -->14/11/2008 17:14:26
C:\WINDOWS\System32\bdss.log -->14/11/2008 16:54:20
C:\WINDOWS\System32\wpa.dbl -->14/11/2008 16:38:36
C:\WINDOWS\System32\eRLog.ini -->14/11/2008 16:38:34
C:\WINDOWS\System32\MRT.exe -->04/11/2008 01:10:26
C:\WINDOWS\System32\tmp.txt -->31/10/2008 13:43:22
C:\WINDOWS\System32\tmp.reg -->31/10/2008 13:43:22
C:\WINDOWS\System32\TDSScube.log -->28/10/2008 15:55:04
C:\WINDOWS\System32\FNTCACHE.DAT -->26/10/2008 23:35:18
C:\WINDOWS\System32\netapi32.dll -->15/10/2008 18:35:44
C:\WINDOWS\System32\o4Patch.exe -->10/10/2008 07:58:08
C:\WINDOWS\System32\IEDFix.C.exe -->10/10/2008 07:58:08
C:\WINDOWS\System32\ieframe.dll -->03/10/2008 19:12:28
C:\WINDOWS\System32\VACFix.exe -->01/10/2008 14:51:40
C:\WINDOWS\System32\msxml4.dll -->30/09/2008 16:43:34
C:\WINDOWS\System32\d3d8caps.dat -->28/09/2008 14:39:24
C:\WINDOWS\System32\win32k.sys -->15/09/2008 17:26:08
C:\WINDOWS\System32\msxml6.dll -->10/09/2008 02:15:16
C:\WINDOWS\System32\PerfStringBackup.INI -->09/09/2008 19:31:26
C:\WINDOWS\System32\perfh00C.dat -->09/09/2008 19:31:26
C:\WINDOWS\System32\perfc00C.dat -->09/09/2008 19:31:26
C:\WINDOWS\System32\perfh009.dat -->09/09/2008 19:31:26
C:\WINDOWS\System32\perfc009.dat -->09/09/2008 19:31:26
C:\WINDOWS\System32\spupdwxp.log -->09/09/2008 19:29:06
C:\WINDOWS\System32\AntiXPVSTFix.exe -->08/09/2008 22:38:56

C:\WINDOWS\ComponentList.xml -->14/11/2008 16:38:20
C:\WINDOWS\0.log -->14/11/2008 16:38:18
C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt -->14/11/2008 16:37:42
C:\WINDOWS\wiadebug.log -->14/11/2008 16:37:42
C:\WINDOWS\bootstat.dat -->14/11/2008 16:37:34
C:\WINDOWS\WindowsUpdate.log -->13/11/2008 17:46:14
C:\WINDOWS\SchedLgU.Txt -->13/11/2008 17:46:12
C:\WINDOWS\wiaservc.log -->13/11/2008 17:46:12
C:\WINDOWS\imsins.log -->13/11/2008 17:25:02
C:\WINDOWS\KB957097.log -->13/11/2008 17:25:02
C:\WINDOWS\setupapi.log -->13/11/2008 17:25:02
C:\WINDOWS\ocmsn.log -->13/11/2008 17:25:02
C:\WINDOWS\msgsocm.log -->13/11/2008 17:25:02
C:\WINDOWS\tsoc.log -->13/11/2008 17:25:02
C:\WINDOWS\ntdtcsetup.log -->13/11/2008 17:25:02

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
EXPLORER.EXE pid: 460
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16735 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16757 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16735 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x63000000 0x13000 7.13.0002.0000 C:\WINDOWS\system32\SynTPFcs.dll
0x442b0000 0x3c000 7.00.6000.16735 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x69270000 0x8d000 5.02.2600.5512 C:\WINDOWS\system32\fxsst.dll
0x61410000 0x72000 5.02.2600.5512 C:\WINDOWS\system32\FXSAPI.dll
0x01f70000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
0x01770000 0x12000 1.00.0000.0002 C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x03150000 0x3c000 3.00.0000.4020 C:\WINDOWS\system32\igfxpph.dll
0x02ec0000 0x1e000 3.00.0000.4020 C:\WINDOWS\system32\hccutils.DLL
0x085c0000 0x15000 10.00.0000.3802 C:\WINDOWS\system32\wmpshell.dll
0x03df0000 0x76000 1.00.0008.0046 C:\PROGRA~1\TROJAN~1\Trshlex.dll
0x10000000 0x2a000 3.00.0000.4020 C:\WINDOWS\system32\igfxres.dll
0x02fe0000 0x58000 3.00.0000.4020 C:\WINDOWS\system32\igfxsrvc.dll
0x039b0000 0x24000 3.00.0000.4020 C:\WINDOWS\system32\igfxdev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
WINLOGON.EXE pid: 412
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x013d0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est 1B71-12F5

Répertoire de C:\WINDOWS\system32

14/04/2008 04:34 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 25 634 799 616 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est 1B71-12F5

Répertoire de C:\WINDOWS\Downloaded Program Files

15/10/2004 11:59 <REP> .
15/10/2004 11:59 <REP> ..
15/10/2004 11:59 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
25/01/2006 12:43 367 LegitCheckControl.inf
11/06/2007 12:21 5 021 swflash.inf
4 fichier(s) 5 744 octets

Total des fichiers listés :
4 fichier(s) 5 744 octets
2 Rép(s) 25 634 799 616 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Autoconnect"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:module de connexion AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\1183809845\\EE\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1183809845\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[System]
"dontdisplaylastusername"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 17:18:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
388 - CSRSS.EXE
412 - WINLOGON.EXE
456 - SERVICES.EXE
460 - EXPLORER.EXE
468 - LSASS.EXE
576 - AOLSOFTWARE.EXE
616 - SVCHOST.EXE
660 - SVCHOST.EXE
696 - SVCHOST.EXE
720 - cmd.exe
736 - SVCHOST.EXE
872 - SVCHOST.EXE
892 - SYNTPLPR.EXE
896 - SYNTPENH.EXE
1112 - AOLAGENT.EXE
1184 - ANBMSERV.EXE
1204 - AOLACSD.EXE
1280 - HOTKEYAPP.EXE
1436 - XCOMMSVR.EXE
1480 - LIVESRV.EXE
1592 - DRAGDIAG.EXE
1696 - BDAGENT.EXE
1740 - REALPLAY.EXE
1776 - GOOGLETOOLBARNO
1792 - BDMCON.EXE
1824 - CTFMON.EXE
1960 - EPM-DM.EXE
2320 - ExterminateIt.e
2788 - BDSS.EXE
3108 - VSSERV.EXE

Total number of processes = 31
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806D0000 - \WINDOWS\system32\hal.dll
F89F4000 - \WINDOWS\system32\KDCOM.DLL
F8904000 - \WINDOWS\system32\BOOTVID.dll
F83C4000 - ACPI.sys
F89F6000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F83B3000 - pci.sys
F84F4000 - isapnp.sys
F8504000 - ohci1394.sys
F8514000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F8908000 - compbatt.sys
F890C000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F8ABC000 - pciide.sys
F8774000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F89F8000 - aliide.sys
F89FA000 - intelide.sys
F89FC000 - toside.sys
F8910000 - UBHelper.sys
F89FE000 - viaide.sys
F8A00000 - cmdide.sys
F8395000 - pcmcia.sys
F8524000 - MountMgr.sys
F8376000 - ftdisk.sys
F8914000 - ACPIEC.sys
F8ABD000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F877C000 - PartMgr.sys
F8534000 - VolSnap.sys
F8918000 - cpqarray.sys
F835E000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
F8346000 - atapi.sys
F891C000 - aha154x.sys
F8784000 - sparrow.sys
F8920000 - symc810.sys
F8544000 - aic78xx.sys
F8924000 - dac960nt.sys
F8554000 - ql10wnt.sys
F8928000 - amsint.sys
F878C000 - asc.sys
F892C000 - asc3550.sys
F8794000 - mraid35x.sys
F879C000 - i2omp.sys
F8930000 - ini910u.sys
F8564000 - ql1240.sys
F8574000 - aic78u2.sys
F87A4000 - symc8xx.sys
F87AC000 - sym_hi.sys
F87B4000 - sym_u3.sys
F87BC000 - ABP480N5.SYS
F87C4000 - asc3350p.sys
F8A02000 - cd20xrnt.sys
F8584000 - ultra.sys
F832D000 - adpu160m.sys
F87CC000 - dpti2o.sys
F8594000 - ql1080.sys
F85A4000 - ql1280.sys
F85B4000 - ql12160.sys
F87D4000 - perc2.sys
F8A04000 - perc2hib.sys
F87DC000 - hpn.sys
F8934000 - cbidf2k.sys
F8301000 - dac2w2k.sys
F85C4000 - disk.sys
F85D4000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F82E1000 - fltmgr.sys
F82CF000 - sr.sys
F87E4000 - PxHelp20.sys
F82AB000 - Fastfat.sys
F8294000 - KSecDD.sys
F8281000 - WudfPf.sys
F8254000 - NDIS.sys
F85E4000 - sisagp.sys
F85F4000 - viaagp.sys
F823A000 - Mup.sys
F8604000 - gagp30kx.sys
F8614000 - alim1541.sys
F8624000 - amdagp.sys
F8634000 - agp440.sys
F8644000 - agpCPQ.sys
F8664000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F89B4000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys
F7D70000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
F7D5C000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8834000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F7D38000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F883C000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F7CDD000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys
F7CCB000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
F7A95000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F7A71000 - \SystemRoot\system32\drivers\portcls.sys
F8674000 - \SystemRoot\system32\drivers\drmk.sys
F7A4E000 - \SystemRoot\system32\drivers\ks.sys
F7A1B000 - \SystemRoot\system32\DRIVERS\HSFHWICH.sys
F791D000 - \SystemRoot\system32\DRIVERS\HSF_DP.sys
F7871000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
F8844000 - \SystemRoot\System32\Drivers\Modem.SYS
F89B8000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F8684000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F884C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7841000 - \SystemRoot\system32\DRIVERS\SynTP.sys
F8A08000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F8854000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8694000 - \SystemRoot\system32\DRIVERS\imapi.sys
F89BC000 - \SystemRoot\system32\drivers\pfc.sys
F86A4000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F86B4000 - \SystemRoot\system32\DRIVERS\redbook.sys
F8A0A000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys
F89C0000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F7E9A000 - \SystemRoot\system32\DRIVERS\audstub.sys
F86C4000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F89C8000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F782A000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F86D4000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F86E4000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F885C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F7751000 - \SystemRoot\system32\DRIVERS\psched.sys
F86F4000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F8864000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F886C000 - \SystemRoot\system32\DRIVERS\raspti.sys
F8874000 - \SystemRoot\system32\DRIVERS\wanatw4.sys
F8704000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8A0C000 - \SystemRoot\system32\DRIVERS\swenum.sys
F76F3000 - \SystemRoot\system32\DRIVERS\update.sys
F89D8000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8714000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8734000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8166000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
F8A10000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7E6E000 - \SystemRoot\System32\Drivers\Null.SYS
F8A12000 - \SystemRoot\System32\Drivers\Beep.SYS
F8894000 - \SystemRoot\System32\drivers\vga.sys
F8A14000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8A16000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F889C000 - \SystemRoot\System32\Drivers\Msfs.SYS
F88A4000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8162000 - \SystemRoot\system32\DRIVERS\rasacd.sys
AAF65000 - \SystemRoot\system32\DRIVERS\ipsec.sys
AAF0C000 - \SystemRoot\system32\DRIVERS\tcpip.sys
AAEDE000 - \SystemRoot\System32\Drivers\SYMTDI.SYS
AAEB9000 - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
AAE93000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F8744000 - \SystemRoot\system32\DRIVERS\wanarp.sys
AAE6B000 - \SystemRoot\system32\DRIVERS\netbt.sys
AAE49000 - \SystemRoot\System32\drivers\afd.sys
F8754000 - \SystemRoot\system32\DRIVERS\netbios.sys
F822A000 - \SystemRoot\System32\Drivers\SRTSPX.SYS
AAE1E000 - \SystemRoot\system32\DRIVERS\rdbss.sys
AADAE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F8135000 - \SystemRoot\System32\Drivers\Hotkey.SYS
F821A000 - \SystemRoot\System32\Drivers\Fips.SYS
F81FA000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F88AC000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F8125000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F81EA000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F88B4000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F8121000 - \SystemRoot\system32\DRIVERS\mouhid.sys
AACCE000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8A18000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7776000 - \SystemRoot\System32\drivers\Dxapi.sys
F88BC000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7FEA000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E3000 - \SystemRoot\System32\ialmdnt5.dll
BF9D5000 - \SystemRoot\System32\ialmrnt5.dll
BFA02000 - \SystemRoot\System32\ialmdev5.DLL
BFA2E000 - \SystemRoot\System32\ialmdd5.DLL
AAB4A000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
AA8E1000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F8A4E000 - \SystemRoot\System32\Drivers\ASCTRM.SYS
F8C0D000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys
AA87D000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys
AA9E2000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
F88CC000 - \??\C:\WINDOWS\system32\drivers\osaio.sys
F7EBD000 - \??\C:\WINDOWS\system32\drivers\osanbm.sys
AAD06000 - \SystemRoot\system32\DRIVERS\secdrv.sys
AA803000 - \SystemRoot\system32\DRIVERS\srv.sys
AA406000 - \SystemRoot\system32\drivers\wdmaud.sys
AA96E000 - \SystemRoot\system32\drivers\sysaudio.sys
AA195000 - \SystemRoot\System32\Drivers\HTTP.sys
A9901000 - \SystemRoot\system32\drivers\kmixer.sys
F7FCD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 181

Liste des programmes installes

Acer eManager for Notebook
Acer eManager for Notebook
Acer ePowerManagement
Acer GridVista
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0 - Français
Adssite Games Collection
Alcatel SpeedTouch USB Software
AOL - Assistant de désinstallation
AOL Auto-diagnostic
AOL Coach Version 1.0(Build:20040229.1 fr)
AOL Toolbar
AOL Toolbar 4.0
AppCore
Apple Software Update
Arcade 3.0
Archiveur WinRAR
AutoUpdate
AV
Avanquest update
BitDefender Free Edition v10
ccCommon
CheckIt Diagnostics
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB952287)
DivX
DivX Player
Ecran de veille AOL Photos
Exterminate It!
FindyKill
GearDrvs
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hotfix for Windows Media Format 11 SDK (KB929399)
Intel(R) Graphics Media Accelerator Driver for Mobile
Java(TM) 6 Update 3
Launch Manager V1.0.8.8
Learn2 Player (Uninstall Only)
LimeWire 4.14.10
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional avec FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Motorola Phone Tools
Motorola Phone Tools
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
NTI Backup NOW! 4
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI CD & DVD-Maker Gold
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Picasa 2
PowerProducer
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
SoftV90 Data Fax Modem with SmartCP
SPBBC 32bit
SUPER © Version 2008.bld.24 (Jan 18, 2008)
SuppSoft
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
Trojan Remover 6.7.4
ubi.com
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est 1B71-12F5

Répertoire de C:\Program Files

15/10/2004 11:52 <REP> .
15/10/2004 11:52 <REP> ..
14/01/2006 22:29 <REP> acer
06/07/2005 20:04 <REP> Acer Inc
06/07/2005 20:03 <REP> Adobe
14/01/2006 18:28 <REP> Alcatel
03/06/2007 21:04 <REP> AOL
14/01/2006 18:31 <REP> AOL 9.0
14/01/2006 18:33 <REP> AOL Compagnon
14/01/2006 18:33 <REP> AOL Toolbar
30/06/2008 09:34 <REP> Apple Software Update
14/01/2006 22:29 <REP> Arcade
11/02/2006 21:34 <REP> Boonty
11/02/2006 21:24 <REP> BoontyGames
14/10/2006 14:10 <REP> CheckIt
06/07/2005 19:59 <REP> CONEXANT
06/07/2005 20:03 <REP> CyberLink
05/02/2006 18:09 <REP> DivX
19/08/2007 14:47 <REP> eMule
26/08/2008 23:45 <REP> eRightSoft
14/11/2008 16:51 <REP> Exterminate It!
15/10/2004 11:52 <REP> Fichiers communs
15/10/2007 13:33 <REP> Google
14/01/2006 16:30 <REP> Hewlett-Packard
25/02/2006 18:07 <REP> HP
04/05/2007 16:01 <REP> Infinite Loop
06/07/2005 19:51 <REP> Intel
15/10/2004 11:58 <REP> Internet Explorer
15/10/2007 13:22 <REP> Java
14/01/2006 22:29 <REP> Launch Manager
14/01/2006 18:33 <REP> Learn2.com
14/10/2007 00:31 <REP> LimeWire
27/01/2006 15:53 <REP> LiveUpdate
15/10/2004 11:57 <REP> Messenger
15/10/2004 12:01 <REP> microsoft frontpage
14/01/2006 22:33 <REP> Microsoft Office
12/01/2008 17:02 <REP> Motorola Phone Tools
15/10/2004 11:58 <REP> Movie Maker
15/10/2004 11:57 <REP> MSN
15/10/2004 11:57 <REP> MSN Gaming Zone
31/10/2007 14:50 <REP> MSN Messenger
03/06/2007 21:33 <REP> MSXML 4.0
15/10/2004 11:58 <REP> NetMeeting
06/07/2005 20:01 <REP> NewTech Infosystems
04/10/2007 21:56 <REP> Norton 360
14/10/2006 12:48 <REP> Norton SystemWorks
15/10/2004 11:58 <REP> Outlook Express
20/05/2006 20:27 <REP> Picasa2
30/06/2008 09:34 <REP> QuickTime
14/01/2006 18:32 <REP> Real
09/11/2008 19:54 <REP> Softwin
14/01/2006 16:42 <REP> Symantec
14/01/2006 18:47 <REP> SymNetDrv
06/07/2005 19:58 <REP> Synaptics
14/01/2006 18:30 <REP> TechCity Solutions
03/11/2008 10:09 <REP> trend micro
14/11/2008 17:12 <REP> Trojan Remover
21/02/2006 15:33 <REP> Ubi Soft
21/02/2006 15:36 <REP> ubi.com
07/09/2007 19:56 <REP> VideoLAN
14/01/2006 18:33 <REP> Viewpoint
05/02/2006 18:10 <REP> Webteh
15/10/2004 11:57 <REP> Windows Media Player
15/10/2004 11:57 <REP> Windows NT
22/02/2008 21:55 <REP> WinRAR
15/10/2004 12:01 <REP> xerox
0 fichier(s) 0 octets
66 Rép(s) 25 634 439 168 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est 1B71-12F5

Répertoire de C:\Program Files\fichiers communs

15/10/2004 11:52 <REP> .
15/10/2004 11:52 <REP> ..
15/10/2004 11:52 <REP> Microsoft Shared
15/10/2004 11:52 <REP> SpeechEngines
15/10/2004 11:58 <REP> System
15/10/2004 11:58 <REP> MSSoap
14/01/2006 16:42 <REP> Symantec Shared
14/01/2006 17:52 <REP> Adobe
14/01/2006 18:30 <REP> AOL
14/01/2006 18:32 <REP> Real
01/07/2007 20:48 <REP> Teleca Shared
09/11/2008 19:53 <REP> Softwin
0 fichier(s) 0 octets
12 Rép(s) 25 634 439 168 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est 1B71-12F5

Répertoire de C:\

12/10/2005 23:10 895 488 iview397.exe
1 fichier(s) 895 488 octets
0 Rép(s) 25 634 439 168 octets libres

c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5479_norton$20internet$20security$20ids$20signatures_2.0_english\IDSVerFx.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5479_norton$20internet$20security$20ids$20signatures_2.0_english\SNDWarn.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3252_symnet$20consumer_5.2.0_english\DlayUpdt.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3252_symnet$20consumer_5.2.0_english\Message.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\DlayUpdt.exe
c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\Message.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\xpsp2FRfix\cswitch.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\xpsp2FRfix\ipchecking.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\xpsp2FRfix\WindowsXP-KB885295-x86-fra.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\toolbar.exe
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\DifXInstall64.exe
c:\Documents and Settings\All Users\Documents\xiwesojaro.exe
c:\Documents and Settings\MECFE\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Max\Bureau\ComboFix.exe
c:\Documents and Settings\Max\Bureau\mwav.exe
c:\Documents and Settings\Max\Bureau\OTMoveIt3a.exe
c:\Documents and Settings\Max\Bureau\pca.exe
c:\Documents and Settings\Max\Bureau\Zeb-Restore.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Max\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Max\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Max\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\Max\Application Data\Simply Super Software\Trojan Remover\fve41.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\patch25.dll
c:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\TEMP\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\aoltbchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\instph.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_fr\4.0.11.1\utility.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\DIFxAPI.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64\GEARAspi.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64\GEARAspi64.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Max\Local Settings\Application Data\jusane.dll
c:\Documents and Settings\Max\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

****** Fin du rapport DiagHelp
0
Réponse 69 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Bonsoir
... Je suis sur ton rapport DiagHelp

Peux-tu nous poster un log HijackThis de ce soir / STP

A te lire, bonne réception
0
Zarbibi49 Messages postés 72 Statut Membre
 
Je fais ça de suite et je post.
0
Réponse 70 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Re, bien

-1- Désinstalle :
Adssite Games Collection (AdRotator.Adw)

-2- Télécharge OTMoveIt3 (de Old_Timer) sur ton bureau,
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour lancer le programme,
Copie la liste de fichiers ou de dossiers ci-dessous : ( en entier, STP )

CCM
:Files
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf
C:\WINDOWS\prefetch\FVE41.EXE-3140DE72.pf
C:\WINDOWS\prefetch\SSCHK.EXE-023138FD.pf
C:\WINDOWS\prefetch\RMVTRJAN.EXE-03FEE826.pf
C:\WINDOWS\prefetch\TRUPD.EXE-1B3A63A9.pf
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf
C:\WINDOWS\System32\bdss.log
C:\WINDOWS\System32\tmp.txt
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\TDSScube.log
C:\WINDOWS\System32\perfh00C.dat
C:\WINDOWS\System32\perfc00C.dat
C:\WINDOWS\System32\perfh009.dat
C:\WINDOWS\System32\perfc009.dat
C:\WINDOWS\System32\spupdwxp.log
C:\WINDOWS\0.log
C:\WINDOWS\wiadebug.log
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\wiaservc.log
C:\WINDOWS\imsins.log
C:\WINDOWS\KB957097.log
C:\WINDOWS\setupapi.log
C:\WINDOWS\ocmsn.log
C:\WINDOWS\tsoc.log
C:\WINDOWS\ntdtcsetup.log

et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :
Clique sur MoveIt! pour lancer la suppression,
Le résultat appraraîtra dans le cadre Results.
Clique sur Exit pour fermer le programme.
Poste le rapport qui est situé ici : C:\_OTMoveIt\MovedFiles
Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

-3- En attente d' un log neuf avec HijackThis

-4- Poste le rapport d' OTMoveIt3

A te lire, bonne réception

0
Zarbibi49 Messages postés 72 Statut Membre
 
Le rapport HiJackThis avant MoveIt3 :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:28, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Max\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Zarbibi49 Messages postés 72 Statut Membre > Zarbibi49 Messages postés 72 Statut Membre
 
Le rapport de OTMOVEIT3 (le CCM j'aurai pas du le mettre apparemment! ^^).

Error: Unable to interpret <CCM > in the current context!
========== FILES ==========
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\FVE41.EXE-3140DE72.pf moved successfully.
C:\WINDOWS\prefetch\SSCHK.EXE-023138FD.pf moved successfully.
C:\WINDOWS\prefetch\RMVTRJAN.EXE-03FEE826.pf moved successfully.
C:\WINDOWS\prefetch\TRUPD.EXE-1B3A63A9.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.
File move failed. C:\WINDOWS\System32\bdss.log scheduled to be moved on reboot.
C:\WINDOWS\System32\tmp.txt moved successfully.
C:\WINDOWS\System32\tmp.reg moved successfully.
C:\WINDOWS\System32\TDSScube.log moved successfully.
C:\WINDOWS\System32\perfh00C.dat moved successfully.
C:\WINDOWS\System32\perfc00C.dat moved successfully.
C:\WINDOWS\System32\perfh009.dat moved successfully.
C:\WINDOWS\System32\perfc009.dat moved successfully.
C:\WINDOWS\System32\spupdwxp.log moved successfully.
C:\WINDOWS\0.log moved successfully.
File move failed. C:\WINDOWS\wiadebug.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\WindowsUpdate.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\wiaservc.log scheduled to be moved on reboot.
C:\WINDOWS\imsins.log moved successfully.
C:\WINDOWS\KB957097.log moved successfully.
C:\WINDOWS\setupapi.log moved successfully.
C:\WINDOWS\ocmsn.log moved successfully.
C:\WINDOWS\tsoc.log moved successfully.
C:\WINDOWS\ntdtcsetup.log moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_201152

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\bdss.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\wiadebug.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\WindowsUpdate.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\wiaservc.log scheduled to be moved on reboot.
0
Zarbibi49 Messages postés 72 Statut Membre > Zarbibi49 Messages postés 72 Statut Membre
 
(A noter que quand j'ai voulu supprimer le programme que tu m'as dit de supprimer, le pc m'a dit qu'il y avait une erreur et que le programme était probablement déjç plus sur le pc).

Et un petit rapport hijackthis après MoveIt3.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:09, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Max\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 71 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Re

(A noter que quand j'ai voulu supprimer le programme que tu m'as dit de supprimer, le pc m'a dit qu'il y avait une erreur et que le programme était probablement déjç plus sur le pc).

...Non, il est dans cette machine ( utilise la fonction " recherche " en mode sans échec )
Adssite Games Collection

Nota :
Le rapport de OTMOVEIT3 (le CCM j'aurai pas du le mettre apparemment! ^^).

Si je t'ai demandé de le mettre, c'est qu'il y a une raison / OK !!!

... Nous continuons :
Deux antivirus déclarés sur ce PC ( jamais deux antivirus sur la même machine )
Aide toi d'un de ces liens pour supprimer proprement Norton :

Désinstaller Norton
http://speedweb1.free.fr/frames2.php?page=divers3
Suivre à la lettre la procédure

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl=

https://www.pcastuces.com/newsletter/adj/1630.htm

.... Déconnecte toi du Web
Ferme toutes les applications : IE, FireFox, Outlook
Lance HijackThis pour un " do a system scan only "
Coche à gauche les lignes ci dessous :

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1183809845\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe =
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Clique en bas sur " Fix checked "

... Rend toi ici, tu as un an 1/2 de retard en mises à jour Java/Sun :
Java Sun/MicroSystem
https://www.oracle.com/java/technologies/javase-downloads.html
1er lien...Java Runtime Environnement--->JRE:6u10--->Windows offline
25/10/08

Quand cela est fait, via " ajout/suppression de programmes ", désinstalle toutes les anciennes versions de Java/Sun, sauf celle de ce soir bien sûr !!!

... Reviens dans ta réponse avec un nouveau log HijackThis / STP
A te lire, B.R.

0
Zarbibi49 Messages postés 72 Statut Membre
 
On a toujours eu Norton et on l'a renouvellé récemment. J'étais pas au courant qu'il y avait 2 antivirus sur ce pc portable. Et j'aimerai garder Norton alors pourrais-tu me dire comment supprimer l'autre???
0
Zarbibi49 Messages postés 72 Statut Membre
 
Quand on a acheté ce pc portable c'est norton qui était offert pour 3 mois et depuis mon père l'a toujours renouvellé.
Donc je vois vraiment pas quelle pourrait être l'autre antivirus. Il est pas tombé du ciel! Et c'est pas moi qui l'y ait mit!
Mon père me certifie qu'il n'y en a qu'1!!!
Alors pourrais-tu me dire comment supprimer l'autre antivirus que tu as trouvé sur le pc portable dont tu a examiné les rapports.
Merci d'avance.
0
Réponse 72 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt a tous les deux

en passant pour les deux antivirus pas de souci , garde norton , pour le deuxieme bitdefender c'est la version gratuite que l'on a utilisé ici (donc sans protection en temps reel) pour faire une analyse avec un autre antivirus que norton car tu ne pouvais aller sur le net

http://www.commentcamarche.net/forum/affich 9173289 pb your computer is infected antispyware?page=3#55

tu peux desormais desinstaller bitdefender free
0
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Re, Oui, oui Jlpjlp

=> j'ai vu que les Services installés avec BitDefender // Merci de cette remarque ;))
De toute façon, il faut quand même le désinstaller , et garder Norton bien sûr, puisque licence payée

A demain, bonne nuit
0
Zarbibi49 Messages postés 72 Statut Membre > evasion60/PCA Messages postés 827 Statut Contributeur sécurité
 
Donc, en bref je fais tout ce que tu m'as dit précédemment sauf retirer Norton, et je désinstalle BitDefender?
0
Réponse 73 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
Bonjour

... Oui, tu gardres Norton, et du désinstalles BitDefender , car ces Services tournent

Bon appétit, et à te lire
0
Zarbibi49 Messages postés 72 Statut Membre
 
Je viens de Fix Checked les 13 trucs dans la liste de HiJackThis que tu m'as dit et j'ai cliqué oui.

Parcontre j'ai téléchargé le fichier JNPL pour mettre à jour javaSun mais lorsque je clique dessus (j'ai enregistré le fichier sur ma clé usb pour faire la navette car j'ai pas accès à internet (pas d'internet explorer et raccourcis non vailde) même si je suis bien connecté wifi.
Et quand je clique sur ce fichier de JavaSun que j'ai obtenu il m'ouvre l'assistant "Ouvrir avec" pour que je choisisse le logiciel avec lequel je dois l'ouvrir. Je fais quoi?

(Merci pour bon app, là je vais manger, en espérant te lire à mon retour, je ferai le log hijackthis une fois que j'aurai ta réponse pour java sun).
Merci.
0
Réponse 74 / 83
evasion60/PCA Messages postés 827 Statut Contributeur sécurité 92
 
RE
... C'est pas ce que j'ai demandé :
Parcontre j'ai téléchargé le fichier JNPL pour mettre à jour javaSun mais lorsque je clique dessus

... C'est JRE 6u10
Plateforme => Windows
Langage => Multilange
Cliquer sur " agréer "

A te lire

Edité : 16H05

(j'ai enregistré le fichier sur ma clé usb pour faire la navette car j'ai pas accès à internet (pas d'internet explorer et raccourcis non vailde) même si je suis bien connecté wifi.


... Sur le PC en panne pas de connecrion Web ?
0
Zarbibi49 Messages postés 72 Statut Membre
 
J'ai refait pour JRE 6 U 10 (bref) et ait récupéré le doc .exe
Je vais essayer avec ça sur le pc portable.


Comme je l'ai écrit dans plusieurs posts précédents,
la connexion internet s'établie grâce au Wifi sur l'ordinateur portable "en panne" suite au virus.
Dès lors qu'il y a eu le virus, tous les raccourcis se sont retrouvés affublé du message (fenêtre grise avec croix blanche sur fond rond rouge) :
[ http://www. .......... .fr/ n'est pas une application Win32 valide ].

Et, par ailleurs, plus aucune trace d'Internet Explorer sur le pc, ni dans le menu démarrer et dans les programmes, ni dans les raccourcis bureaux.

Donc, il y a bien une connexion internet de disponible, cependant, je ne peux y accéder.
0
Réponse 75 / 83
Zarbibi49 Messages postés 72 Statut Membre
 
Je viens d'installer la dernière MAJ de JavaSun, cependant lorsque je veux supprimer la précédente version "Java(TM) 6 Update 3", il me veut pas.

Sinon je m'occupe de suite de Elibagle.
0
Réponse 76 / 83
Zarbibi49 Messages postés 72 Statut Membre
 
En cours d’analyse elibagle

Acceso denegado a la carpeta :
C:\Program Files\Fichiers communs\Real\Codecs\u┘¦@Ù"ǹ.&u┘ (176)

Puis le même message pour un autre «real »

Puis plusieurs pour Teleca Shared avec les chiffres suivants à la fin des lignes (183)
(113)
(244)
(54)
(181)
Etc… Il y en a encore des dizaines… et pour d’autres « program » (?) Real Player

J'ai préféré noter au cas ou cela aurait de l'importance mais bon après comme il y en avait trop...

Voici le rapport :

Sun Nov 16 15:53:43 2008
EliBagle v11.96 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Nov 16 15:53:50 2008
EliBagle v11.96 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4758
Nº Total de Ficheros: 55603
Nº de Ficheros Analizados: 10940
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
Réponse 77 / 83
Zarbibi49 Messages postés 72 Statut Membre
 
1 - J'ai à chaque fois que j'allume le pc portable et une fois que ma session windows est ouverte, de temps en temps, un triangle jaune avec point d'exclamation qui me dit que tel ou tel fichier .exe est endommagé :
"Le fichier ou le répertoire .................... est endommagé ou illisible. Exécutez l'utilitaire CHKDSK.

2 - J'ai une fenêtre d'analyse de Trojan Remover qui s'ouvre à chaque ouverture de session, je pourrais m'en "passer" une fois mon problème de virus résolu?

3 - jlpjlp, voici le rapport FindyKill :

----------------- FindyKill V4.700 ------------------

* User : Max - BALADEUR
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 16:12:38 le 16/11/2008
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\AOL\1183809845\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [16/11/2008 16:06] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\Prefetch\SSPATCH.EXE-0629F9D6.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\Max\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\Max\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\Max\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
preload REG_SZ C:\Windows\RUNXMLPL.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
EPM-DM REG_SZ c:\acer\epm\epm-dm.exe
ePowerManagement REG_SZ C:\Acer\ePM\ePM.exe boot
LaunchAp REG_SZ "C:\Program Files\Launch Manager\LaunchAp.exe"
LManager REG_SZ "C:\Program Files\Launch Manager\HotkeyApp.exe"
eRecoveryService REG_SZ C:\Program Files\Acer\eRecovery\Monitor.exe
SpeedTouch USB Diagnostics REG_SZ "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
AOLDialer REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
BDMCon REG_SZ "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
BDAgent REG_SZ "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

G: - Lecteur amovible

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------
0
Réponse 78 / 83
zarbibi49
 
J'ai fais une recherche rapide sur gromozon et suis tombé sur ça :
http://xp.net.free.fr/articles/gromozon.php
Si ça peut aider lol! Enfin je délire là comme vous êtes 1000 fois plus calé que moi sur le sujet... Dsl...
0
Réponse 79 / 83
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
reslt a tous les deux findykill a trouvé des infections : fais ceci:

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0
Réponse 80 / 83
Zarbibi49 Messages postés 72 Statut Membre
 
LE RAPPORT OTMOVEIT3 :

Error: Unable to interpret <CCM > in the current context!
========== FILES ==========
File/Folder C:\Program Files\Fichiers communs\Real\Codecs\ 269942784 bytes not found.
File/Folder C:\Program Files\Fichiers communs\Real\Codecs\uà not found.
File/Folder C:\Program Files\Fichiers communs\Real\Codecs\ïÄ 1975582720 bytes not found.
File/Folder C:\Program Files\Fichiers communs\Real\Codecs\8Tuë. not found.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11172008_104340
0