Sujet Précédent Sujet Suivant

Trojan keylogger.win32.fang

Résolu/Fermé
Immlin Messages postés 10 Date d'inscription mercredi 24 octobre 2007 Statut Membre Dernière intervention 2 juin 2009 - 31 oct. 2008 à 18:13
Immlin Messages postés 10 Date d'inscription mercredi 24 octobre 2007 Statut Membre Dernière intervention 2 juin 2009 - 1 nov. 2008 à 13:58
Bonjour,


le trojan keylogger.win32.fang est detecté sur mon ordi par le firewall de windows.
j'ai fais une analyse avec mon antivirus F-secure, mais rien n'y fais.

Si sa peut vous aidez je vous soumez le rapport de hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:53, on 31.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Bluewin Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Bluewin Security\Common\FSMA32.EXE
C:\Program Files\Bluewin Security\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluewin Security\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Bluewin Security\Anti-Virus\fsqh.exe
C:\Program Files\Bluewin Security\Common\FAMEH32.EXE
C:\Program Files\Bluewin Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bluewin Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
C:\Program Files\Bluewin Security\Anti-Virus\fssm32.exe
C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsus.exe
C:\Program Files\Bluewin Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\Bureau\HJT\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {5c6fd1d9-3f66-1168-b324-a0827c6be140} - {041eb6c7-280a-423b-8611-66f39d1df6c5} - C:\WINDOWS\system32\bkhjvq.dll
O2 - BHO: (no name) - {19C431CF-28DD-4E15-96C7-44DADB4A31CF} - C:\WINDOWS\system32\yayYOhhH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D} - C:\WINDOWS\system32\nnnLDsTJ.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bluewin Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [841c9af9] rundll32.exe "C:\WINDOWS\system32\eccnvxqh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [wixpo] "C:\Documents and Settings\Admin\Application Data\Google\mupd1_2_645698.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: bkhjvq.dll
O20 - Winlogon Notify: nnnLDsTJ - C:\WINDOWS\SYSTEM32\nnnLDsTJ.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Bluewin Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

6 réponses

Réponse 1 / 6
Utilisateur anonyme
31 oct. 2008 à 22:22
Télécharge http://downloads.andymanchesta.com/RemovalTools/SDFix.exe SDFix] (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix pour t'aider :

-Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
[*]Redémarre ton ordinateur
[*]Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
[*]A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
[*]Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
[*]Choisis ton compte.
Déroule la liste des instructions ci-dessous :
[*]Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
[*]Appuie sur Y pour commencer le processus de nettoyage.
[*]Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
[*]Appuie sur une touche pour redémarrer le PC.
[*]Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
[*]Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
[*]Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
[*]Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
[*]Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !



2
Réponse 2 / 6
Utilisateur anonyme
31 oct. 2008 à 18:15
Slt,

-Désactive les logiciels de protection (Antivirus, Antispywares) puis :

-Télécharge Combofix sUBs : [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe[/url]
et sauvegarde le sur ton bureau et pas ailleurs!

-Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-Copie/colle un nouveau rapport HiJackThis avec.





0
Réponse 3 / 6
Immlin Messages postés 10 Date d'inscription mercredi 24 octobre 2007 Statut Membre Dernière intervention 2 juin 2009
31 oct. 2008 à 18:51
Merci à toi de m'avoir répondu aussi vite voila le rapport de Combofix :

ComboFix 08-10-30.13 - Admin 2008-10-31 18:25:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.595 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\Google\mupd1_2_645698.exe
C:\Documents and Settings\Admin\Application Data\inst.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bkhjvq.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\eccnvxqh.dll
C:\WINDOWS\system32\HhhOYyay.ini
C:\WINDOWS\system32\HhhOYyay.ini2
C:\WINDOWS\system32\hqxvncce.ini
C:\WINDOWS\system32\nnnLDsTJ.dll
C:\WINDOWS\system32\tuvTjiJB.dll
C:\WINDOWS\system32\ujeqceiw.dll
C:\WINDOWS\system32\winhld32.dll
C:\WINDOWS\system32\yayYOhhH.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 ))))))))))))))))))))))))))))))))))))
.

2008-10-31 17:45 . 2008-10-31 18:09 <REP> d-------- C:\Lop SD
2008-10-31 17:28 . 2008-10-31 17:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-24 12:17 . 2008-10-24 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-23 12:40 . 2008-10-23 12:40 <REP> d-------- C:\Logs
2008-10-22 17:45 . 2008-10-22 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-22 17:45 . 2008-10-22 17:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-19 14:49 . 2008-10-19 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\ma-config.com
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-10-18 17:19 . 2008-10-18 17:22 <REP> d-------- C:\prefesh
2008-10-11 19:13 . 2008-10-11 19:14 <REP> d-------- C:\Documents and Settings\Admin\Application Data\FLV Extract
2008-10-11 19:09 . 2008-10-11 19:11 <REP> d-------- C:\Documents and Settings\Admin\Application Data\FMZilla
2008-10-11 19:07 . 2008-10-25 15:16 <REP> d-------- C:\Program Files\Free Music Zilla
2008-10-03 10:54 . 2008-10-03 10:54 0 --a------ C:\WINDOWS\pcfriend.INI
2008-09-16 16:58 . 2007-03-01 12:38 1,417,216 --a------ C:\WINDOWS\system32\iSED.dll
2008-09-16 16:58 . 1998-06-18 09:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-09-16 16:58 . 2008-02-11 15:19 7,477 --a------ C:\WINDOWS\system32\novam5.ctm
2008-09-11 07:53 . 2008-09-30 19:06 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 13:41 --------- d-----w C:\Program Files\DivX
2008-10-31 13:18 --------- d-----w C:\Documents and Settings\Admin\Application Data\ALLCapture
2008-10-31 13:18 --------- d-----w C:\Documents and Settings\Admin\Application Data\Ahead
2008-10-31 13:18 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-10-31 13:18 --------- d-----w C:\Documents and Settings\Admin\Application Data\.BitZip
2008-10-29 20:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-29 20:07 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-25 12:44 --------- d-----w C:\Program Files\Steam
2008-10-22 16:38 --------- d-----w C:\Program Files\Bluewin Security
2008-10-18 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-15 11:57 --------- d-----w C:\Program Files\Warcraft III
2008-10-13 13:57 --------- d-----w C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
2008-10-11 19:05 24 ----a-w C:\Documents and Settings\Admin\jagex_runescape_preferences.dat
2008-10-03 09:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-09-26 18:44 --------- d-----w C:\Program Files\Quake III Arena
2008-09-19 21:55 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:37 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 20:08 2,829 -c--a-w C:\WINDOWS\War3Unin.pif
2008-08-05 20:08 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-09 18:58 13 -c-h--w C:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
2007-10-19 18:36 357 -c--a-w C:\Documents and Settings\Admin\.cb_layout.bin
2007-08-06 15:02 47,360 -c--a-w C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2007-08-09 12:08 8,784 -c--a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 -c--a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"F-Secure Manager"="C:\Program Files\Bluewin Security\Common\FSM32.EXE" [2007-06-01 183208]
"F-Secure TNB"="C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" [2007-06-01 740208]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=bkhjvq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.l3radius"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 09:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 17:34 1410296 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a--c--- 2005-10-27 16:01 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 17:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LMIMaint"=2 (0x2)
"LogMeIn"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\steamapps\\bustty@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Empire Earth\\Empire Earth.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Documents and Settings\\Admin\\Bureau\\Bureau\\quake 3\\quake3.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"D:\\World of Warcraft\\WoW-1.12.0-deDE-downloader.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"19378:TCP"= 19378:TCP:BitComet 19378 TCP
"19378:UDP"= 19378:UDP:BitComet 19378 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 51072]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Bluewin Security\HIPS\fshs.sys [2008-02-13 41184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Bluewin Security\Anti-Virus\minifilter\fsgk.sys [2007-05-28 59760]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [ ]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [2007-05-03 153925]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-22 29184]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 PsSdk31;PsSdk31;C:\WINDOWS\system32\Drivers\pssdk31.drv [2008-08-05 30272]
S3 PsSdkLBF;PsSdkLBF;C:\WINDOWS\system32\Drivers\pssdklbf.drv [2008-08-05 37440]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Bluewin Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-28 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Bluewin Security\Anti-Virus\Win2K\FSrec.sys [2007-05-28 25456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2057f986-b432-11db-92c3-00d041a5e1b5}]
\Shell\AutoRun\command - L:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe
.
Contenu du dossier 'Tâches planifiées'

2007-01-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-10-31 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\BLUEWI~1\ANTI-V~1\fsav.exe [2007-05-25 18:11]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{041eb6c7-280a-423b-8611-66f39d1df6c5} - C:\WINDOWS\system32\bkhjvq.dll
BHO-{19C431CF-28DD-4E15-96C7-44DADB4A31CF} - C:\WINDOWS\system32\yayYOhhH.dll
BHO-{8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D} - C:\WINDOWS\system32\nnnLDsTJ.dll
HKCU-Run-wixpo - C:\Documents and Settings\Admin\Application Data\Google\mupd1_2_645698.exe
HKLM-Run-841c9af9 - C:\WINDOWS\system32\eccnvxqh.dll
ShellExecuteHooks-{8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D} - C:\WINDOWS\system32\nnnLDsTJ.dll
Notify-WgaLogon - (no file)
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-LogMeIn GUI - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1aje80yy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ch/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 18:32:43
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\pssdklbf.drv"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Bluewin Security\Anti-Virus\fsgk32.exe
C:\Program Files\Bluewin Security\Common\FSMA32.EXE
C:\Program Files\Bluewin Security\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\BLUEWI~1\Common\FSM32.EXE
C:\Program Files\Bluewin Security\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Bluewin Security\Common\FAMEH32.EXE
C:\Program Files\Bluewin Security\Anti-Virus\fsqh.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\BLUEWI~1\FSGUI\fsguidll.exe
C:\Program Files\Bluewin Security\Anti-Virus\fssm32.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
C:\Program Files\Bluewin Security\FWES\program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsus.exe
.
**************************************************************************
.
Heure de fin: 2008-10-31 18:45:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-31 17:45:25

Avant-CF: 371'822'592 octets libres
Après-CF: 493,891,584 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

282 --- E O F --- 2008-10-26 07:36:29




Et celui de hijackthis :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:52, on 31.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Bluewin Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Bluewin Security\Common\FSMA32.EXE
C:\Program Files\Bluewin Security\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Bluewin Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bluewin Security\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluewin Security\Common\FAMEH32.EXE
C:\Program Files\Bluewin Security\Anti-Virus\fsqh.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Bluewin Security\FSGUI\fsguidll.exe
C:\Program Files\Bluewin Security\Anti-Virus\fssm32.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Admin\Bureau\HJT\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bluewin Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: bkhjvq.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Bluewin Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 4 / 6
Utilisateur anonyme
31 oct. 2008 à 19:20
Ok, bon boulot,

-Télécharge MalwareByte's Anti-Malware sur ton Bureau-->http://www.malwarebytes.org/mbam/program/mbam-setup.exe

-Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

-Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.

-Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

-Afin de lancer la recherche, clic sur"Rechercher".

-Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le
rapport sur ton Bureau afin de le poster dans ta prochaine réponse.


REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.



0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Immlin Messages postés 10 Date d'inscription mercredi 24 octobre 2007 Statut Membre Dernière intervention 2 juin 2009
31 oct. 2008 à 21:36
Alors, le programme n'a rien trouvé
0
Réponse 6 / 6
Immlin Messages postés 10 Date d'inscription mercredi 24 octobre 2007 Statut Membre Dernière intervention 2 juin 2009
1 nov. 2008 à 13:58
Bonjour, voila tout d'abord le script de SDfix :




[b]SDFix: Version 1.238 [/b]
Run by Admin on 01.11.2008 at 13:25

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 13:47:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f2,82,03,40,9d,2c,42,ac,7f,c3,9f,f0,6e,6e,01,db,88,8a,16,49,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0f,87,c4,6a,f4,eb,f9,c4,63,24,78,7d,71,3d,a4,4c,51,..
"khjeh"=hex:60,c2,dc,b3,e2,5f,13,e9,ac,4a,a0,0a,af,0f,24,ae,3e,31,da,f0,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,22,5b,18,54,1f,a6,3e,c8,47,32,f1,12,c2,18,4c,26,25,37,e1,07,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f2,82,03,40,9d,2c,42,ac,7f,c3,9f,f0,6e,6e,01,db,88,8a,16,49,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0f,87,c4,6a,f4,eb,f9,c4,63,24,78,7d,71,3d,a4,4c,51,..
"khjeh"=hex:60,c2,dc,b3,e2,5f,13,e9,ac,4a,a0,0a,af,0f,24,ae,3e,31,da,f0,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,22,5b,18,54,1f,a6,3e,c8,47,32,f1,12,c2,18,4c,26,25,37,e1,07,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000163

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\steamapps\\bustty@hotmail.com\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\bustty@hotmail.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp:*:Enabled:Kazaa Lite"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"D:\\Empire Earth\\Empire Earth.exe"="D:\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Documents and Settings\\Admin\\Bureau\\Bureau\\quake 3\\quake3.exe"="C:\\Documents and Settings\\Admin\\Bureau\\Bureau\\quake 3\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Disabled:VLC media player"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:Logiciel de transfert de fichiers"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"="C:\\Program Files\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"D:\\World of Warcraft\\WoW-1.12.0-deDE-downloader.exe"="D:\\World of Warcraft\\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Documents and Settings\\Admin\\Bureau\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"="C:\\Documents and Settings\\Admin\\Bureau\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe:*:Enabled:jk2mp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 15 Mar 2007 5,355,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 9 Nov 2007 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\1ޝ13.sys"
Thu 1 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 21 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 11 Jun 2007 444 ...HR --- "C:\Documents and Settings\Admin\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]




Et celui de HiJackThis :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:21, on 01.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Bluewin Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Bluewin Security\Common\FSMA32.EXE
C:\Program Files\Bluewin Security\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Bluewin Security\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Bluewin Security\Anti-Virus\fsqh.exe
C:\Program Files\Bluewin Security\Common\FAMEH32.EXE
C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
C:\Program Files\Bluewin Security\Anti-Virus\fssm32.exe
C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
C:\Program Files\Bluewin Security\FSAUA\program\fsus.exe
C:\Program Files\Bluewin Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Bluewin Security\Common\FSM32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Bluewin Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Admin\Bureau\HJT\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bluewin Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: bkhjvq.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bluewin Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Bluewin Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses