Brochette de Bagle

PhilMan -
Utilisateur anonyme - 24 nov. 2008 à 22:40

Bonjour,
J'ai cliqué sur un "key_gen.exe"
Résultat : plus de viruscan et impossible de télécharger Antivirus et autres Hijackthis pour nettoyer
J'ai fini par savoir que je pouvais lancer Findykill.exe et je crois avoir trouvé des progs qualifiés de "Bagles"
J'ai lancé plusieurs fois en choix 1 : recherche et ci-joint mon rapport Findykill.txt
J'imagine que je pourrais lancer le choix 2 pour éradiquer les bestioles et retrouver une activité normale (en galère depuis ce matin), mais j'aimerai être certain que c'est le meilleur choix. Merci de votre aide...

----------------- FindyKill V4.705 ------------------

* User : Philman2 - NOM-EB85C523610
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 17:41:37 le 22/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\taskmgr.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\PC-Doctor 5 for Windows\pcdr5cuiw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\VSE850LML\VSE850LML\Setup.exe
C:\DOCUME~1\Philman2\LOCALS~1\Temp\McAfee VirusScan Enterprise 85\SetupVSE.Exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\mdelk.exe
Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\wintems.exe
Found ! [22/11/2008 17:38] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [10/05/2005 08:08] - C:\WINDOWS\system32\drivers\winfilse.exe

Afficher la suite

16 réponses

Réponse 1 / 16

Utilisateur anonyme

Hi,

Ton rapport n'est pas complet.

Alut.

Réponse 2 / 16

PhilMan

Merci Pour l'info Alors
:-(
que j'ai pas tout capté.. Je tente de faire mieux
@ tout'

Réponse 3 / 16

PhilMan

Je crois que cette fois c'est bon
Je devais sortir un peu trop tôt

----------------- FindyKill V4.705 ------------------

* User : Philman2 - NOM-EB85C523610
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 18:28:52 le 22/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\mdelk.exe
Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\wintems.exe
Found ! [22/11/2008 17:38] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [22/11/2008 16:37] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [10/05/2005 08:08] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [22/11/2008 16:39] - "C:\WINDOWS\system32\drivers\downld"
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1052218.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\105531.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1055562.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1066625.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1068890.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1092828.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\111625.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\112437.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1131656.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\118421.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1201078.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\1211671.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\124390.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\135312.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\137812.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\142828.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\154687.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\158250.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\161812.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\174453.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\194875.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\205734.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\212562.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\221390.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2356078.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2365140.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2374531.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2409140.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2448000.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2453703.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\250875.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\256609.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2566359.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\2578843.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\303968.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\331515.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\350046.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\372343.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\3891656.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\3892281.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\3902125.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\3910718.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\3944703.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\3948484.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\4028140.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\4037828.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\532515.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\533562.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\537781.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\541328.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\544406.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\546671.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\551828.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\558078.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\561734.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\562078.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\582859.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\594453.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\596421.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\616015.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\619281.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\672765.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\682906.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\724765.exe
Found ! [22/11/2008 16:39] - C:\WINDOWS\system32\drivers\downld\741250.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Philman2\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\Philman2\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5

Found ! [31/08/2007 16:40] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Found ! [07/09/2007 20:23] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [02/09/2008 14:14] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\2518088415_b64a43b11d[1].jpg
Found ! [22/11/2008 09:02] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\b64_2[1].jpg
Found ! [22/11/2008 09:33] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\b64_2[2].jpg
Found ! [22/11/2008 09:05] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\mxd[1].jpg
Found ! [22/11/2008 14:28] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DFDAOHUK\b64[1].jpg
Found ! [22/11/2008 09:01] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EJUMEHA5\b64[1].jpg
Found ! [22/11/2008 14:27] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\FYDQBFXO\b64_1[1].jpg
Found ! [25/08/2008 06:00] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\NV1J6QRZ\510MXDB7RTL._SL500_SS100_[1].jpg
Found ! [22/11/2008 14:29] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\T9I1J42K\b64_2[1].jpg
Found ! [22/11/2008 09:31] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_1[1].jpg
Found ! [22/11/2008 09:01] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_2[1].jpg
Found ! [22/11/2008 09:32] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[1].jpg
Found ! [22/11/2008 11:54] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[2].jpg
Found ! [22/11/2008 14:28] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[3].jpg
Found ! [22/11/2008 09:01] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\b64_3[1].jpg
Found ! [22/11/2008 14:30] - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\mxd[1].jpg
Found ! [22/11/2008 12:57] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_2[1].jpg
Found ! [22/11/2008 12:56] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_3[1].jpg
Found ! [22/11/2008 14:46] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64[1].jpg
Found ! [22/11/2008 14:33] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[1].jpg
Found ! [22/11/2008 14:34] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[2].jpg
Found ! [22/11/2008 14:34] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_3[1].jpg
Found ! [22/11/2008 12:57] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64[1].jpg
Found ! [22/11/2008 14:46] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64_3[1].jpg
Found ! [22/11/2008 12:57] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\mxd[1].jpg
Found ! [22/11/2008 14:33] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_1[1].jpg
Found ! [22/11/2008 14:46] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_1[2].jpg
Found ! [22/11/2008 14:46] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_2[1].jpg
Found ! [22/11/2008 14:34] - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_3[1].jpg
Found ! [22/11/2008 16:37] - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_1[1].jpg
Found ! [22/11/2008 16:37] - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[1].jpg
Found ! [22/11/2008 16:37] - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_3[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Uninstall_CToolbar="C:\DOCUME~1\Philman2\LOCALS~1\Temp\CUninst.exe" "/remove"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

ToUcamVProperty=C:\Program Files\Philips ToUcam Camera\VProperty.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RTHDCPL=RTHDCPL.EXE
Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
PCMService="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
PCDrProfiler=
McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
HPHUPD08=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
HPBootOp="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
CloneCDTray="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1011\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1011\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1011\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1011\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1011\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

+- Contenu de l'autorun : D:\autorun.inf

[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

+- presence des fichiers :

Found ! [30/04/2004 06:01][---hs----] - D:\autorun.inf
Found ! [30/11/2004 03:01][---hs----] - D:\info.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d1bb552-5184-11dc-8a77-806d6172696f}\Shell\AutoRun\command

------------------- ! Fin du rapport ! --------------------

Réponse 4 / 16

Utilisateur anonyme

Hi,

Ce rapport de FindyKill est complet. L'infection Bagle s'attrape dans les cracks et keygens donc si tu en as, il faut les supprimer sinon l'infection se relancera.

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Alut.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 16

PhilMan

Merci Docteur
C parti
A tout'

Réponse 6 / 16

PhilMan

Voilà le Rapport Docteur après opérations de Choix 2

----------------- FindyKill V4.705 ------------------

* User : Philman2 - NOM-EB85C523610
* executed from : C:\Program Files\FindyKill
* Update on 17/11/08 par Chiquitine29
* Start at 18:54:43 the 22/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1052218.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\105531.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1055562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1066625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1068890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1092828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\111625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\112437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1131656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\118421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1201078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1211671.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\124390.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\135312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\137812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\142828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\154687.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\158250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\161812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\174453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\205734.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\221390.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2356078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2365140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2374531.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2409140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2448000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2453703.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\250875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\256609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2566359.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2578843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\303968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\331515.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\350046.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\372343.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3891656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3892281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3902125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3910718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3944703.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3948484.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4028140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4037828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\532515.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\533562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\537781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\541328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\544406.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\546671.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\551828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\558078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\561734.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\562078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\582859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\594453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\596421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\616015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\619281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\672765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\682906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\724765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\741250.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\Philman2\Application Data

»»»» Supression files in C:\DOCUME~1\Philman2\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{D57FAB4D-8069-43B9-B685-EB287BB64D4F}.jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\2518088415_b64a43b11d[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\mxd[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DFDAOHUK\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EJUMEHA5\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\FYDQBFXO\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\NV1J6QRZ\510MXDB7RTL._SL500_SS100_[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\T9I1J42K\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_3[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1011\Software\Local AppWizard-Generated Applications\winfilse

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

K: - Lecteur fixe

M: - Lecteur amovible

P: - Lecteur fixe

Q: - Lecteur amovible

+- deleting files :

Deleted ! - D:\autorun.inf
Deleted ! - D:\info.exe

--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command

--------------- [ Searching Cracks / Keygen ] ----------------

---------------- ! End of report ! ------------------

Réponse 7 / 16

Utilisateur anonyme

Hi,

télécharge hijackthis
-> enregistre la cible sous .... "le bureau"

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

->Tuto hijackthis(Merci à Balltrap34)

Alut;

Réponse 8 / 16

PhilMan

Voilà le rapport que j'ai lancé juste après le traitement Findykill; mais c bizarre car j'ai du mal à le relancer maintenant

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:04, on 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\DOCUME~1\Philman2\LOCALS~1\Temp\CUninst.exe" "/remove"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Zapette Fibre.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Réponse 9 / 16

Utilisateur anonyme

Hi,

Relance hijack et clique sur "Do a system scan only"

Ensuite recherche ces lignes et coches les cases

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\DOCUME~1\Philman2\LOCALS~1\Temp\CUninst.exe" "/remove"

Ensuite clique sur "Fix checked"
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Alut.

Réponse 10 / 16

PhilMan

J'ai un soucis
Quand j'essaie de lancer Hijackthis maintenant (j'ai essayé de le réinstaller en vain) , il me dit
"... Hijackthis n'est pas une application win32 valide"
J'ai l'impression qu'on revient en arrière ....

Réponse 11 / 16

PhilMan

Bonjour Doc
Ci joint mes deux rapports HiJackThis et Malwarebyte... G eu un peu de mal car refait plusieurs fois (g 3 comptes et refait pour chacun)

----------------- FindyKill V4.705 ------------------

* User : HP_Propri‚taire - NOM-EB85C523610
* executed from : C:\Program Files\FindyKill
* Update on 17/11/08 par Chiquitine29
* Start at 1:40:34 the 23/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Application Data

Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\1Click Backup 1.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\4Musics_WMA_to_OGG_Converter_4.0_(Serial).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Absolute_Backup_Monitor_1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\AidAim CryptoPressStream 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\All_My_Fonts_Professional_2.0.1_(With_Crack).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\AlphaControls_4.14.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Aruna_URL_0.5b.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BadBlue Excel Web Spreadsheet Collaboration Server 2.72b.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Cabos for Windows 0.5.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Dictionary_French_-_Russian_1.8.33.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Dr. Regener QuickReport Viewer 3.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Drive Explorer 1.01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Drive_Folder_7.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Easy Shift Scheduler for Excel 1.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Easy_CD-DA_Recorder_2007_3.0_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Eurodict French Bulgarian Dictionary 3.01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ExcelFire_Direct_View_1.53_build_44.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ezImageConverter_1.0_[KeyGen].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Finale 2006.r4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Fisheye Player 2.01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Flash4D_5.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Gems_2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\GREG'S HAND 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Haunted Woods Screensaver 01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Image Searcher PRO 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\JSetup Professional Edition 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Keepoint_7_1.7.19.04.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Memory Doom 0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Military_Recipes_Database_1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Muldir_1.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MultiG_1.2.4.1_(With_Crack).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\My_Excel_Plug_Numbers_1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\NameCase 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Natura_Sound_Therapy_1.8.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Newspaper_Delivery_Paperboy_Papergirl_1.0_(With_Crack).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Notes 1.1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\OpenPandora 0.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Pepid_ED_5.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PhibianIRC 1.3.1211.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Porno_Links_XP_1.4_Key+Serial.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Proxy Auto Config 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\QDictionary 2006.10.25.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\RapidKey_Autotext_1.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\RecallWorks_Invoicing_2.9_[With_Crack].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ServerTalk 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Sexy_Buffy_Screensaver_-_BabeSaver.com_1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Site_Monitor_Enterprise_2.0_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SplitNow!_2.0_(KeyGen).czip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SplitNow!_2.0_(KeyGen).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SQLDirect .NET Standard Edition 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Tower Clock Animated Wallpaper 5.07.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\VCTEA Video to PSP 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Virtual sMs Handset 4.2.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Webcorder 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WiFi-Manager_2.7_[Key].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Windows_Std_Serial_Comm_Lib_for_Visual_FoxPro_4.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Word_to_Heart_1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\X2port 1.0.5.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Xe847_Photoshop_Plugin_1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ZipRecovery_1.5.zip
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m"

»»»» Supression files in C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp

Deleted ! - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\500064-PMLPatch
Deleted ! - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\HPZPMLDriverPatch.log
Deleted ! - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\PatchByFile.tmp
Deleted ! - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\500064-PMLPatch\HPGPD_Returncode.txt
Deleted ! - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\500064-PMLPatch\tmp3053000.tmp

»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{D57FAB4D-8069-43B9-B685-EB287BB64D4F}.jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\2518088415_b64a43b11d[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\AG21XSXI\mxd[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DFDAOHUK\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EJUMEHA5\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\FYDQBFXO\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\NV1J6QRZ\510MXDB7RTL._SL500_SS100_[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\T9I1J42K\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\X9J30HB3\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman2\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{D57FAB4D-8069-43B9-B685-EB287BB64D4F}.jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z0KEPZNT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\b64[1].jpg
Deleted ! - C:\Documents and Settings\Philman\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\mxd[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{D57FAB4D-8069-43B9-B685-EB287BB64D4F}.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1008\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-3281988744-683986681-1358338316-1008\Software\UBISOFT

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Cracks / Keygen ] ----------------

---------------- ! End of report ! ------------------

====================================
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 3

23/11/2008 03:08:12
mbam-log-2008-11-23 (03-08-12).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 147484
Temps écoulé: 40 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 12 / 16

Utilisateur anonyme

Hi,

Refait un hijackthis.

Alut.

Réponse 13 / 16

PhilMan

Hello Docteur. Je vois que la nuit a été courte (ou longue) aussi :-)

Pour infos, j'ai réussi à réinstaller Viruscan et fait un scan complet qui m'a alerté sur les prog suivants
RemAdm-PSKILL C:\hp\bin\killwind.exe
RemAdm-PSKILL C:\Program Files\Findykill\Tools\Kill.exe
PrcViewer C:\Program Files\Findykill\Tools\Process.exe

ton avis... ?

Voilà un HiJackThis de maintenant (qui s'est lancé tout se suite sans pb cette fois).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:40, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Zapette Fibre.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://81.252.181.38
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0113651227406476) (0113651227406476mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\011365~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

Réponse 14 / 16

Utilisateur anonyme

Hi,

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Zapette Fibre.lnk = ?

Ensuite clique sur "Fix checked"
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Alut.

Réponse 15 / 16

PhilMan

Bonjour DrHouse

J'ai lancé MAlwarebyte heir dans la nuit et ce matin j'y un trouvé un Trojan
Je l'ai supprimer à l'aide de l'outil et je l'ai relancé. Le rapport Ci-joint
J'ai aussi relancé un HiJackthis ce soir en rentrant et le rapport ci-joint aussi.

PS : je ne comprends pas pourquoi mon antivirus n'avait pas détecté le Trojan ....?

A bientôt

==========================
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1419
Windows 5.1.2600 Service Pack 3

24/11/2008 18:57:35
mbam-log-2008-11-24 (18-57-35).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 151603
Temps écoulé: 58 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

====================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:46, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://81.252.181.38
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://www.helloworld.com/root.controls/RSControl40.CAB
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

Réponse 16 / 16

Utilisateur anonyme

Hi,

> Fais un scan en ligne avec Kaspersky : Kaspersky

N.B. : Le scan ne marche que sous Internet Explorer.

- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...). Allume les si necessaire.

- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.

- On va te demander de télécharger un contrôle active x, accepte .

- Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer.

- Poste le rapport qui sera généré stp. (clique sur <enregistrer le rapport> puis sauvegarde-le sur ton bureau en choisissant "fichier texte (*.txt)" pour l'extension).
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : clic ici

Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Pour le rapport Kaspersky il faut que tu choisisses "Afficher le rapport" puis que tu l'enregistres sur ton bureau sous forme de fichier texte (type de fichier "tous les fichiers").

Votre réponse