PC infecté

Résolu
tery.95 -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,

Mon pc est infecté .J'ai seulement pu faire le scan online de bitdefender car l'infection a planté mon antivirus(avira antivir).je ne peut plus utiliser AVG anti spyware ni Ccleaner.a chaque fois que je veux utiliser ces programme le pc marque échoue ou " n'est pas ne application win32 valid" il refuse de les réinstaller

QUE FAIRE
Statistics

Time
00:59:51

Files
287093

Folders
5276

Boot Sectors
0

Archives
8003

Packed Files
24628

Results

Identified Viruses
4

Infected Files
26

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
25

Engines Info

Virus Definitions
2341312

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
Disinfection failed

C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
Delete failed

C:\Documents and Settings\carpentier\Application Data\m\data.oct
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\Documents and Settings\carpentier\Application Data\m\data.oct
Disinfection failed

C:\Documents and Settings\carpentier\Application Data\m\data.oct
Deleted

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64[1].jpg
Deleted

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64_3[1].jpg
Deleted

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Disinfection failed

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc11.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc11.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc12.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc12.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc13.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc13.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc14.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc14.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip=>keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip=>keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip=>keygen.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip
Updated

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip=>keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip=>keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip=>keygen.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip
Updated

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc21.0\keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc21.0\keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc21.0\keygen.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc22.0(1)\keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc22.0(1)\keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc22.0(1)\keygen.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0120178.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0120178.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0120178.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121178.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121178.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121178.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121179.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121179.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121180.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121180.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121181.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121181.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121306.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121306.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121306.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121322.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121322.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121322.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121324.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121324.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121325.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121325.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121326.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121326.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121327.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121327.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121328.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121328.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121328.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121329.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121329.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121329.exe
Deleted
Configuration: Windows XP
Internet Explorer 7.0

52 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Cette infection informatique est détectée par le scan BitDefender Online, qui identifie de nombreuses menaces et échec de désinfection pour des fichiers critiques après l’arrêt de l’antivirus Avira. La meilleure réponse préconise d’utiliser Malwarebytes, de le mettre à jour, de lancer un balayage rapide et de redémarrer si nécessaire, puis de sauvegarder le rapport et le nouveau log RSIT pour analyse. D'autres conseils mentionnent la nécessité de désinstaller des composants obsolètes, vérifier les mises à jour Java et Acrobat, et collecter les rapports pour une analyse ultérieure.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Salut,

    alors , on a voulu chopper un photoshop plus résent que le 4 sur réseau P2P ? .... :p

    Infection par un Bagle :

    1-IMPORTANT :
    je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
    Essaye surtout de te rappeler si récemment tu n'as pas cliquer sur un "patch" ou un "keygen" pour installer un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... ;)

    2-Télécharge FindyKill de Chiquitine29 :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    ->Enregistre le sur ton bureau et pas ailleurs !

    !! Déconnecte toi et ferme toutes applications en cours !!

    ( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

    -> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

    Notes importantes :
    * si tu as le prg Elibagla sur ton PC , supprime le ( risque de conflit entre les deux outils ) .

    --> Double clique sur le raccourci " FindyKill " qui est sur ton bureau .
    ( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).

    -->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...

    Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Tuto : https://www.malekal.com/tutorial-findykill/

    0
  2. tery.95
     
    OUI effectivement j'ai voulu une version plus récente de photoshop et j'ai cliquer sur l'application suivante winupgro.exe

    je vais faire ce que tu me dis
    0
  3. tery.95
     
    par contre j'ai retrouvé ce crack mais manuellement mon pc refuse de le supprimer
    0
    1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
       
      on s'en occupera juste après ... passe à la suite ;)

      0
  4. tery.95
     
    ----------------- FindyKill V4.709 ------------------

    * User : carpentier - PACKARDBELL
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 10/12/08 par Chiquitine29
    * Recherche effectuée à 0:34:48 le 11/12/2008
    * Windows XP - Internet Explorer 7.0.5730.11

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

    --------------- [ Processus infectieux stoppés ] ----------------

    "C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe" (1756)

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    »»»» Presence des fichiers dans C:\WINDOWS

    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

    Found ! - C:\WINDOWS\prefetch\206625.EXE-0E7A8B5A.pf
    Found ! - C:\WINDOWS\prefetch\279687.EXE-18B1654E.pf
    Found ! - C:\WINDOWS\prefetch\361890.EXE-3ACF1D2A.pf
    Found ! - C:\WINDOWS\prefetch\382453.EXE-2F146474.pf
    Found ! - C:\WINDOWS\prefetch\649703.EXE-0A17219F.pf
    Found ! - C:\WINDOWS\prefetch\679187.EXE-0CD2E99B.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2F0CE69E.pf
    Found ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
    Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-00796B2E.pf
    Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-00796B2E.pf

    »»»» Presence des fichiers dans C:\WINDOWS\system32

    Found ! [10/12/2008 22:03] - C:\WINDOWS\system32\mdelk.exe
    Found ! [10/12/2008 22:03] - C:\WINDOWS\system32\wintems.exe
    Found ! [10/12/2008 23:46] - C:\WINDOWS\system32\ban_list.txt

    »»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

    »»»» Presence des fichiers dans C:\Documents and Settings\carpentier\Application Data

    Found ! [10/12/2008 22:04] - "C:\Documents and Settings\carpentier\Application Data\m\flec006.exe"
    Found ! [10/12/2008 22:04] - "C:\Documents and Settings\carpentier\Application Data\m\list.oct"
    Found ! [10/12/2008 22:05] - "C:\Documents and Settings\carpentier\Application Data\m\srvlist.oct"
    Found ! [10/12/2008 22:40] - "C:\Documents and Settings\carpentier\Application Data\m\shared"
    Found ! [10/12/2008 22:51] - "C:\Documents and Settings\carpentier\Application Data\m"
    Found ! [10/12/2008 21:47] - "C:\Documents and Settings\carpentier\Application Data\drivers"
    Found ! [10/12/2008 22:14] - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa.sys"
    Found ! [10/12/2008 22:14] - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa2.sys"
    Found ! [20/09/2006 05:01] - "C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe"
    Found ! [10/12/2008 22:06] - "C:\Documents and Settings\carpentier\Application Data\drivers\downld"
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\206625.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\213875.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\215453.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216031.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216765.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217671.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217765.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218093.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218890.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\219296.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\279687.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\289812.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\290031.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\318718.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319609.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319640.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\332984.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334125.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334781.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\335515.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336125.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336562.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\340296.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342062.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342921.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\353234.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356578.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356937.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\361890.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\382453.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\395703.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\396875.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\397109.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\649703.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\655906.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657562.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657984.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\658578.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659078.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659281.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659593.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\660500.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\661062.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\679187.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\687937.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690046.exe
    Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690062.exe

    »»»» Presence des fichiers dans C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp

    »»»» Presence des fichiers dans C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    EPSON Stylus DX7400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
    WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SoundMan=SOUNDMAN.EXE
    ATIPTA=C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    ACTIVBOARD=c:\apps\ABoard\ABoard.exe
    SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    !AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    --------------- [ Registre / Clés infectieuses ] ----------------

    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\keygen
    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

    --------------- [ Etat / Services ] ----------------

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    - sans echec non fonctionnel !!

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    EapHost - Type de démarrage = 3

    /!\ Ip6Fw - Type de démarrage = 4

    /!\ SharedAccess - Type de démarrage = 4

    /!\ wuauserv - Type de démarrage = 4

    /!\ wscsvc - Type de démarrage = 4

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe

    +- presence des fichiers :

    --------------- [ Registre / Mountpoint2 ] ----------------

    -> Not found !

    ------------------- ! Fin du rapport ! --------------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    la suite :

    1- Important :
    Branche toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir !
    Tu les retireras après la manipe ...

    2- ! Ferme toutes applications en cours !

    Relance FindyKill :

    -> choisis cette fois-ci l'option 2 .

    /!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
    "nettoyage terminé" .

    Note : lors du message d'avertissement , clique sur " Ok " .

    --> ensuite poste le nouveau rapport FindyKill.txt qui est généré et attends la suite ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    PS : Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
    tape explorer.exe et valide .
    0
  7. tery.95
     
    -------------- FindyKill V4.709 ------------------

    * User : carpentier - PACKARDBELL
    * executed from : C:\Program Files\FindyKill
    * Update on 10/12/08 par Chiquitine29
    * Start at 0:51:32 the 11/12/2008
    * Windows XP - Internet Explorer 7.0.5730.11

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    »»»» Supression files in C:\WINDOWS

    »»»» Supression files in C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\206625.EXE-0E7A8B5A.pf
    Deleted ! - C:\WINDOWS\prefetch\279687.EXE-18B1654E.pf
    Deleted ! - C:\WINDOWS\prefetch\361890.EXE-3ACF1D2A.pf
    Deleted ! - C:\WINDOWS\prefetch\382453.EXE-2F146474.pf
    Deleted ! - C:\WINDOWS\prefetch\649703.EXE-0A17219F.pf
    Deleted ! - C:\WINDOWS\prefetch\679187.EXE-0CD2E99B.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2F0CE69E.pf
    Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-00796B2E.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

    »»»» Supression files in C:\WINDOWS\system32

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    »»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

    »»»» Supression files in C:\WINDOWS\system32\drivers

    Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
    Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys

    »»»» Supression files in C:\Documents and Settings\carpentier\Application Data

    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\list.oct"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\srvlist.oct"
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\#1 CD Ripper 1.9.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\11Tomtom Mobile-Voce Sarda-Campidanese.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\3D Summer Butterflies 3.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\5Star Mail Server 3.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\7zSharp 1.0.3.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AccessForms2Web (PHP&MySQL Editon) 2.1.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AD Water Lily - Animated Desktop Wallpaper 3.11.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\ADSTRIKER 9.3.0.10.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Advanced FFA Submitter 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Advanced Reliable Mass E-Mailer 1.4.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Albany 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Amano Electric Sheep 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Amara Flash Menu Builder 3.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Amazing Julia Fractals II Screensaver 2.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AttributeMagic Pro 2.3 beta 4.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AVS 3.0.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Balloons Galore Screensaver 4.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\CardPro USB 1.0.4.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\CBL Pro-V (FAT) 3.30.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Chameleon Button 2.1.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Chapmaker 1.51.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Child Care Control Console 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Clobber 1.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\cMail eXpress 1.4.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Compact Menu 2 2.0.3.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Contacts Scrubber 3.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Cookie Guard 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Cover Maestro 4.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\CrystalFox Qute 1.0.3.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\DCSix 6.04.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\ExploreExcel 1.2.0.17.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Explorer Toolbar Maker 3 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Fast Query Builder for C++Builder 6 1.03.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\FilesCatalog 1.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Find My CD 1.3.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Flash Video Recorder 1.00.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\FM Scene Firefox-Extension 4.1.3.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Free Video Studio Converter 4.1.0.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\GFD Dynamic Flash Gallery 2.3i.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Guitar Simulator 1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Halloween Cursor Set 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Handy Startup Monitor 1.10.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\HSLAB Logger Lite 3.5.11.174.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\iCartoonPC 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Iconize 2.0.0.3.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\IE PassView 1.15.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\IISGuard 1.0.416.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Image Resizer 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\JobOrder 12.9.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Keystroke Shortcut Recorder 2.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\KISS Player 1.7.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\KOL Grep 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Learn About Honey Bees 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Lettore MP3 4.6.0.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Lightbox JS Gallery Creator 1.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Lipstick Demo Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\ListManager 7.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Mandarin Learning Assistant 0.91.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Manuel.Symantec.Norton.Ghost.2003.Fr.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Map Suite - Winforms Lite Edition 0.95.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Menu Creator 5.07.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Mobile_Music_Polyphonic_v1[1].5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Mp3 WoYun 1.817.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MultiCalc 4.2.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MyBooks 6.26.25.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MyContacts 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MyFolder 2.1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\NOD32.V2.50.16.+.crack.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Norton.Internet.Security.2005.v8.0.AntiSpyware.Edition.v8.5.Symantec.Keygen.SSG.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\O&O Defrag Server Edition 11.1 Build 3362.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\OEExplorer 1.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\OJOsoft 3GP Converter 2.5.1.1121.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Online Dictionary 1.0.0.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Opell Video to AVI MPEG MOV RM FLV iPod PSP 3GP Zune Converter 2.1.20.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\OptionEdge 2.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Password Agent Lite 2.5.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PC LiveTV 2.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Perfect Menu 4.0.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PL Table 4.30.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PNG LX 1.0.0 Build 12.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Power Sound Editor Free 2008 6.3.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PQ.Mobile.TV.v1.0.ARM.PPC.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PreviousPage InNewWindow 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Profesionallll.Avast.4.7.Serial.Keygen.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Project Timer Lite for Windows 1.0B2.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\QuickTime Killer 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Quintessential Media Player Build 120.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Quote Grabber 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\RecentFilesView 1.09.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\RESX2WORD 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\RPN Calculator 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SCP 4.1.4.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Screenstats 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SERVed2 Beta 0.94.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Space Hound 4.0.1977.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SpanishUno 6.01.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SSW Upsizing PRO 13.29.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Stereogram magician 3.21.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\STFWebPen 2.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Strobe Sync Pulse Generator 1.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Super Clock Screensaver City.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Super Pop-up Blocker 3.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Symantec.Norton.Internet.Security.2006.(Italiano).Istruzioni.Serial.Attivazione-Funge100%.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\System BodyGuard 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Sysutil PingIt 1.11.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Task Manager Viewer 3.45.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\TC Screen Capture 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\TelePool 1.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\TFM Image Viewer 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\The Complete Wedding Publisher Full Edition 5.5.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\The Lords Prayer 1.0.6.2634.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\The Weather Man 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Tongue Teacher 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Total Cricket Scorer 1.3.0.14.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Ultimate Registry Cleaner 12.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\USAsoft DVD Video MP4 Converter 5.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Vegetarian 1.0.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Version Info 1.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\VideoList Plus 4.6.8.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Virtual Pool Mobile For Pocket Pc.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Web Partner Check 2.1.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Web Server 2.1.4.2.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\WebHare Lite 1.01.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Windows Version Grabber 1.02.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Wondershare MPEG to DVD Burner 2.1.32.5.zip
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\WWE Summer Slam Countdown 1.0.zip
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\shared"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa.sys"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa2.sys"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe"
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\206625.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\213875.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\215453.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216031.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216765.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217671.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217765.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218093.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218890.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\219296.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\279687.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\289812.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\290031.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\318718.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319609.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319640.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\332984.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334125.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334781.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\335515.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336125.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336562.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\340296.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342062.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342921.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\353234.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356578.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356937.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\361890.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\382453.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\395703.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\396875.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\397109.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\649703.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\655906.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657562.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657984.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\658578.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659078.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659281.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659593.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\660500.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\661062.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\679187.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\687937.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690046.exe
    Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690062.exe
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\downld"
    Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers"

    »»»» Supression files in C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp

    »»»» Supression files in C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Documents and Settings\carpentier\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{3F3FE072-B644-4B29-980D-B23150BC3146}.jpg
    Deleted ! - C:\Documents and Settings\carpentier\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{873952A4-31F2-4CF9-9CF9-B648F7306BA6}.jpg

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\keygen
    Deleted ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\winupgro

    --------------- [ States / Restarting of services ] ----------------

    +- Safe boot mode restored !

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    J: - Lecteur amovible

    +- deleting files :

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Cracks / Keygen ] ----------------

    C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Photo Creations\backgrounds\Cracked Paint.jpg
    C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Photo Creations\backgrounds\Cracked Paint.metadata.xml
    C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Photo Creations\backgrounds\Cracked Paint.thumbnail.jpg

    ---------------- ! End of report ! ------------------
    0
  8. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    bien ...

    dans l'ordre :

    1- supprime ton CCleaner car shooter par Bagle ... puis rétélécharge le :

    Télécharge : - CCleaner
    https://www.pcastuces.com/logitheque/ccleaner.htm
    Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
    Lors de l'installation:
    -choisis bien "francais" en langue .
    -avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

    Un tuto ( aide ):
    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

    ---> Utilisation:
    ! déconnecte toi et ferme toutes applications en cours !
    * va dans "nettoyeur" : fais -analyse- puis -nettoyage-
    * va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
    ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

    ( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

    2- Redémarre ton PC !

    3- Télécharge et installe le logiciel HijackThis :

    ici HijackThis
    ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    *Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
    A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
    Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
    "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

    tuto pour utilisation :
    Regarde ici, c'est parfaitement expliqué en images (merci balltrap34),
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    ( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

    * !! Déconnecte toi et ferme toutes tes applications en cours !!

    Clique sur le raccourci du bureau pour lancer le prg :
    fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

    ---> Poste le rapport généré pour analyse ...

    0
  9. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    poste moi ça et on continura demain ....

    bonne nuit ^^

    0
  10. tery.95
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:14:12, on 11/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+MRK+file
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.genoom.com/js/photoUploader/control/ImageUploader5.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
    O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.laredoute.fr/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://193.252.208.54:8081/activex/AMC.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/5690/defaults/activex/IPSUploader.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5615F13C-E104-4CDA-9045-EA2EFE121B9C}: NameServer = 84.103.237.142 86.64.145.142
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CARPEN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    0
  11. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Salut,

    d'autres infections présentes !

    question :
    dis moi si AVG Anti spy fonctionne ...

    On installera un anti virus une fois le PC clean ! .... ;)

    ensuite fais ceci dans l'ordre :

    1- Avoir accès aux fichiers cachés :

    Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
    * "Afficher les fichiers et dossiers cachés" ---> coché
    * "Masquer les extensions des fichiers dont le type est connu" ---> décoché
    * "masquer les fichiers du système" ---> décoché
    -> valide la modif ( "appliquer" puis "ok" ).
    ( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

    2- Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Copies ce qui suit et colles le dans l'espace pour la recherche :
    C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe

    Clique sur Send File ( = " Envoyer le fichier " ).

    Un rapport va s'élaborer ligne à ligne.

    Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta prochaine réponse ...

    ( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

    Fais de même pour :
    C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
    C:\WINDOWS\System32\drivers\clipsrv.exe


    Poste moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...

    une fois ceci posté , enchaine avec la suite :

    3- Télécharge Lop S&D :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Déconnecte toi et ferme toutes tes applications en cours .

    Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

    Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .

    Là,laisses toi guider:
    --->choisis l'option 1 (recherche) et valides.

    (Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

    Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
    Poste ce rapport dans ta prochaine réponse pour analyse .

    Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

    0
  12. CONSTANTIN
     
    bonjour
    désolé, mais j'ai le même problème sur mon PC
    doit-je créer un nouveau topic, ou continuer avec vous???
    salutations
    0
    1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
       
      CONSTANTIN,

      Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
      Procède comme ceci :
      *Clique sur ce lien -> http://www.commentcamarche.net/forum/forum 7#ecrire

      *Puis dans l'encadré, en dessous du "bonjour",expose clairement et précisément ton problème ...
      Pour poster ta question sur le forum, tu n'as plus qu'à cliquer sur "Ajouter" ...
      Patiente et un helper finira par te prendre en charge ;)

      Bonne chance =)

      A+
      0
  13. tery.95
     
    Bonsoir ,
    avg anti spy refonctionne correctement .Mon antivirus avira antivir que j'avais réinstallé hier a detecté 4 fois un bagle dans le systeme volume et j'ai cliqué sur supprimé.

    Voici les 3 rapports de virus total :
    fichier C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.12.0 2008.12.11 -
    AntiVir 7.9.0.43 2008.12.11 -
    Authentium 5.1.0.4 2008.12.11 -
    Avast 4.8.1281.0 2008.12.10 -
    AVG 8.0.0.199 2008.12.11 -
    BitDefender 7.2 2008.12.11 -
    CAT-QuickHeal 10.00 2008.12.11 -
    ClamAV 0.94.1 2008.12.11 -
    Comodo 733 2008.12.11 -
    DrWeb 4.44.0.09170 2008.12.11 -
    eSafe 7.0.17.0 2008.12.11 -
    eTrust-Vet 31.6.6256 2008.12.11 -
    Ewido 4.0 2008.12.11 -
    F-Prot 4.4.4.56 2008.12.10 -
    F-Secure 8.0.14332.0 2008.12.11 -
    Fortinet 3.117.0.0 2008.12.11 -
    GData 19 2008.12.11 -
    Ikarus T3.1.1.45.0 2008.12.11 Trojan-Downloader.Agent
    K7AntiVirus 7.10.551 2008.12.11 -
    Kaspersky 7.0.0.125 2008.12.11 Heur.Trojan.Generic
    McAfee 5460 2008.12.10 -
    McAfee+Artemis 5460 2008.12.10 Generic!Artemis
    Microsoft 1.4205 2008.12.10 -
    NOD32 3683 2008.12.11 -
    Norman 5.80.02 2008.12.11 -
    Panda 9.0.0.4 2008.12.10 Suspicious file
    PCTools 4.4.2.0 2008.12.11 -
    Prevx1 V2 2008.12.11 Cloaked Malware
    Rising 21.07.32.00 2008.12.11 -
    SecureWeb-Gateway 6.7.6 2008.12.11 -
    Sophos 4.36.0 2008.12.11 -
    Sunbelt 3.2.1801.2 2008.12.11 -
    Symantec 10 2008.12.11 -
    TheHacker 6.3.1.2.183 2008.12.11 -
    TrendMicro 8.700.0.1004 2008.12.11 -
    VBA32 3.12.8.10 2008.12.11 -
    ViRobot 2008.12.11.1513 2008.12.11 -
    VirusBuster 4.5.11.0 2008.12.11 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 4ab3401880ef456dbdf3031cafa52957
    SHA1..: 18ac1e1b485242f622faf4befc69e2d1dbb91fb7
    SHA256: 90c8a5de282ac503195ff2efd1ceec383391dcf501e538440ca9f1c64fc73cae
    SHA512: b2c7467c706828f2d542969b291bbd44d6f2a19967e5f0338b8e29f4223eae83
    b3261847befcd36acebeaf3af644550b4db04a62a308ae86d058032cefc739c9

    ssdeep: 1536:eZgmmdxAXiQzz/AopRV1kY6v4RqnoGYTZB7zAsOqniSt:eZgXiXiQn/RV1m
    4UnwtOqniSt

    PEiD..: -
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x40acb6
    timedatestamp.....: 0x49401120 (Wed Dec 10 18:57:36 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xf54f 0x10000 6.22 03ad6c459354f95ac0bd68ba06f79bd3
    .rdata 0x11000 0x1fe2 0x2000 5.49 7e553988472c58adc06a8f97aaa83e07
    .data 0x13000 0x3798 0x1000 1.45 213bb2d983f120d088b821f49b4ef640

    ( 6 imports )
    > USER32.dll: LoadImageA
    > ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
    > WS2_32.dll: -, -
    > WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
    > NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
    > KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, CreateDirectoryA, GetFileTime, GetVolumeInformationA, GetStartupInfoA, GetFileType, GetProcessPriorityBoost, GetSystemDirectoryA, OpenProcess, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

    ( 0 exports )

    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63</a>
    CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4ab3401880ef456dbdf3031cafa52957' target='_blank'>http://research.sunbelt-software.com/...

    Fichier C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.12.0 2008.12.11 -
    AntiVir 7.9.0.43 2008.12.11 -
    Authentium 5.1.0.4 2008.12.11 -
    Avast 4.8.1281.0 2008.12.10 -
    AVG 8.0.0.199 2008.12.11 -
    BitDefender 7.2 2008.12.11 -
    CAT-QuickHeal 10.00 2008.12.11 -
    ClamAV 0.94.1 2008.12.11 -
    Comodo 733 2008.12.11 -
    DrWeb 4.44.0.09170 2008.12.11 -
    eSafe 7.0.17.0 2008.12.11 -
    eTrust-Vet 31.6.6256 2008.12.11 -
    Ewido 4.0 2008.12.11 -
    F-Prot 4.4.4.56 2008.12.10 -
    F-Secure 8.0.14332.0 2008.12.11 -
    Fortinet 3.117.0.0 2008.12.11 -
    GData 19 2008.12.11 -
    Ikarus T3.1.1.45.0 2008.12.11 Trojan-Downloader.Agent
    K7AntiVirus 7.10.551 2008.12.11 -
    Kaspersky 7.0.0.125 2008.12.11 Heur.Trojan.Generic
    McAfee 5460 2008.12.10 -
    McAfee+Artemis 5460 2008.12.10 Generic!Artemis
    Microsoft 1.4205 2008.12.10 -
    NOD32 3683 2008.12.11 -
    Norman 5.80.02 2008.12.11 -
    Panda 9.0.0.4 2008.12.10 Suspicious file
    PCTools 4.4.2.0 2008.12.11 -
    Prevx1 V2 2008.12.11 Cloaked Malware
    Rising 21.07.32.00 2008.12.11 -
    SecureWeb-Gateway 6.7.6 2008.12.11 -
    Sophos 4.36.0 2008.12.11 -
    Sunbelt 3.2.1801.2 2008.12.11 -
    Symantec 10 2008.12.11 -
    TheHacker 6.3.1.2.183 2008.12.11 -
    TrendMicro 8.700.0.1004 2008.12.11 -
    VBA32 3.12.8.10 2008.12.11 -
    ViRobot 2008.12.11.1513 2008.12.11 -
    VirusBuster 4.5.11.0 2008.12.11 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 4ab3401880ef456dbdf3031cafa52957
    SHA1..: 18ac1e1b485242f622faf4befc69e2d1dbb91fb7
    SHA256: 90c8a5de282ac503195ff2efd1ceec383391dcf501e538440ca9f1c64fc73cae
    SHA512: b2c7467c706828f2d542969b291bbd44d6f2a19967e5f0338b8e29f4223eae83
    b3261847befcd36acebeaf3af644550b4db04a62a308ae86d058032cefc739c9

    ssdeep: 1536:eZgmmdxAXiQzz/AopRV1kY6v4RqnoGYTZB7zAsOqniSt:eZgXiXiQn/RV1m
    4UnwtOqniSt

    PEiD..: -
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x40acb6
    timedatestamp.....: 0x49401120 (Wed Dec 10 18:57:36 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xf54f 0x10000 6.22 03ad6c459354f95ac0bd68ba06f79bd3
    .rdata 0x11000 0x1fe2 0x2000 5.49 7e553988472c58adc06a8f97aaa83e07
    .data 0x13000 0x3798 0x1000 1.45 213bb2d983f120d088b821f49b4ef640

    ( 6 imports )
    > USER32.dll: LoadImageA
    > ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
    > WS2_32.dll: -, -
    > WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
    > NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
    > KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, CreateDirectoryA, GetFileTime, GetVolumeInformationA, GetStartupInfoA, GetFileType, GetProcessPriorityBoost, GetSystemDirectoryA, OpenProcess, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

    ( 0 exports )

    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63</a>
    CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4ab3401880ef456dbdf3031cafa52957' target='_blank'>http://research.sunbelt-software.com/...

    fichier C:\WINDOWS\System32\drivers\clipsrv.exe

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.12.0 2008.12.11 -
    AntiVir 7.9.0.43 2008.12.11 -
    Authentium 5.1.0.4 2008.12.11 -
    Avast 4.8.1281.0 2008.12.10 -
    AVG 8.0.0.199 2008.12.11 -
    BitDefender 7.2 2008.12.11 -
    CAT-QuickHeal 10.00 2008.12.11 -
    ClamAV 0.94.1 2008.12.11 -
    Comodo 733 2008.12.11 -
    DrWeb 4.44.0.09170 2008.12.11 -
    eSafe 7.0.17.0 2008.12.11 -
    eTrust-Vet 31.6.6256 2008.12.11 -
    Ewido 4.0 2008.12.11 -
    F-Prot 4.4.4.56 2008.12.10 -
    F-Secure 8.0.14332.0 2008.12.11 -
    Fortinet 3.117.0.0 2008.12.11 -
    GData 19 2008.12.11 -
    Ikarus T3.1.1.45.0 2008.12.11 Trojan-Downloader.Agent
    K7AntiVirus 7.10.551 2008.12.11 -
    Kaspersky 7.0.0.125 2008.12.11 Heur.Trojan.Generic
    McAfee 5460 2008.12.10 -
    McAfee+Artemis 5460 2008.12.10 Generic!Artemis
    Microsoft 1.4205 2008.12.10 -
    NOD32 3683 2008.12.11 -
    Norman 5.80.02 2008.12.11 -
    Panda 9.0.0.4 2008.12.10 Suspicious file
    PCTools 4.4.2.0 2008.12.11 -
    Prevx1 V2 2008.12.11 Cloaked Malware
    Rising 21.07.32.00 2008.12.11 -
    SecureWeb-Gateway 6.7.6 2008.12.11 -
    Sophos 4.36.0 2008.12.11 -
    Sunbelt 3.2.1801.2 2008.12.10 -
    Symantec 10 2008.12.11 -
    TheHacker 6.3.1.2.183 2008.12.11 -
    TrendMicro 8.700.0.1004 2008.12.11 -
    VBA32 3.12.8.10 2008.12.11 -
    ViRobot 2008.12.11.1513 2008.12.11 -
    VirusBuster 4.5.11.0 2008.12.11 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 4ab3401880ef456dbdf3031cafa52957
    SHA1..: 18ac1e1b485242f622faf4befc69e2d1dbb91fb7
    SHA256: 90c8a5de282ac503195ff2efd1ceec383391dcf501e538440ca9f1c64fc73cae
    SHA512: b2c7467c706828f2d542969b291bbd44d6f2a19967e5f0338b8e29f4223eae83
    b3261847befcd36acebeaf3af644550b4db04a62a308ae86d058032cefc739c9

    ssdeep: 1536:eZgmmdxAXiQzz/AopRV1kY6v4RqnoGYTZB7zAsOqniSt:eZgXiXiQn/RV1m
    4UnwtOqniSt

    PEiD..: -
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x40acb6
    timedatestamp.....: 0x49401120 (Wed Dec 10 18:57:36 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xf54f 0x10000 6.22 03ad6c459354f95ac0bd68ba06f79bd3
    .rdata 0x11000 0x1fe2 0x2000 5.49 7e553988472c58adc06a8f97aaa83e07
    .data 0x13000 0x3798 0x1000 1.45 213bb2d983f120d088b821f49b4ef640

    ( 6 imports )
    > USER32.dll: LoadImageA
    > ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
    > WS2_32.dll: -, -
    > WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
    > NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
    > KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, CreateDirectoryA, GetFileTime, GetVolumeInformationA, GetStartupInfoA, GetFileType, GetProcessPriorityBoost, GetSystemDirectoryA, OpenProcess, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

    ( 0 exports )

    CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4ab3401880ef456dbdf3031cafa52957' target='_blank'>http://research.sunbelt-software.com/...
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63</a>

    je continue la suite .au fait j'ai l'impression que mon pc rame au démarrage
    0
  14. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Salut,

    au fait j'ai l'impression que mon pc rame au démarrage

    tu as d'autre infections ;)

    passe à lop maintenant ....

    0
  15. tery.95
     
    J'ai encore d'autres infections !!!!!!! j'ai fait fort sur ce coup là

    voici le rapport lop

    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
    BIOS : BIOS Date: 04/19/05 18:04:09 Ver: 08.00.12
    USER : carpentier ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:226 Go (Free:131 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 11/12/2008|17:57 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [10/12/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [04/03/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [09/05/2005|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [09/12/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL(2)
    [11/09/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [11/12/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [03/06/2005|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [28/09/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [25/12/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
    [16/07/2006|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
    [10/12/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [27/10/2006|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [01/08/2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [14/08/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    [02/08/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [09/08/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [02/08/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [30/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
    [15/11/2008|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [17/08/2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
    [16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [14/08/2008|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [29/06/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    [25/12/2007|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [02/05/2005|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [01/08/2005|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [13/02/2007|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [17/01/2006|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [14/03/2006|18:55] C:\DOCUME~1\CARPEN~1\APPLIC~1\.bittorrent
    [10/12/2008|12:13] C:\DOCUME~1\CARPEN~1\APPLIC~1\Adobe
    [01/01/2006|19:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeAUM
    [21/12/2006|20:57] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeUM
    [03/06/2006|20:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Ahead
    [12/10/2005|22:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\Apple Computer
    [09/05/2005|14:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\CyberLink
    [07/12/2008|22:02] C:\DOCUME~1\CARPEN~1\APPLIC~1\Download Manager
    [07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Dynamique
    [07/02/2008|15:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\EPSON
    [26/01/2006|12:42] C:\DOCUME~1\CARPEN~1\APPLIC~1\Google
    [11/12/2008|12:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\Grisoft
    [19/05/2005|21:47] C:\DOCUME~1\CARPEN~1\APPLIC~1\Help
    [10/06/2007|15:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Hemera
    [18/09/2005|20:52] C:\DOCUME~1\CARPEN~1\APPLIC~1\Identities
    [25/12/2007|12:01] C:\DOCUME~1\CARPEN~1\APPLIC~1\InstallShield
    [02/08/2008|13:58] C:\DOCUME~1\CARPEN~1\APPLIC~1\Lavasoft
    [03/06/2005|17:23] C:\DOCUME~1\CARPEN~1\APPLIC~1\Leadertech
    [28/10/2005|20:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\Macromedia
    [09/08/2008|19:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\Malwarebytes
    [11/12/2008|17:44] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft
    [21/09/2005|18:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft Web Folders
    [29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Mozilla
    [26/07/2005|15:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\MSNInstaller
    [03/06/2006|21:12] C:\DOCUME~1\CARPEN~1\APPLIC~1\Nero
    [15/07/2006|22:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Opera
    [01/11/2006|15:08] C:\DOCUME~1\CARPEN~1\APPLIC~1\Publish Providers
    [02/05/2005|10:24] C:\DOCUME~1\CARPEN~1\APPLIC~1\Real
    [07/07/2006|21:00] C:\DOCUME~1\CARPEN~1\APPLIC~1\Roxio
    [07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sites pr‚d‚finis
    [10/07/2006|15:32] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sonic
    [01/11/2006|15:07] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sony
    [02/05/2005|10:11] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sun
    [22/03/2006|20:14] C:\DOCUME~1\CARPEN~1\APPLIC~1\Talkback
    [10/05/2005|15:53] C:\DOCUME~1\CARPEN~1\APPLIC~1\Template
    [29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\TomTom
    [14/03/2006|18:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\uTorrent
    [11/05/2006|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Visicom Media
    [27/02/2006|19:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Vso
    [27/02/2006|18:33] C:\DOCUME~1\CARPEN~1\APPLIC~1\VSO_HWE
    [11/09/2007|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Xi
    [02/05/2005|10:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\You've Got Pictures Screensaver

    [16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [02/05/2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [02/05/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [02/05/2005|10:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [02/05/2005|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
    [02/05/2005|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [19/09/2005|12:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [07/07/2006|20:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

    [20/11/2005|14:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [08/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - carpentier.job
    [09/05/2005 14:08][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    [11/12/2008 12:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [26/12/2007|10:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
    [10/12/2008|12:04] C:\Program Files\Adobe
    [07/03/2006|18:50] C:\Program Files\Ahead
    [02/05/2005|10:08] C:\Program Files\AMD
    [11/12/2008|01:22] C:\Program Files\Avira
    [02/05/2005|10:10] C:\Program Files\AvRack
    [31/07/2007|15:10] C:\Program Files\Axis Communications
    [11/12/2008|01:04] C:\Program Files\CCleaner
    [02/05/2005|10:23] C:\Program Files\CyberLink
    [25/12/2007|12:05] C:\Program Files\epson
    [10/12/2008|12:07] C:\Program Files\Fichiers communs
    [11/12/2008|00:54] C:\Program Files\FindyKill
    [08/02/2007|11:41] C:\Program Files\Google
    [11/12/2008|12:20] C:\Program Files\Grisoft
    [18/09/2005|01:06] C:\Program Files\HighMAT CD Writing Wizard
    [28/08/2008|15:34] C:\Program Files\InstallShield Installation Information
    [10/12/2008|08:54] C:\Program Files\Internet Explorer
    [09/12/2008|19:40] C:\Program Files\Java
    [12/03/2007|09:25] C:\Program Files\Kit ADSL
    [02/08/2008|14:00] C:\Program Files\Lavasoft
    [02/05/2005|10:18] C:\Program Files\Learn2.com
    [09/08/2008|19:18] C:\Program Files\Malwarebytes' Anti-Malware
    [26/08/2008|11:58] C:\Program Files\Messenger
    [21/09/2005|18:56] C:\Program Files\microsoft frontpage
    [18/08/2008|18:48] C:\Program Files\microsoft office
    [02/05/2005|10:26] C:\Program Files\Microsoft Works
    [02/05/2005|10:26] C:\Program Files\Microsoft.NET
    [26/08/2008|11:54] C:\Program Files\Movie Maker
    [10/12/2008|08:47] C:\Program Files\Mozilla Firefox
    [26/07/2005|15:25] C:\Program Files\MSN
    [16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
    [21/09/2008|21:06] C:\Program Files\MSN Messenger
    [09/12/2008|20:44] C:\Program Files\MSXML 4.0
    [16/08/2006|19:00] C:\Program Files\Nero-6.6.0.16
    [26/08/2008|11:50] C:\Program Files\NetMeeting
    [15/11/2008|16:09] C:\Program Files\NOS
    [01/11/2007|21:10] C:\Program Files\Odebit Multim‚dia
    [26/08/2008|11:50] C:\Program Files\Outlook Express
    [18/08/2008|18:20] C:\Program Files\Snapshot Viewer
    [28/08/2008|15:29] C:\Program Files\TomTom HOME 2
    [10/12/2008|23:58] C:\Program Files\Trend Micro
    [16/08/2004|17:19] C:\Program Files\Uninstall Information
    [02/05/2005|10:18] C:\Program Files\Viewpoint
    [08/12/2006|22:24] C:\Program Files\Windows Media Connect
    [11/12/2006|11:13] C:\Program Files\Windows Media Connect 2
    [26/08/2008|11:50] C:\Program Files\Windows Media Player
    [26/08/2008|11:50] C:\Program Files\Windows NT
    [16/08/2004|17:07] C:\Program Files\WindowsUpdate
    [28/02/2006|18:47] C:\Program Files\WinRAR
    [16/08/2004|17:11] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [10/12/2008|12:06] C:\Program Files\Fichiers communs\Adobe
    [21/09/2005|20:13] C:\Program Files\Fichiers communs\Ahead
    [01/08/2008|21:22] C:\Program Files\Fichiers communs\AOL
    [27/02/2006|12:27] C:\Program Files\Fichiers communs\AVSMedia
    [02/05/2005|10:26] C:\Program Files\Fichiers communs\DESIGNER
    [20/07/2007|17:22] C:\Program Files\Fichiers communs\InstallShield
    [02/05/2005|10:11] C:\Program Files\Fichiers communs\Java
    [10/12/2008|12:07] C:\Program Files\Fichiers communs\Macrovision Shared
    [18/08/2008|18:30] C:\Program Files\Fichiers communs\Microsoft Shared
    [16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
    [02/05/2005|10:18] C:\Program Files\Fichiers communs\Nullsoft
    [18/08/2008|18:21] C:\Program Files\Fichiers communs\ODBC
    [01/08/2008|21:34] C:\Program Files\Fichiers communs\Real
    [16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
    [26/08/2008|11:50] C:\Program Files\Fichiers communs\System
    [03/05/2006|21:20] C:\Program Files\Fichiers communs\Vbox
    [02/08/2008|13:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [20/09/2007|20:18] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 44 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-11 17:58:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 188

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:2][D:5]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp
    [F:18][D:0]-> C:\DOCUME~1\CARPEN~1\Cookies
    [F:16][D:4]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 11/12/2008|17:59 - Option : [1]

    --------------------\\ Fin du rapport a 17:59:36
    0
  16. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    bien ...

    1- ! Déconnecte toi et ferme toutes tes applications en cours !

    Relance Lop S&D ,

    --->choisis cette fois l'option 2 ( nettoyage ) et valide ...

    ->ne touche à rien pendant que l'outil travail .

    Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
    Poste ce rapport dans ta prochaine réponse pour analyse ...

    ensuite fais ceci :

    2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    -> http://images.malwareremoval.com/random/RSIT.exe

    ! Ferme bien toutes tes applications en cours !

    Double-clique sur " RSIT.exe " pour le lancer .

    -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    * Devant l'option "List files/folders created ..." , tu choisis : 2 months

    * clique ensuite sur " Continue " pour lancer l'analyse ...

    ( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)

    -> laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

    Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante ... si tu essaies de poster les deux en même temps,
    cela risque d'être trop long pour le forum ...
    Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

    0
  17. tery.95
     
    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
    BIOS : BIOS Date: 04/19/05 18:04:09 Ver: 08.00.12
    USER : carpentier ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:226 Go (Free:131 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 11/12/2008|18:37 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\Viewpoint
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [10/12/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [04/03/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [09/05/2005|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [09/12/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL(2)
    [11/09/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [11/12/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [03/06/2005|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [28/09/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [25/12/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
    [10/12/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [27/10/2006|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [01/08/2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [14/08/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    [02/08/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [09/08/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [02/08/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [30/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
    [15/11/2008|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [17/08/2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
    [16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [14/08/2008|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [29/06/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    [25/12/2007|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [01/08/2005|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [13/02/2007|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [17/01/2006|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [14/03/2006|18:55] C:\DOCUME~1\CARPEN~1\APPLIC~1\.bittorrent
    [10/12/2008|12:13] C:\DOCUME~1\CARPEN~1\APPLIC~1\Adobe
    [01/01/2006|19:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeAUM
    [21/12/2006|20:57] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeUM
    [03/06/2006|20:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Ahead
    [12/10/2005|22:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\Apple Computer
    [09/05/2005|14:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\CyberLink
    [07/12/2008|22:02] C:\DOCUME~1\CARPEN~1\APPLIC~1\Download Manager
    [07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Dynamique
    [07/02/2008|15:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\EPSON
    [26/01/2006|12:42] C:\DOCUME~1\CARPEN~1\APPLIC~1\Google
    [11/12/2008|12:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\Grisoft
    [19/05/2005|21:47] C:\DOCUME~1\CARPEN~1\APPLIC~1\Help
    [10/06/2007|15:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Hemera
    [18/09/2005|20:52] C:\DOCUME~1\CARPEN~1\APPLIC~1\Identities
    [25/12/2007|12:01] C:\DOCUME~1\CARPEN~1\APPLIC~1\InstallShield
    [02/08/2008|13:58] C:\DOCUME~1\CARPEN~1\APPLIC~1\Lavasoft
    [03/06/2005|17:23] C:\DOCUME~1\CARPEN~1\APPLIC~1\Leadertech
    [28/10/2005|20:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\Macromedia
    [09/08/2008|19:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\Malwarebytes
    [11/12/2008|17:44] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft
    [21/09/2005|18:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft Web Folders
    [29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Mozilla
    [26/07/2005|15:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\MSNInstaller
    [03/06/2006|21:12] C:\DOCUME~1\CARPEN~1\APPLIC~1\Nero
    [15/07/2006|22:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Opera
    [01/11/2006|15:08] C:\DOCUME~1\CARPEN~1\APPLIC~1\Publish Providers
    [02/05/2005|10:24] C:\DOCUME~1\CARPEN~1\APPLIC~1\Real
    [07/07/2006|21:00] C:\DOCUME~1\CARPEN~1\APPLIC~1\Roxio
    [07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sites pr‚d‚finis
    [10/07/2006|15:32] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sonic
    [01/11/2006|15:07] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sony
    [02/05/2005|10:11] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sun
    [22/03/2006|20:14] C:\DOCUME~1\CARPEN~1\APPLIC~1\Talkback
    [10/05/2005|15:53] C:\DOCUME~1\CARPEN~1\APPLIC~1\Template
    [29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\TomTom
    [14/03/2006|18:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\uTorrent
    [11/05/2006|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Visicom Media
    [27/02/2006|19:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Vso
    [27/02/2006|18:33] C:\DOCUME~1\CARPEN~1\APPLIC~1\VSO_HWE
    [11/09/2007|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Xi
    [02/05/2005|10:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\You've Got Pictures Screensaver

    [16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [02/05/2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [02/05/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [02/05/2005|10:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [02/05/2005|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
    [02/05/2005|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [19/09/2005|12:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [07/07/2006|20:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

    [20/11/2005|14:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [08/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - carpentier.job
    [09/05/2005 14:08][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    [11/12/2008 12:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [26/12/2007|10:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
    [10/12/2008|12:04] C:\Program Files\Adobe
    [07/03/2006|18:50] C:\Program Files\Ahead
    [02/05/2005|10:08] C:\Program Files\AMD
    [11/12/2008|01:22] C:\Program Files\Avira
    [02/05/2005|10:10] C:\Program Files\AvRack
    [31/07/2007|15:10] C:\Program Files\Axis Communications
    [11/12/2008|01:04] C:\Program Files\CCleaner
    [02/05/2005|10:23] C:\Program Files\CyberLink
    [25/12/2007|12:05] C:\Program Files\epson
    [10/12/2008|12:07] C:\Program Files\Fichiers communs
    [11/12/2008|00:54] C:\Program Files\FindyKill
    [08/02/2007|11:41] C:\Program Files\Google
    [11/12/2008|12:20] C:\Program Files\Grisoft
    [18/09/2005|01:06] C:\Program Files\HighMAT CD Writing Wizard
    [28/08/2008|15:34] C:\Program Files\InstallShield Installation Information
    [10/12/2008|08:54] C:\Program Files\Internet Explorer
    [09/12/2008|19:40] C:\Program Files\Java
    [12/03/2007|09:25] C:\Program Files\Kit ADSL
    [02/08/2008|14:00] C:\Program Files\Lavasoft
    [02/05/2005|10:18] C:\Program Files\Learn2.com
    [09/08/2008|19:18] C:\Program Files\Malwarebytes' Anti-Malware
    [26/08/2008|11:58] C:\Program Files\Messenger
    [21/09/2005|18:56] C:\Program Files\microsoft frontpage
    [18/08/2008|18:48] C:\Program Files\microsoft office
    [02/05/2005|10:26] C:\Program Files\Microsoft Works
    [02/05/2005|10:26] C:\Program Files\Microsoft.NET
    [26/08/2008|11:54] C:\Program Files\Movie Maker
    [10/12/2008|08:47] C:\Program Files\Mozilla Firefox
    [26/07/2005|15:25] C:\Program Files\MSN
    [16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
    [21/09/2008|21:06] C:\Program Files\MSN Messenger
    [09/12/2008|20:44] C:\Program Files\MSXML 4.0
    [16/08/2006|19:00] C:\Program Files\Nero-6.6.0.16
    [26/08/2008|11:50] C:\Program Files\NetMeeting
    [15/11/2008|16:09] C:\Program Files\NOS
    [01/11/2007|21:10] C:\Program Files\Odebit Multim‚dia
    [26/08/2008|11:50] C:\Program Files\Outlook Express
    [18/08/2008|18:20] C:\Program Files\Snapshot Viewer
    [28/08/2008|15:29] C:\Program Files\TomTom HOME 2
    [10/12/2008|23:58] C:\Program Files\Trend Micro
    [16/08/2004|17:19] C:\Program Files\Uninstall Information
    [08/12/2006|22:24] C:\Program Files\Windows Media Connect
    [11/12/2006|11:13] C:\Program Files\Windows Media Connect 2
    [26/08/2008|11:50] C:\Program Files\Windows Media Player
    [26/08/2008|11:50] C:\Program Files\Windows NT
    [16/08/2004|17:07] C:\Program Files\WindowsUpdate
    [28/02/2006|18:47] C:\Program Files\WinRAR
    [16/08/2004|17:11] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [10/12/2008|12:06] C:\Program Files\Fichiers communs\Adobe
    [21/09/2005|20:13] C:\Program Files\Fichiers communs\Ahead
    [01/08/2008|21:22] C:\Program Files\Fichiers communs\AOL
    [27/02/2006|12:27] C:\Program Files\Fichiers communs\AVSMedia
    [02/05/2005|10:26] C:\Program Files\Fichiers communs\DESIGNER
    [20/07/2007|17:22] C:\Program Files\Fichiers communs\InstallShield
    [02/05/2005|10:11] C:\Program Files\Fichiers communs\Java
    [10/12/2008|12:07] C:\Program Files\Fichiers communs\Macrovision Shared
    [18/08/2008|18:30] C:\Program Files\Fichiers communs\Microsoft Shared
    [16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
    [02/05/2005|10:18] C:\Program Files\Fichiers communs\Nullsoft
    [18/08/2008|18:21] C:\Program Files\Fichiers communs\ODBC
    [01/08/2008|21:34] C:\Program Files\Fichiers communs\Real
    [16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
    [26/08/2008|11:50] C:\Program Files\Fichiers communs\System
    [03/05/2006|21:20] C:\Program Files\Fichiers communs\Vbox
    [02/08/2008|13:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [20/09/2007|20:18] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 44 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\CARPEN~1\Cookies\carpentier@advertising[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-11 18:38:02
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 188

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:3][D:5]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp
    [F:44][D:0]-> C:\DOCUME~1\CARPEN~1\Cookies
    [F:36][D:4]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 11/12/2008|17:59 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 11/12/2008|18:38 - Option : [2]

    --------------------\\ Fin du rapport a 18:38:59
    0
  18. tery.95
     
    ogfile of random's system information tool 1.04 (written by random/random)
    Run by carpentier at 2008-12-11 18:52:02
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 135 GB (58%) free of 232 GB
    Total RAM: 1023 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:17, on 11/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\carpentier\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\carpentier.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+MRK+file
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.genoom.com/js/photoUploader/control/ImageUploader5.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
    O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.laredoute.fr/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://193.252.208.54:8081/activex/AMC.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/5690/defaults/activex/IPSUploader.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CARPEN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    0
  19. tery.95
     
    info.txt logfile of random's system information tool 1.04 2008-12-11 18:52:20

    ======Uninstall list======

    -->C:\Program Files\Learn2.com\StRunner\stuninst.exe
    -->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
    -->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
    Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
    FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
    getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
    Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}\setup.exe"
    Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
    Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    TomTom HOME 2.5.1.36-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
    VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    ZIP PASSWORD FINDER-->C:\WINDOWS\UnGins.exe "C:\Program Files\ZIP PASSWORD FINDER\install.log"

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\SONICS~1\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=2f00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    0
  20. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Bien ... fais ceci :

    Télécharge MalwareByte's :
    ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
    ou ici : http://www.malwarebytes.org/mbam.php

    * Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

    * Potasse le tuto pour te familiariser avec le prg :
    https://forum.pcastuces.com/sujet.asp?f=31&s=3
    ( cela dis, il est très simple d'utilisation ).

    ! Déconnecte toi et ferme toutes applications en cours !

    * Lance Malwarebyte's .

    Fais un examen dit "Rapide" .

    --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    --> à la fin tu cliques sur "résultat" .
    --> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
    accompagné d'un nouveau rapport RSIT ( "log.txt") pour analyse ...

    0
  • 1
  • 2
  • 3