Sujet Précédent Sujet Suivant

PC infecté

Résolu/Fermé
Utilisateur anonyme - 11 déc. 2008 à 00:07
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 15 déc. 2008 à 22:04
Bonjour,

Mon pc est infecté .J'ai seulement pu faire le scan online de bitdefender car l'infection a planté mon antivirus(avira antivir).je ne peut plus utiliser AVG anti spyware ni Ccleaner.a chaque fois que je veux utiliser ces programme le pc marque échoue ou " n'est pas ne application win32 valid" il refuse de les réinstaller

QUE FAIRE
Statistics

Time
00:59:51

Files
287093

Folders
5276

Boot Sectors
0

Archives
8003

Packed Files
24628




Results

Identified Viruses
4

Infected Files
26

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
25




Engines Info

Virus Definitions
2341312

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
Disinfection failed

C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
Delete failed

C:\Documents and Settings\carpentier\Application Data\m\data.oct
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\Documents and Settings\carpentier\Application Data\m\data.oct
Disinfection failed

C:\Documents and Settings\carpentier\Application Data\m\data.oct
Deleted

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64[1].jpg
Deleted

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5\750J3QZ7\b64_3[1].jpg
Deleted

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Disinfection failed

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc11.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc11.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc12.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc12.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc13.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc13.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc14.exe
Infected with: Trojan.Downloader.JKVV

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc14.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip=>keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip=>keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip=>keygen.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc15.zip
Updated

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip=>keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip=>keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip=>keygen.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc16.zip
Updated

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc21.0\keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc21.0\keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc21.0\keygen.exe
Deleted

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc22.0(1)\keygen.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc22.0(1)\keygen.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4166272364-3009201000-3520490739-1006\Dc22.0(1)\keygen.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0120178.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0120178.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0120178.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121178.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121178.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121178.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121179.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121179.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121180.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121180.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121181.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1121\A0121181.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121306.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121306.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121306.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121322.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121322.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121322.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121324.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121324.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121325.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121325.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121326.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121326.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121327.exe
Infected with: Trojan.Downloader.JKVV

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121327.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121328.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121328.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121328.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121329.exe
Infected with: DeepScan:Generic.Bagle.A5B48DCB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121329.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1122\A0121329.exe
Deleted
A voir également:

52 réponses

Réponse 1 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 00:20
Salut,


alors , on a voulu chopper un photoshop plus résent que le 4 sur réseau P2P ? .... :p



Infection par un Bagle :

1-IMPORTANT :
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
Essaye surtout de te rappeler si récemment tu n'as pas cliquer sur un "patch" ou un "keygen" pour installer un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... ;)


2-Télécharge FindyKill de Chiquitine29 :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

->Enregistre le sur ton bureau et pas ailleurs !

!! Déconnecte toi et ferme toutes applications en cours !!

( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.


Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprime le ( risque de conflit entre les deux outils ) .

--> Double clique sur le raccourci " FindyKill " qui est sur ton bureau .
( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).

-->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...

Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Tuto : https://www.malekal.com/tutorial-findykill/

0
Réponse 2 / 52
Utilisateur anonyme
11 déc. 2008 à 00:26
OUI effectivement j'ai voulu une version plus récente de photoshop et j'ai cliquer sur l'application suivante winupgro.exe

je vais faire ce que tu me dis
0
Réponse 3 / 52
Utilisateur anonyme
11 déc. 2008 à 00:27
par contre j'ai retrouvé ce crack mais manuellement mon pc refuse de le supprimer
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 00:30
on s'en occupera juste après ... passe à la suite ;)

0
Réponse 4 / 52
Utilisateur anonyme
11 déc. 2008 à 00:36
----------------- FindyKill V4.709 ------------------

* User : carpentier - PACKARDBELL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/12/08 par Chiquitine29
* Recherche effectuée à 0:34:48 le 11/12/2008
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe" (1756)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\206625.EXE-0E7A8B5A.pf
Found ! - C:\WINDOWS\prefetch\279687.EXE-18B1654E.pf
Found ! - C:\WINDOWS\prefetch\361890.EXE-3ACF1D2A.pf
Found ! - C:\WINDOWS\prefetch\382453.EXE-2F146474.pf
Found ! - C:\WINDOWS\prefetch\649703.EXE-0A17219F.pf
Found ! - C:\WINDOWS\prefetch\679187.EXE-0CD2E99B.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2F0CE69E.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-00796B2E.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-00796B2E.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [10/12/2008 22:03] - C:\WINDOWS\system32\mdelk.exe
Found ! [10/12/2008 22:03] - C:\WINDOWS\system32\wintems.exe
Found ! [10/12/2008 23:46] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\carpentier\Application Data

Found ! [10/12/2008 22:04] - "C:\Documents and Settings\carpentier\Application Data\m\flec006.exe"
Found ! [10/12/2008 22:04] - "C:\Documents and Settings\carpentier\Application Data\m\list.oct"
Found ! [10/12/2008 22:05] - "C:\Documents and Settings\carpentier\Application Data\m\srvlist.oct"
Found ! [10/12/2008 22:40] - "C:\Documents and Settings\carpentier\Application Data\m\shared"
Found ! [10/12/2008 22:51] - "C:\Documents and Settings\carpentier\Application Data\m"
Found ! [10/12/2008 21:47] - "C:\Documents and Settings\carpentier\Application Data\drivers"
Found ! [10/12/2008 22:14] - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa.sys"
Found ! [10/12/2008 22:14] - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa2.sys"
Found ! [20/09/2006 05:01] - "C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe"
Found ! [10/12/2008 22:06] - "C:\Documents and Settings\carpentier\Application Data\drivers\downld"
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\206625.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\213875.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\215453.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216031.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216765.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217671.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217765.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218093.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218890.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\219296.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\279687.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\289812.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\290031.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\318718.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319609.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319640.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\332984.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334125.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334781.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\335515.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336125.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336562.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\340296.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342062.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342921.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\353234.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356578.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356937.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\361890.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\382453.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\395703.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\396875.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\397109.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\649703.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\655906.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657562.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657984.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\658578.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659078.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659281.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659593.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\660500.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\661062.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\679187.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\687937.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690046.exe
Found ! [10/12/2008 22:06] - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690062.exe

»»»» Presence des fichiers dans C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
EPSON Stylus DX7400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan=SOUNDMAN.EXE
ATIPTA=C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
ACTIVBOARD=c:\apps\ABoard\ABoard.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
!AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 00:40
la suite :

1- Important :
Branche toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir !
Tu les retireras après la manipe ...


2- ! Ferme toutes applications en cours !

Relance FindyKill :

-> choisis cette fois-ci l'option 2 .

/!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .

Note : lors du message d'avertissement , clique sur " Ok " .

--> ensuite poste le nouveau rapport FindyKill.txt qui est généré et attends la suite ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )


PS : Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tape explorer.exe et valide .
0
Réponse 6 / 52
Utilisateur anonyme
11 déc. 2008 à 00:58
-------------- FindyKill V4.709 ------------------

* User : carpentier - PACKARDBELL
* executed from : C:\Program Files\FindyKill
* Update on 10/12/08 par Chiquitine29
* Start at 0:51:32 the 11/12/2008
* Windows XP - Internet Explorer 7.0.5730.11


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\206625.EXE-0E7A8B5A.pf
Deleted ! - C:\WINDOWS\prefetch\279687.EXE-18B1654E.pf
Deleted ! - C:\WINDOWS\prefetch\361890.EXE-3ACF1D2A.pf
Deleted ! - C:\WINDOWS\prefetch\382453.EXE-2F146474.pf
Deleted ! - C:\WINDOWS\prefetch\649703.EXE-0A17219F.pf
Deleted ! - C:\WINDOWS\prefetch\679187.EXE-0CD2E99B.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2F0CE69E.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-00796B2E.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys

»»»» Supression files in C:\Documents and Settings\carpentier\Application Data

Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\#1 CD Ripper 1.9.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\11Tomtom Mobile-Voce Sarda-Campidanese.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\3D Summer Butterflies 3.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\5Star Mail Server 3.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\7zSharp 1.0.3.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AccessForms2Web (PHP&MySQL Editon) 2.1.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AD Water Lily - Animated Desktop Wallpaper 3.11.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\ADSTRIKER 9.3.0.10.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Advanced FFA Submitter 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Advanced Reliable Mass E-Mailer 1.4.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Albany 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Amano Electric Sheep 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Amara Flash Menu Builder 3.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Amazing Julia Fractals II Screensaver 2.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AttributeMagic Pro 2.3 beta 4.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\AVS 3.0.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Balloons Galore Screensaver 4.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\CardPro USB 1.0.4.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\CBL Pro-V (FAT) 3.30.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Chameleon Button 2.1.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Chapmaker 1.51.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Child Care Control Console 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Clobber 1.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\cMail eXpress 1.4.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Compact Menu 2 2.0.3.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Contacts Scrubber 3.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Cookie Guard 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Cover Maestro 4.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\CrystalFox Qute 1.0.3.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\DCSix 6.04.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\ExploreExcel 1.2.0.17.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Explorer Toolbar Maker 3 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Fast Query Builder for C++Builder 6 1.03.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\FilesCatalog 1.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Find My CD 1.3.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Flash Video Recorder 1.00.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\FM Scene Firefox-Extension 4.1.3.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Free Video Studio Converter 4.1.0.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\GFD Dynamic Flash Gallery 2.3i.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Guitar Simulator 1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Halloween Cursor Set 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Handy Startup Monitor 1.10.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\HSLAB Logger Lite 3.5.11.174.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\iCartoonPC 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Iconize 2.0.0.3.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\IE PassView 1.15.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\IISGuard 1.0.416.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Image Resizer 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\JobOrder 12.9.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Keystroke Shortcut Recorder 2.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\KISS Player 1.7.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\KOL Grep 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Learn About Honey Bees 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Lettore MP3 4.6.0.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Lightbox JS Gallery Creator 1.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Lipstick Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\ListManager 7.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Mandarin Learning Assistant 0.91.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Manuel.Symantec.Norton.Ghost.2003.Fr.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Map Suite - Winforms Lite Edition 0.95.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Menu Creator 5.07.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Mobile_Music_Polyphonic_v1[1].5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Mp3 WoYun 1.817.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MultiCalc 4.2.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MyBooks 6.26.25.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MyContacts 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\MyFolder 2.1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\NOD32.V2.50.16.+.crack.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Norton.Internet.Security.2005.v8.0.AntiSpyware.Edition.v8.5.Symantec.Keygen.SSG.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\O&O Defrag Server Edition 11.1 Build 3362.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\OEExplorer 1.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\OJOsoft 3GP Converter 2.5.1.1121.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Online Dictionary 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Opell Video to AVI MPEG MOV RM FLV iPod PSP 3GP Zune Converter 2.1.20.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\OptionEdge 2.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Password Agent Lite 2.5.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PC LiveTV 2.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Perfect Menu 4.0.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PL Table 4.30.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PNG LX 1.0.0 Build 12.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Power Sound Editor Free 2008 6.3.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PQ.Mobile.TV.v1.0.ARM.PPC.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\PreviousPage InNewWindow 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Profesionallll.Avast.4.7.Serial.Keygen.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Project Timer Lite for Windows 1.0B2.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\QuickTime Killer 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Quintessential Media Player Build 120.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Quote Grabber 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\RecentFilesView 1.09.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\RESX2WORD 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\RPN Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SCP 4.1.4.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Screenstats 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SERVed2 Beta 0.94.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Space Hound 4.0.1977.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SpanishUno 6.01.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\SSW Upsizing PRO 13.29.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Stereogram magician 3.21.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\STFWebPen 2.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Strobe Sync Pulse Generator 1.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Super Clock Screensaver City.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Super Pop-up Blocker 3.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Symantec.Norton.Internet.Security.2006.(Italiano).Istruzioni.Serial.Attivazione-Funge100%.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\System BodyGuard 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Sysutil PingIt 1.11.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Task Manager Viewer 3.45.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\TC Screen Capture 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\TelePool 1.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\TFM Image Viewer 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\The Complete Wedding Publisher Full Edition 5.5.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\The Lords Prayer 1.0.6.2634.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\The Weather Man 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Tongue Teacher 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Total Cricket Scorer 1.3.0.14.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Ultimate Registry Cleaner 12.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\USAsoft DVD Video MP4 Converter 5.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Vegetarian 1.0.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Version Info 1.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\VideoList Plus 4.6.8.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Virtual Pool Mobile For Pocket Pc.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Web Partner Check 2.1.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Web Server 2.1.4.2.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\WebHare Lite 1.01.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Windows Version Grabber 1.02.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\Wondershare MPEG to DVD Burner 2.1.32.5.zip
Deleted ! - C:\Documents and Settings\carpentier\Application Data\m\shared\WWE Summer Slam Countdown 1.0.zip
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\m"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\206625.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\213875.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\215453.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216031.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\216765.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217671.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\217765.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218093.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\218890.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\219296.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\279687.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\289812.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\290031.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\318718.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319609.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\319640.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\332984.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334125.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\334781.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\335515.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336125.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\336562.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\340296.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342062.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\342921.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\353234.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356578.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\356937.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\361890.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\382453.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\395703.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\396875.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\397109.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\649703.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\655906.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657562.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\657984.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\658578.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659078.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659281.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\659593.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\660500.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\661062.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\679187.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\687937.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690046.exe
Deleted ! - C:\Documents and Settings\carpentier\Application Data\drivers\downld\690062.exe
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\carpentier\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\carpentier\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\carpentier\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{3F3FE072-B644-4B29-980D-B23150BC3146}.jpg
Deleted ! - C:\Documents and Settings\carpentier\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{873952A4-31F2-4CF9-9CF9-B648F7306BA6}.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\keygen
Deleted ! - HKEY_USERS\S-1-5-21-4166272364-3009201000-3520490739-1006\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

J: - Lecteur amovible


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Photo Creations\backgrounds\Cracked Paint.jpg
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Photo Creations\backgrounds\Cracked Paint.metadata.xml
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Photo Creations\backgrounds\Cracked Paint.thumbnail.jpg


---------------- ! End of report ! ------------------
0
Réponse 7 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 01:02
bien ...

dans l'ordre :


1- supprime ton CCleaner car shooter par Bagle ... puis rétélécharge le :

Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.


Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )



2- Redémarre ton PC !



3- Télécharge et installe le logiciel HijackThis :

ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

*Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

tuto pour utilisation :
Regarde ici, c'est parfaitement expliqué en images (merci balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

* !! Déconnecte toi et ferme toutes tes applications en cours !!

Clique sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

---> Poste le rapport généré pour analyse ...

0
Réponse 8 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 01:14
poste moi ça et on continura demain ....


bonne nuit ^^

0
Réponse 9 / 52
Utilisateur anonyme
11 déc. 2008 à 01:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14:12, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+MRK+file
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.genoom.com/js/photoUploader/control/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.laredoute.fr/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://193.252.208.54:8081/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/5690/defaults/activex/IPSUploader.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5615F13C-E104-4CDA-9045-EA2EFE121B9C}: NameServer = 84.103.237.142 86.64.145.142
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CARPEN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
0
Réponse 10 / 52
Utilisateur anonyme
11 déc. 2008 à 01:15
OK merci beaucoup et a demain
0
Réponse 11 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 11:25
Salut,

d'autres infections présentes !


question :
dis moi si AVG Anti spy fonctionne ...

On installera un anti virus une fois le PC clean ! .... ;)



ensuite fais ceci dans l'ordre :


1- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )




2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
C:\WINDOWS\System32\drivers\clipsrv.exe

Poste moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...



une fois ceci posté , enchaine avec la suite :


3- Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Déconnecte toi et ferme toutes tes applications en cours .

Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

0
Réponse 12 / 52
CONSTANTIN
11 déc. 2008 à 15:06
bonjour
désolé, mais j'ai le même problème sur mon PC
doit-je créer un nouveau topic, ou continuer avec vous???
salutations
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 15:07
CONSTANTIN,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procède comme ceci :
*Clique sur ce lien -> http://www.commentcamarche.net/forum/forum 7#ecrire

*Puis dans l'encadré, en dessous du "bonjour",expose clairement et précisément ton problème ...
Pour poster ta question sur le forum, tu n'as plus qu'à cliquer sur "Ajouter" ...
Patiente et un helper finira par te prendre en charge ;)

Bonne chance =)

A+
0
Réponse 13 / 52
Utilisateur anonyme
11 déc. 2008 à 17:55
Bonsoir ,
avg anti spy refonctionne correctement .Mon antivirus avira antivir que j'avais réinstallé hier a detecté 4 fois un bagle dans le systeme volume et j'ai cliqué sur supprimé.

Voici les 3 rapports de virus total :
fichier C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.0 2008.12.11 -
AntiVir 7.9.0.43 2008.12.11 -
Authentium 5.1.0.4 2008.12.11 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.11 -
BitDefender 7.2 2008.12.11 -
CAT-QuickHeal 10.00 2008.12.11 -
ClamAV 0.94.1 2008.12.11 -
Comodo 733 2008.12.11 -
DrWeb 4.44.0.09170 2008.12.11 -
eSafe 7.0.17.0 2008.12.11 -
eTrust-Vet 31.6.6256 2008.12.11 -
Ewido 4.0 2008.12.11 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.11 -
Fortinet 3.117.0.0 2008.12.11 -
GData 19 2008.12.11 -
Ikarus T3.1.1.45.0 2008.12.11 Trojan-Downloader.Agent
K7AntiVirus 7.10.551 2008.12.11 -
Kaspersky 7.0.0.125 2008.12.11 Heur.Trojan.Generic
McAfee 5460 2008.12.10 -
McAfee+Artemis 5460 2008.12.10 Generic!Artemis
Microsoft 1.4205 2008.12.10 -
NOD32 3683 2008.12.11 -
Norman 5.80.02 2008.12.11 -
Panda 9.0.0.4 2008.12.10 Suspicious file
PCTools 4.4.2.0 2008.12.11 -
Prevx1 V2 2008.12.11 Cloaked Malware
Rising 21.07.32.00 2008.12.11 -
SecureWeb-Gateway 6.7.6 2008.12.11 -
Sophos 4.36.0 2008.12.11 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.11 -
TheHacker 6.3.1.2.183 2008.12.11 -
TrendMicro 8.700.0.1004 2008.12.11 -
VBA32 3.12.8.10 2008.12.11 -
ViRobot 2008.12.11.1513 2008.12.11 -
VirusBuster 4.5.11.0 2008.12.11 -
Information additionnelle
File size: 81920 bytes
MD5...: 4ab3401880ef456dbdf3031cafa52957
SHA1..: 18ac1e1b485242f622faf4befc69e2d1dbb91fb7
SHA256: 90c8a5de282ac503195ff2efd1ceec383391dcf501e538440ca9f1c64fc73cae
SHA512: b2c7467c706828f2d542969b291bbd44d6f2a19967e5f0338b8e29f4223eae83
b3261847befcd36acebeaf3af644550b4db04a62a308ae86d058032cefc739c9

ssdeep: 1536:eZgmmdxAXiQzz/AopRV1kY6v4RqnoGYTZB7zAsOqniSt:eZgXiXiQn/RV1m
4UnwtOqniSt

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40acb6
timedatestamp.....: 0x49401120 (Wed Dec 10 18:57:36 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf54f 0x10000 6.22 03ad6c459354f95ac0bd68ba06f79bd3
.rdata 0x11000 0x1fe2 0x2000 5.49 7e553988472c58adc06a8f97aaa83e07
.data 0x13000 0x3798 0x1000 1.45 213bb2d983f120d088b821f49b4ef640

( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, CreateDirectoryA, GetFileTime, GetVolumeInformationA, GetStartupInfoA, GetFileType, GetProcessPriorityBoost, GetSystemDirectoryA, OpenProcess, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4ab3401880ef456dbdf3031cafa52957' target='_blank'>http://research.sunbelt-software.com/...


Fichier C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.0 2008.12.11 -
AntiVir 7.9.0.43 2008.12.11 -
Authentium 5.1.0.4 2008.12.11 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.11 -
BitDefender 7.2 2008.12.11 -
CAT-QuickHeal 10.00 2008.12.11 -
ClamAV 0.94.1 2008.12.11 -
Comodo 733 2008.12.11 -
DrWeb 4.44.0.09170 2008.12.11 -
eSafe 7.0.17.0 2008.12.11 -
eTrust-Vet 31.6.6256 2008.12.11 -
Ewido 4.0 2008.12.11 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.11 -
Fortinet 3.117.0.0 2008.12.11 -
GData 19 2008.12.11 -
Ikarus T3.1.1.45.0 2008.12.11 Trojan-Downloader.Agent
K7AntiVirus 7.10.551 2008.12.11 -
Kaspersky 7.0.0.125 2008.12.11 Heur.Trojan.Generic
McAfee 5460 2008.12.10 -
McAfee+Artemis 5460 2008.12.10 Generic!Artemis
Microsoft 1.4205 2008.12.10 -
NOD32 3683 2008.12.11 -
Norman 5.80.02 2008.12.11 -
Panda 9.0.0.4 2008.12.10 Suspicious file
PCTools 4.4.2.0 2008.12.11 -
Prevx1 V2 2008.12.11 Cloaked Malware
Rising 21.07.32.00 2008.12.11 -
SecureWeb-Gateway 6.7.6 2008.12.11 -
Sophos 4.36.0 2008.12.11 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.11 -
TheHacker 6.3.1.2.183 2008.12.11 -
TrendMicro 8.700.0.1004 2008.12.11 -
VBA32 3.12.8.10 2008.12.11 -
ViRobot 2008.12.11.1513 2008.12.11 -
VirusBuster 4.5.11.0 2008.12.11 -
Information additionnelle
File size: 81920 bytes
MD5...: 4ab3401880ef456dbdf3031cafa52957
SHA1..: 18ac1e1b485242f622faf4befc69e2d1dbb91fb7
SHA256: 90c8a5de282ac503195ff2efd1ceec383391dcf501e538440ca9f1c64fc73cae
SHA512: b2c7467c706828f2d542969b291bbd44d6f2a19967e5f0338b8e29f4223eae83
b3261847befcd36acebeaf3af644550b4db04a62a308ae86d058032cefc739c9

ssdeep: 1536:eZgmmdxAXiQzz/AopRV1kY6v4RqnoGYTZB7zAsOqniSt:eZgXiXiQn/RV1m
4UnwtOqniSt

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40acb6
timedatestamp.....: 0x49401120 (Wed Dec 10 18:57:36 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf54f 0x10000 6.22 03ad6c459354f95ac0bd68ba06f79bd3
.rdata 0x11000 0x1fe2 0x2000 5.49 7e553988472c58adc06a8f97aaa83e07
.data 0x13000 0x3798 0x1000 1.45 213bb2d983f120d088b821f49b4ef640

( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, CreateDirectoryA, GetFileTime, GetVolumeInformationA, GetStartupInfoA, GetFileType, GetProcessPriorityBoost, GetSystemDirectoryA, OpenProcess, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4ab3401880ef456dbdf3031cafa52957' target='_blank'>http://research.sunbelt-software.com/...

fichier C:\WINDOWS\System32\drivers\clipsrv.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.0 2008.12.11 -
AntiVir 7.9.0.43 2008.12.11 -
Authentium 5.1.0.4 2008.12.11 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.11 -
BitDefender 7.2 2008.12.11 -
CAT-QuickHeal 10.00 2008.12.11 -
ClamAV 0.94.1 2008.12.11 -
Comodo 733 2008.12.11 -
DrWeb 4.44.0.09170 2008.12.11 -
eSafe 7.0.17.0 2008.12.11 -
eTrust-Vet 31.6.6256 2008.12.11 -
Ewido 4.0 2008.12.11 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.11 -
Fortinet 3.117.0.0 2008.12.11 -
GData 19 2008.12.11 -
Ikarus T3.1.1.45.0 2008.12.11 Trojan-Downloader.Agent
K7AntiVirus 7.10.551 2008.12.11 -
Kaspersky 7.0.0.125 2008.12.11 Heur.Trojan.Generic
McAfee 5460 2008.12.10 -
McAfee+Artemis 5460 2008.12.10 Generic!Artemis
Microsoft 1.4205 2008.12.10 -
NOD32 3683 2008.12.11 -
Norman 5.80.02 2008.12.11 -
Panda 9.0.0.4 2008.12.10 Suspicious file
PCTools 4.4.2.0 2008.12.11 -
Prevx1 V2 2008.12.11 Cloaked Malware
Rising 21.07.32.00 2008.12.11 -
SecureWeb-Gateway 6.7.6 2008.12.11 -
Sophos 4.36.0 2008.12.11 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.11 -
TheHacker 6.3.1.2.183 2008.12.11 -
TrendMicro 8.700.0.1004 2008.12.11 -
VBA32 3.12.8.10 2008.12.11 -
ViRobot 2008.12.11.1513 2008.12.11 -
VirusBuster 4.5.11.0 2008.12.11 -
Information additionnelle
File size: 81920 bytes
MD5...: 4ab3401880ef456dbdf3031cafa52957
SHA1..: 18ac1e1b485242f622faf4befc69e2d1dbb91fb7
SHA256: 90c8a5de282ac503195ff2efd1ceec383391dcf501e538440ca9f1c64fc73cae
SHA512: b2c7467c706828f2d542969b291bbd44d6f2a19967e5f0338b8e29f4223eae83
b3261847befcd36acebeaf3af644550b4db04a62a308ae86d058032cefc739c9

ssdeep: 1536:eZgmmdxAXiQzz/AopRV1kY6v4RqnoGYTZB7zAsOqniSt:eZgXiXiQn/RV1m
4UnwtOqniSt

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40acb6
timedatestamp.....: 0x49401120 (Wed Dec 10 18:57:36 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf54f 0x10000 6.22 03ad6c459354f95ac0bd68ba06f79bd3
.rdata 0x11000 0x1fe2 0x2000 5.49 7e553988472c58adc06a8f97aaa83e07
.data 0x13000 0x3798 0x1000 1.45 213bb2d983f120d088b821f49b4ef640

( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, CreateDirectoryA, GetFileTime, GetVolumeInformationA, GetStartupInfoA, GetFileType, GetProcessPriorityBoost, GetSystemDirectoryA, OpenProcess, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

( 0 exports )

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4ab3401880ef456dbdf3031cafa52957' target='_blank'>http://research.sunbelt-software.com/...
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A1D31330045927540AE01D65B945700455EBA63</a>


je continue la suite .au fait j'ai l'impression que mon pc rame au démarrage
0
Réponse 14 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 17:59
Salut,

au fait j'ai l'impression que mon pc rame au démarrage

tu as d'autre infections ;)


passe à lop maintenant ....

0
Réponse 15 / 52
Utilisateur anonyme
11 déc. 2008 à 18:05
J'ai encore d'autres infections !!!!!!! j'ai fait fort sur ce coup là

voici le rapport lop


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : BIOS Date: 04/19/05 18:04:09 Ver: 08.00.12
USER : carpentier ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:131 Go)
D:\ (CD or DVD)
E:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 11/12/2008|17:57 )

--------------------\\ Listing des dossiers dans APPLIC~1

[10/12/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/03/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[09/05/2005|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[09/12/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL(2)
[11/09/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/12/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[03/06/2005|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/09/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[25/12/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[16/07/2006|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
[10/12/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[27/10/2006|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/08/2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[14/08/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/08/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09/08/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[02/08/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[15/11/2008|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[17/08/2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[14/08/2008|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[29/06/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[25/12/2007|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[02/05/2005|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[01/08/2005|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[13/02/2007|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[17/01/2006|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[14/03/2006|18:55] C:\DOCUME~1\CARPEN~1\APPLIC~1\.bittorrent
[10/12/2008|12:13] C:\DOCUME~1\CARPEN~1\APPLIC~1\Adobe
[01/01/2006|19:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeAUM
[21/12/2006|20:57] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeUM
[03/06/2006|20:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Ahead
[12/10/2005|22:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\Apple Computer
[09/05/2005|14:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\CyberLink
[07/12/2008|22:02] C:\DOCUME~1\CARPEN~1\APPLIC~1\Download Manager
[07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Dynamique
[07/02/2008|15:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\EPSON
[26/01/2006|12:42] C:\DOCUME~1\CARPEN~1\APPLIC~1\Google
[11/12/2008|12:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\Grisoft
[19/05/2005|21:47] C:\DOCUME~1\CARPEN~1\APPLIC~1\Help
[10/06/2007|15:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Hemera
[18/09/2005|20:52] C:\DOCUME~1\CARPEN~1\APPLIC~1\Identities
[25/12/2007|12:01] C:\DOCUME~1\CARPEN~1\APPLIC~1\InstallShield
[02/08/2008|13:58] C:\DOCUME~1\CARPEN~1\APPLIC~1\Lavasoft
[03/06/2005|17:23] C:\DOCUME~1\CARPEN~1\APPLIC~1\Leadertech
[28/10/2005|20:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\Macromedia
[09/08/2008|19:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\Malwarebytes
[11/12/2008|17:44] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft
[21/09/2005|18:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft Web Folders
[29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Mozilla
[26/07/2005|15:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\MSNInstaller
[03/06/2006|21:12] C:\DOCUME~1\CARPEN~1\APPLIC~1\Nero
[15/07/2006|22:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Opera
[01/11/2006|15:08] C:\DOCUME~1\CARPEN~1\APPLIC~1\Publish Providers
[02/05/2005|10:24] C:\DOCUME~1\CARPEN~1\APPLIC~1\Real
[07/07/2006|21:00] C:\DOCUME~1\CARPEN~1\APPLIC~1\Roxio
[07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sites pr‚d‚finis
[10/07/2006|15:32] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sonic
[01/11/2006|15:07] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sony
[02/05/2005|10:11] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sun
[22/03/2006|20:14] C:\DOCUME~1\CARPEN~1\APPLIC~1\Talkback
[10/05/2005|15:53] C:\DOCUME~1\CARPEN~1\APPLIC~1\Template
[29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\TomTom
[14/03/2006|18:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\uTorrent
[11/05/2006|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Visicom Media
[27/02/2006|19:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Vso
[27/02/2006|18:33] C:\DOCUME~1\CARPEN~1\APPLIC~1\VSO_HWE
[11/09/2007|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Xi
[02/05/2005|10:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\You've Got Pictures Screensaver

[16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/05/2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/05/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[02/05/2005|10:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[02/05/2005|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/05/2005|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[19/09/2005|12:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[07/07/2006|20:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[20/11/2005|14:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - carpentier.job
[09/05/2005 14:08][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
[11/12/2008 12:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/12/2007|10:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
[10/12/2008|12:04] C:\Program Files\Adobe
[07/03/2006|18:50] C:\Program Files\Ahead
[02/05/2005|10:08] C:\Program Files\AMD
[11/12/2008|01:22] C:\Program Files\Avira
[02/05/2005|10:10] C:\Program Files\AvRack
[31/07/2007|15:10] C:\Program Files\Axis Communications
[11/12/2008|01:04] C:\Program Files\CCleaner
[02/05/2005|10:23] C:\Program Files\CyberLink
[25/12/2007|12:05] C:\Program Files\epson
[10/12/2008|12:07] C:\Program Files\Fichiers communs
[11/12/2008|00:54] C:\Program Files\FindyKill
[08/02/2007|11:41] C:\Program Files\Google
[11/12/2008|12:20] C:\Program Files\Grisoft
[18/09/2005|01:06] C:\Program Files\HighMAT CD Writing Wizard
[28/08/2008|15:34] C:\Program Files\InstallShield Installation Information
[10/12/2008|08:54] C:\Program Files\Internet Explorer
[09/12/2008|19:40] C:\Program Files\Java
[12/03/2007|09:25] C:\Program Files\Kit ADSL
[02/08/2008|14:00] C:\Program Files\Lavasoft
[02/05/2005|10:18] C:\Program Files\Learn2.com
[09/08/2008|19:18] C:\Program Files\Malwarebytes' Anti-Malware
[26/08/2008|11:58] C:\Program Files\Messenger
[21/09/2005|18:56] C:\Program Files\microsoft frontpage
[18/08/2008|18:48] C:\Program Files\microsoft office
[02/05/2005|10:26] C:\Program Files\Microsoft Works
[02/05/2005|10:26] C:\Program Files\Microsoft.NET
[26/08/2008|11:54] C:\Program Files\Movie Maker
[10/12/2008|08:47] C:\Program Files\Mozilla Firefox
[26/07/2005|15:25] C:\Program Files\MSN
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[21/09/2008|21:06] C:\Program Files\MSN Messenger
[09/12/2008|20:44] C:\Program Files\MSXML 4.0
[16/08/2006|19:00] C:\Program Files\Nero-6.6.0.16
[26/08/2008|11:50] C:\Program Files\NetMeeting
[15/11/2008|16:09] C:\Program Files\NOS
[01/11/2007|21:10] C:\Program Files\Odebit Multim‚dia
[26/08/2008|11:50] C:\Program Files\Outlook Express
[18/08/2008|18:20] C:\Program Files\Snapshot Viewer
[28/08/2008|15:29] C:\Program Files\TomTom HOME 2
[10/12/2008|23:58] C:\Program Files\Trend Micro
[16/08/2004|17:19] C:\Program Files\Uninstall Information
[02/05/2005|10:18] C:\Program Files\Viewpoint
[08/12/2006|22:24] C:\Program Files\Windows Media Connect
[11/12/2006|11:13] C:\Program Files\Windows Media Connect 2
[26/08/2008|11:50] C:\Program Files\Windows Media Player
[26/08/2008|11:50] C:\Program Files\Windows NT
[16/08/2004|17:07] C:\Program Files\WindowsUpdate
[28/02/2006|18:47] C:\Program Files\WinRAR
[16/08/2004|17:11] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/12/2008|12:06] C:\Program Files\Fichiers communs\Adobe
[21/09/2005|20:13] C:\Program Files\Fichiers communs\Ahead
[01/08/2008|21:22] C:\Program Files\Fichiers communs\AOL
[27/02/2006|12:27] C:\Program Files\Fichiers communs\AVSMedia
[02/05/2005|10:26] C:\Program Files\Fichiers communs\DESIGNER
[20/07/2007|17:22] C:\Program Files\Fichiers communs\InstallShield
[02/05/2005|10:11] C:\Program Files\Fichiers communs\Java
[10/12/2008|12:07] C:\Program Files\Fichiers communs\Macrovision Shared
[18/08/2008|18:30] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[02/05/2005|10:18] C:\Program Files\Fichiers communs\Nullsoft
[18/08/2008|18:21] C:\Program Files\Fichiers communs\ODBC
[01/08/2008|21:34] C:\Program Files\Fichiers communs\Real
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[26/08/2008|11:50] C:\Program Files\Fichiers communs\System
[03/05/2006|21:20] C:\Program Files\Fichiers communs\Vbox
[02/08/2008|13:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
[20/09/2007|20:18] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 17:58:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 188

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:2][D:5]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\CARPEN~1\Cookies
[F:16][D:4]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/12/2008|17:59 - Option : [1]

--------------------\\ Fin du rapport a 17:59:36
0
Réponse 16 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 18:26
bien ...


1- ! Déconnecte toi et ferme toutes tes applications en cours !

Relance Lop S&D ,

--->choisis cette fois l'option 2 ( nettoyage ) et valide ...

->ne touche à rien pendant que l'outil travail .


Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse ...



ensuite fais ceci :

2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Ferme bien toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ... si tu essaies de poster les deux en même temps,
cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

0
Réponse 17 / 52
Utilisateur anonyme
11 déc. 2008 à 18:40
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : BIOS Date: 04/19/05 18:04:09 Ver: 08.00.12
USER : carpentier ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:131 Go)
D:\ (CD or DVD)
E:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 11/12/2008|18:37 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[10/12/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/03/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[09/05/2005|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[09/12/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL(2)
[11/09/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/12/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[03/06/2005|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/09/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[25/12/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[10/12/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[27/10/2006|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/08/2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[14/08/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/08/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09/08/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[02/08/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[15/11/2008|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[17/08/2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[07/07/2006|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[14/08/2008|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[29/06/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[25/12/2007|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[01/08/2005|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[13/02/2007|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[17/01/2006|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[14/03/2006|18:55] C:\DOCUME~1\CARPEN~1\APPLIC~1\.bittorrent
[10/12/2008|12:13] C:\DOCUME~1\CARPEN~1\APPLIC~1\Adobe
[01/01/2006|19:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeAUM
[21/12/2006|20:57] C:\DOCUME~1\CARPEN~1\APPLIC~1\AdobeUM
[03/06/2006|20:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Ahead
[12/10/2005|22:04] C:\DOCUME~1\CARPEN~1\APPLIC~1\Apple Computer
[09/05/2005|14:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\CyberLink
[07/12/2008|22:02] C:\DOCUME~1\CARPEN~1\APPLIC~1\Download Manager
[07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Dynamique
[07/02/2008|15:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\EPSON
[26/01/2006|12:42] C:\DOCUME~1\CARPEN~1\APPLIC~1\Google
[11/12/2008|12:20] C:\DOCUME~1\CARPEN~1\APPLIC~1\Grisoft
[19/05/2005|21:47] C:\DOCUME~1\CARPEN~1\APPLIC~1\Help
[10/06/2007|15:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Hemera
[18/09/2005|20:52] C:\DOCUME~1\CARPEN~1\APPLIC~1\Identities
[25/12/2007|12:01] C:\DOCUME~1\CARPEN~1\APPLIC~1\InstallShield
[02/08/2008|13:58] C:\DOCUME~1\CARPEN~1\APPLIC~1\Lavasoft
[03/06/2005|17:23] C:\DOCUME~1\CARPEN~1\APPLIC~1\Leadertech
[28/10/2005|20:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\Macromedia
[09/08/2008|19:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\Malwarebytes
[11/12/2008|17:44] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft
[21/09/2005|18:49] C:\DOCUME~1\CARPEN~1\APPLIC~1\Microsoft Web Folders
[29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Mozilla
[26/07/2005|15:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\MSNInstaller
[03/06/2006|21:12] C:\DOCUME~1\CARPEN~1\APPLIC~1\Nero
[15/07/2006|22:26] C:\DOCUME~1\CARPEN~1\APPLIC~1\Opera
[01/11/2006|15:08] C:\DOCUME~1\CARPEN~1\APPLIC~1\Publish Providers
[02/05/2005|10:24] C:\DOCUME~1\CARPEN~1\APPLIC~1\Real
[07/07/2006|21:00] C:\DOCUME~1\CARPEN~1\APPLIC~1\Roxio
[07/08/2007|21:39] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sites pr‚d‚finis
[10/07/2006|15:32] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sonic
[01/11/2006|15:07] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sony
[02/05/2005|10:11] C:\DOCUME~1\CARPEN~1\APPLIC~1\Sun
[22/03/2006|20:14] C:\DOCUME~1\CARPEN~1\APPLIC~1\Talkback
[10/05/2005|15:53] C:\DOCUME~1\CARPEN~1\APPLIC~1\Template
[29/06/2008|14:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\TomTom
[14/03/2006|18:50] C:\DOCUME~1\CARPEN~1\APPLIC~1\uTorrent
[11/05/2006|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Visicom Media
[27/02/2006|19:05] C:\DOCUME~1\CARPEN~1\APPLIC~1\Vso
[27/02/2006|18:33] C:\DOCUME~1\CARPEN~1\APPLIC~1\VSO_HWE
[11/09/2007|20:27] C:\DOCUME~1\CARPEN~1\APPLIC~1\Xi
[02/05/2005|10:18] C:\DOCUME~1\CARPEN~1\APPLIC~1\You've Got Pictures Screensaver

[16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/05/2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/05/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[02/05/2005|10:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[02/05/2005|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/05/2005|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[19/09/2005|12:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[07/07/2006|20:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[20/11/2005|14:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - carpentier.job
[09/05/2005 14:08][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
[11/12/2008 12:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/12/2007|10:38] C:\Program Files\ABBYY FineReader 6.0 Sprint
[10/12/2008|12:04] C:\Program Files\Adobe
[07/03/2006|18:50] C:\Program Files\Ahead
[02/05/2005|10:08] C:\Program Files\AMD
[11/12/2008|01:22] C:\Program Files\Avira
[02/05/2005|10:10] C:\Program Files\AvRack
[31/07/2007|15:10] C:\Program Files\Axis Communications
[11/12/2008|01:04] C:\Program Files\CCleaner
[02/05/2005|10:23] C:\Program Files\CyberLink
[25/12/2007|12:05] C:\Program Files\epson
[10/12/2008|12:07] C:\Program Files\Fichiers communs
[11/12/2008|00:54] C:\Program Files\FindyKill
[08/02/2007|11:41] C:\Program Files\Google
[11/12/2008|12:20] C:\Program Files\Grisoft
[18/09/2005|01:06] C:\Program Files\HighMAT CD Writing Wizard
[28/08/2008|15:34] C:\Program Files\InstallShield Installation Information
[10/12/2008|08:54] C:\Program Files\Internet Explorer
[09/12/2008|19:40] C:\Program Files\Java
[12/03/2007|09:25] C:\Program Files\Kit ADSL
[02/08/2008|14:00] C:\Program Files\Lavasoft
[02/05/2005|10:18] C:\Program Files\Learn2.com
[09/08/2008|19:18] C:\Program Files\Malwarebytes' Anti-Malware
[26/08/2008|11:58] C:\Program Files\Messenger
[21/09/2005|18:56] C:\Program Files\microsoft frontpage
[18/08/2008|18:48] C:\Program Files\microsoft office
[02/05/2005|10:26] C:\Program Files\Microsoft Works
[02/05/2005|10:26] C:\Program Files\Microsoft.NET
[26/08/2008|11:54] C:\Program Files\Movie Maker
[10/12/2008|08:47] C:\Program Files\Mozilla Firefox
[26/07/2005|15:25] C:\Program Files\MSN
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[21/09/2008|21:06] C:\Program Files\MSN Messenger
[09/12/2008|20:44] C:\Program Files\MSXML 4.0
[16/08/2006|19:00] C:\Program Files\Nero-6.6.0.16
[26/08/2008|11:50] C:\Program Files\NetMeeting
[15/11/2008|16:09] C:\Program Files\NOS
[01/11/2007|21:10] C:\Program Files\Odebit Multim‚dia
[26/08/2008|11:50] C:\Program Files\Outlook Express
[18/08/2008|18:20] C:\Program Files\Snapshot Viewer
[28/08/2008|15:29] C:\Program Files\TomTom HOME 2
[10/12/2008|23:58] C:\Program Files\Trend Micro
[16/08/2004|17:19] C:\Program Files\Uninstall Information
[08/12/2006|22:24] C:\Program Files\Windows Media Connect
[11/12/2006|11:13] C:\Program Files\Windows Media Connect 2
[26/08/2008|11:50] C:\Program Files\Windows Media Player
[26/08/2008|11:50] C:\Program Files\Windows NT
[16/08/2004|17:07] C:\Program Files\WindowsUpdate
[28/02/2006|18:47] C:\Program Files\WinRAR
[16/08/2004|17:11] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/12/2008|12:06] C:\Program Files\Fichiers communs\Adobe
[21/09/2005|20:13] C:\Program Files\Fichiers communs\Ahead
[01/08/2008|21:22] C:\Program Files\Fichiers communs\AOL
[27/02/2006|12:27] C:\Program Files\Fichiers communs\AVSMedia
[02/05/2005|10:26] C:\Program Files\Fichiers communs\DESIGNER
[20/07/2007|17:22] C:\Program Files\Fichiers communs\InstallShield
[02/05/2005|10:11] C:\Program Files\Fichiers communs\Java
[10/12/2008|12:07] C:\Program Files\Fichiers communs\Macrovision Shared
[18/08/2008|18:30] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[02/05/2005|10:18] C:\Program Files\Fichiers communs\Nullsoft
[18/08/2008|18:21] C:\Program Files\Fichiers communs\ODBC
[01/08/2008|21:34] C:\Program Files\Fichiers communs\Real
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[26/08/2008|11:50] C:\Program Files\Fichiers communs\System
[03/05/2006|21:20] C:\Program Files\Fichiers communs\Vbox
[02/08/2008|13:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
[20/09/2007|20:18] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\CARPEN~1\Cookies\carpentier@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 18:38:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 188

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:3][D:5]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\Temp
[F:44][D:0]-> C:\DOCUME~1\CARPEN~1\Cookies
[F:36][D:4]-> C:\DOCUME~1\CARPEN~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/12/2008|17:59 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/12/2008|18:38 - Option : [2]

--------------------\\ Fin du rapport a 18:38:59
0
Réponse 18 / 52
Utilisateur anonyme
11 déc. 2008 à 18:54
ogfile of random's system information tool 1.04 (written by random/random)
Run by carpentier at 2008-12-11 18:52:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 135 GB (58%) free of 232 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:17, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\carpentier\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\carpentier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+MRK+file
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\CARPEN~1\APPLIC~1\dllhst3g.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\CARPEN~1\APPLIC~1\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\CARPEN~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.genoom.com/js/photoUploader/control/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.laredoute.fr/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://193.252.208.54:8081/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/5690/defaults/activex/IPSUploader.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CARPEN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
0
Réponse 19 / 52
Utilisateur anonyme
11 déc. 2008 à 18:55
info.txt logfile of random's system information tool 1.04 2008-12-11 18:52:20

======Uninstall list======

-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}\setup.exe"
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
TomTom HOME 2.5.1.36-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZIP PASSWORD FINDER-->C:\WINDOWS\UnGins.exe "C:\Program Files\ZIP PASSWORD FINDER\install.log"

======Security center information======

AV: Avira AntiVir PersonalEdition Classic

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\SONICS~1\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
0
Réponse 20 / 52
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 déc. 2008 à 18:59
Bien ... fais ceci :



Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT ( "log.txt") pour analyse ...

0