Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Un mauvais clic!

Bugrider
 Partager

Messages recommandés

Bugrider Junior Member

Bugrider

Posté(e)
Posté(e)

Bonjour, et merci pour votre site d'aide.

 

L'histoire commence par un clic de trop de mon fils dans Msn qui lui promettait je ne sais quelle photo.

 

Depuis je suis infecté de virus/trojan que mon viruscan (macafee) bloque, mais qui reviennent inlassablement (eux, moi j'en suis las!), sans compter les pub intempestives qui apparaissent.

 

J'ai bien trouvé une ligne bizarre dans Hijacktjis, mais elle refuse de disparaitre quand je la fixe. je ne peux pas non plus l'enlever de la base de registre ni manuellement (le F5 la fait réapparaitre) ni par divers logiciels (ccleaner, Jv 16, spybot, spyware) et j'en passe.

 

je vous colle (gentiement) donc le rapport ( la ligne F2 estcelle qui ne bouge pas!)

 

Merci encore de votre aide, bien cordialement

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:01, on 13/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ehome\mcrdsvc.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Microsoft Office\Office\1036\msoffice.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Outlook Express\msimn.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ % % ^% %% %^^ ^% ^ ^^% %%% %^.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ % % ^% %% %^^ ^% ^ ^^% %%% %^.exe

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] (User 'Default user')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

 

--

End of file - 12351 bytes

Lien vers le commentaire
Partager sur d’autres sites

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e) (modifié)

Bonsoir Bugrider,

 

Bienvenu sur Zebulon.

 

Pour commencer la désinfection :

 

1-

  • Télécharge MSNfix (de !aur3n7) sur ton bureau,
  • Fait un clic droit sur le fichier puis Extraire tout et choisis ton bureau comme destination.
  • Dans le dossier décompressé, fait un double clic sur le fichier MSNFix.bat (le .bat peut ne pas être visible)
  • Appuie sur R pour lancer la recherche,
  • Si une infection est détectée, il suffit d'appuyer sur une touche pour lancer le nettoyage,
  • A la fin de celui-ci, si le redémarrage de ton PC est demandé, fait le pour que tous les fichiers infectés puissent être supprimés.
  • A la fin de la réparation, le rapport va s'ouvrir, copie/colle son contenu ici.

2-

  • Télécharge SDFix (de Andy Manchesta) sur ton bureau
  • Double clique sur SDFix.exe puis Install, clique ensuite sur Browse pour installer Sdfix sur ton bureau.
  • Redémarre ton PC en mode sans echecs (Touche F8 avant le lancement de Windows)
  • Ouvre le dossier SDFix qui se trouve maintenant sur ton bureau et lance le script en cliquant sur RunThis.bat .
  • Accepte le lancement en appuyant sur Y.
  • Ton bureau va disparaître pendant le nettoyage,
  • A la fin du scan accepte le redémarrage de ton PC et laisse le nettoyage se poursuivre jusqu'à la fin.
  • Le rapport de nettoyage va s'ouvrir, copie/colle tout son contenu dans ton prochain message (tu pourras trouver ce rapport dans le répertoire de Sdfix : report.txt).

3-

  • Télécharge Smitfraudfix (S!ri)
  • Double clic sur l'icône de Smitfraudfix
  • Lance l'option 1 uniquement
  • A la fin de la recherche, le rapport va s'ouvrir, copie/colle son contenu dans un message,

Poste bien tous les rapports

Modifié par Desch
Lien vers le commentaire
Partager sur d’autres sites
Bugrider Junior Member

Bugrider

Posté(e)
  • Auteur
Posté(e)

Voici donc les 3 rapports, et je constate déjà que le pc se porte mieux! cordialement

 

Rapport 1

 

MSNFix 1.716

 

C:\Documents and Settings\HP_Administrateur\Bureau\MSNFix\MSNFix

Fix exécuté le 13/05/2008 - 20:38:49,34 By HP_Administrateur

mode normal

 

************************ Recherche les fichiers présents

 

... C:\WINDOWS\system32\ % % ^% %% %^^ ^% ^ ^^% %%% %^.exe

... C:\Program Files\CPV\CPV8.dll

... C:\WINDOWS\mrofinu*.exe

... C:\WINDOWS\mrofinu*.exe.tmp

... C:\WINDOWS\system32\real.txt

 

************************ Recherche les dossiers présents

 

... C:\Program Files\CPV\

... C:\Program Files\CPV\

 

 

 

 

************************ Suppression des fichiers

 

/!\ ... C:\WINDOWS\system32\ % % ^% %% %^^ ^% ^ ^^% %%% %^.exe

/!\ ... C:\WINDOWS\system32\ % % ^% %% %^^ ^% ^ ^^% %%% %^.exe

/!\ ... C:\WINDOWS\system32\ % % ^% %% %^^ ^% ^ ^^% %%% %^.exe

.. OK ... C:\Program Files\CPV\CPV8.dll

.. OK ... C:\WINDOWS\mrofinu*.exe

.. OK ... C:\WINDOWS\mrofinu*.exe.tmp

.. OK ... C:\WINDOWS\system32\real.txt

 

 

************************ Suppression des dossiers

 

/!\ ... C:\Program Files\CPV\

/!\ ... C:\Program Files\CPV\

 

 

************************ Nettoyage du registre

 

 

 

Les fichiers encore présents seront supprimés au prochain redémarrage

 

 

Aucun Fichier trouvé

 

 

 

************************ Fichiers suspects

 

Aucun Fichier trouvé

 

 

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 13052008_20414860.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

Rapport 2

 

SDFix: Version 1.182

Run by Administrateur on 13/05/2008 at 20:55

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\HP_ADM~1\Bureau\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\%%^%%%~1.exe - Deleted

C:\Program Files\CPV\CPV8.MSNFix - Deleted

C:\Program Files\Spcron\Spc.dll - Deleted

 

 

 

Folder C:\Program Files\CPV - Removed

Folder C:\Program Files\Spcron - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-13 21:06:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Steam\\SteamApps\\vive18\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\vive18\\half-life 2 deathmatch\\hl2.exe:*:Disabled:hl2"

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare"

@=""

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"

"C:\\Telechargements\\incredimail_install.exe"="C:\\Telechargements\\incredimail_install.exe:*:Disabled:IncrediMail Installer"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\HP_ADM~1\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sat 23 Dec 2006 211 A.SHR --- "C:\BOOT.BAK"

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Tue 26 Dec 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"

Wed 13 Jun 2007 89,243 ..SHR --- "C:\WINDOWS\system32\ewbzohez.exe"

Sun 23 Mar 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Fri 5 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Tue 13 May 2008 5,938 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE3.tmp"

Tue 13 May 2008 5,684 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE4.tmp"

Tue 13 May 2008 10,198 A..H. --- "C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Office\Shortcut Bar\Off5.tmp"

Sun 21 Jan 2007 8,246 A..H. --- "C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Office\Shortcut Bar\Off6h.tmp"

Sun 21 Jan 2007 8,246 A..H. --- "C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Office\Shortcut Bar\Off6s.tmp"

 

Finished!

 

Rapport 3

 

SmitFraudFix v2.320

 

Rapport fait à 21:19:12,75, 13/05/2008

Executé à partir de C:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\Program Files\Microsoft Office\Office\1036\msoffice.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Wireless LAN PCI 802.11 b/g adapter WN5301A - Miniport d'ordonnancement de paquets

DNS Server Search Order: 16.92.3.242

DNS Server Search Order: 16.92.3.243

DNS Server Search Order: 16.81.3.243

DNS Server Search Order: 16.118.3.243

 

Description: Wireless LAN PCI 802.11 b/g adapter WN5301A - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

DNS Server Search Order: 0.0.0.0

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7D52019F-1842-4B8B-A419-A4D144334C0E}: DhcpNameServer=192.168.1.1 0.0.0.0

HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7D52019F-1842-4B8B-A419-A4D144334C0E}: DhcpNameServer=192.168.1.1 0.0.0.0

HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CS3\Services\Tcpip\..\{7D52019F-1842-4B8B-A419-A4D144334C0E}: DhcpNameServer=192.168.1.1 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Lien vers le commentaire
Partager sur d’autres sites
Bugrider Junior Member

Bugrider

Posté(e)
  • Auteur
Posté(e)

Bonjour, voici le rapport ; Non c'est un poste personnel, de marque HP mais utilisé uniquement à domicile.

Bonne journée.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:38:37, on 14/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Microsoft Office\Office\1036\msoffice.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] (User 'Default user')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

 

--

End of file - 12006 bytes

Lien vers le commentaire
Partager sur d’autres sites
Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Bonjour,

 

Ok, redémarre ton PC en mode sans echec (en utilisant ta session habituelle)

Relance Smitfraudfix avec l'option 2

Enregistre le rapport sur ton bureau

Redémarre en mode normal,

Pour finir, poste le rapport smitfraudfix et un nouvel Hijackthis.

Lien vers le commentaire
Partager sur d’autres sites
Bugrider Junior Member

Bugrider

Posté(e)
  • Auteur
Posté(e)

Voici les 2 derniers rapports:

Cordialement

 

1)

SmitFraudFix v2.320

 

Rapport fait à 18:03:08,18, 14/05/2008

Executé à partir de C:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7D52019F-1842-4B8B-A419-A4D144334C0E}: DhcpNameServer=192.168.1.1 0.0.0.0

HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7D52019F-1842-4B8B-A419-A4D144334C0E}: DhcpNameServer=192.168.1.1 0.0.0.0

HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

HKLM\SYSTEM\CS3\Services\Tcpip\..\{7D52019F-1842-4B8B-A419-A4D144334C0E}: DhcpNameServer=192.168.1.1 0.0.0.0

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

2)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:13:30, on 14/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft Office\Office\1036\msoffice.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] (User 'Default user')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

 

--

End of file - 11232 bytes

Lien vers le commentaire
Partager sur d’autres sites
Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Bonsoir Bugrider,

 

Relance Hijackthis, cliques sur "Do a system scan only" puis coches les lignes suivantes :

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

Clic ensuite sur "Fix checked".

 

 

Pour la suite :

  • Télécharge Malwarebyte , lance l'installation puis accepte la mise a jour,
  • Ferme le programme,
  • Redémarre ton PC en mode sans échec

  • Lance Malwarebyte
  • Dans l'onglet «Recherche», clic sur «Exécuter un examen complet»
  • Ensuite clique sur «Rechercher»
  • A la fin du scan, fait lui supprimer tout ce qu'il a trouvé,
  • Redémarre en mode normal,
  • Poste le rapport que tu trouveras dans l'onglet Rapport/logs avec la date du scan,

Fait aussi un scan en ligne avec Bitdefender (avec Internet Explorer) puis poste le rapport

(Tuto de Malekal)

Et pour finir, poste un nouveau rapport Hijackthis.

Lien vers le commentaire
Partager sur d’autres sites
Bugrider Junior Member

Bugrider

Posté(e)
  • Auteur
Posté(e)

Bonsoir, voici 3 nouveaux rapport: c'est fou il y a toujours des trucs ........

Cordialement

 

1)

Malwarebytes' Anti-Malware 1.12

Version de la base de données: 752

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 214082

Temps écoulé: 33 minute(s), 16 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 15

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J7LD9PHQ\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080423-204717-839.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000031.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000135.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000145.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000154.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0000190.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0000191.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0000202.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0000210.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1423.exe.MSNFix (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1423.MSNFix (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\RECYCLER\KB91234.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\b155.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\b156.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.

 

2)

<HTML>

<HEAD>

<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

</HEAD>

<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

 

 

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">

<tr>

<td width="458">

<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

<tr>

<td colspan="3" width="912">

<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Thu, May 15, 2008 - 20:57:48</b></span></font></p>

</td>

</tr>

 

<tr>

<td width="458">

<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;H:\;I:\;J:\;K:\;</span></font></p>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<p><font face="Arial" size="2"><B>Statistiques</b></font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Temps</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">00:34:13</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Fichiers</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">202915</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Directoires</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">9895</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Secteurs de boot</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">3</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Archives</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">1791</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Paquets programmes</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">19057</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

 

 

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<p><font face="Arial" size="2"><B>Résultats</b></font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Virus identifiés</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">8</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Fichiers infectés</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">17</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Fichiers suspects</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">0</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Avertissements</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">0</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Désinfectés</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">0</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Fichiers effacés</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">27</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Définition virus</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">1192128</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Version des moteurs</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Analyse des plugins</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">16</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Archive des plugins</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">42</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Unpack des plugins</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">7</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">E-mail plugins</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">6</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Système plugins</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">5</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="451" colspan="2" bgcolor="#CCCCCC">

<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Première action</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Désinfecté</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Seconde Action</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Heuristique</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Acceptez les avertissements</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Extensions analysées</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls

;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;

chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>

</td>

</tr>

 

<tr>

<td width="57%">

<p><font face="Arial" size="2">Excludez les extensions</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2"> </font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Analyse d'emails</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Analyse des Archives</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Analyser paquets programmes</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Analyse des fichiers</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">Analyse de boot</font></p>

</td>

<td width="43%" align="right">

<p><font face="Arial" size="2">Oui</font></p>

</td>

</tr>

</table>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td colspan=2>  

<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">

<tr>

<td width="252" bgcolor="#CCCCCC">

<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>

</td>

<td width="195" bgcolor="#CCCCCC" align="right">

<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>

</td>

</tr>

<tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05692656.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.ARA</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05692656.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C879B8.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Win32.Worm.Agent.V</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C879B8.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5618650A.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.PurityScan.CR</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5618650A.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E44895.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.ARA</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E44895.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72D06EEC.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Agent.GT</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72D06EEC.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KHQ3KTAN\wv[1].exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Retapu.D</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KHQ3KTAN\wv[1].exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la désinfection</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KHQ3KTAN\wv[1].exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000396.dll</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.BHO.Agent.U</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000396.dll</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000397.exe=>(RAR Sfx o)=>icpv.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Détecté avec: Application.PWSTool.PWDump.B</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000397.exe=>(RAR Sfx o)=>icpv.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la désinfection</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000397.exe=>(RAR Sfx o)=>icpv.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000397.exe=>(RAR Sfx o)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la mise à jour</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000408.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.ARA</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000408.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000409.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Win32.Worm.Agent.V</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000409.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000410.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.PurityScan.CR</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000410.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000411.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Agent.ARA</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000411.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000412.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Agent.GT</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP4\A0000412.exe=>(Quarantine-2)</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\ejydbu.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Retapu.D</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\ejydbu.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la désinfection</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\ejydbu.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\ewbzohez.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Packer.Malware.NaN.A</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\ewbzohez.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la désinfection</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\ewbzohez.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\icpv.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Détecté avec: Application.PWSTool.PWDump.B</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\icpv.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la désinfection</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\icpv.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\liqpxp.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Infecté par: Trojan.Retapu.D</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\liqpxp.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Echec de la désinfection</font></p>

</td>

</tr><tr>

<td width="57%">

<p><font face="Arial" size="2">C:\WINDOWS\system32\liqpxp.exe</font></p>

</td>

<td width="43%" align="left">

<p><font face="Arial" size="2">Supprimé</font></p>

</td>

</tr>

</table>

</td>

 

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

<tr>

<td width="458">

<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>

</td>

<td width="40%">

<p> </p>

</td>

<td width="10%">

<p> </p>

</td>

</tr>

 

</table>

<p> </p>

 

</body>

</html>

 

3)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:04, on 15/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\Program Files\Microsoft Office\Office\1036\msoffice.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] (User 'Default user')

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

 

--

End of file - 11504 bytes

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...