Virus et logiciel détéctant les tapes clavierRésolu/Fermé

Question

Bonjour,
je vous reviens pour un problème de sécurité (si il y a bien sur)
depuis quelques semaines je constate que ma souris se mais en mode recharge/attente d'exécution (vous savez le prtit rond vide sous vista qui nous montre le chargement d'une appli ou autre) et cela sans arrête, en gros toutes les second le rond apparait et disparait.
de plus récemment, j'ai été victime d'une fraude via internet, donc je me demande s'il y a pas un logiciel spy d'installé sur mon pc qui détecte mes saisies clavier.

voici le scan hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:09, on 12/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\CaledosLAB\Caledos Automatic Wallpaper Changer\CaledosWallpaper6.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Users/Arian Noveir/Desktop/Streamy_4.0_beta.win32.win32.x86/Streamy/workspace/.metadata/.plugins/com.migniot.streamy.Browser/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.7.13.186:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] "C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe"  /s
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe (User 'Default user')
O4 - Startup: Caledos Wallpaper (startup).lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8c0faa6fa7d10) (gupdate1c8c0faa6fa7d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
O23 - Service: lxdi_device -   - C:\Windows\system32\lxdicoms.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 22111 bytes


merci de m'aider

bonne journée

jlpjlp · Answer

slt ton antivirus microsoft n'est pas bon et va etre arrété 

pour vérifier ton pc:


scan avec malwarebyte , fais un scan rapidex et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________ 





colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

ou kaspersky en ligne

phantomxlord · Answer

Pour l'antivirus je suis au courant mais comme ma licence va encore durée un an et qu'il y aura quand même des mise à jours je vais laisser tourner j'a a² qui l'aide a détecter avec le résident de spybot

j'ai fait 1 scanne via kaspersky il a rien trouvé mais malwarebyte commence l'analyse et se referme tout seul
faut il faire 1 analyse en mode sans échec?

j'ai analysé via windows defender et il a rien trouvé

mon hijackthis été normal?

jlpjlp · Answer

le rapport hiajkchtis est ok

essaie un scan rapide avec malwarebyte et pas un long sinon effectivement en mode sans echec

a plus

phantomxlord · Answer

voilà c'est fait et c'est ok aussi
bizarre je trouve

jlpjlp · Answer

ok

pour pousser un peu plus loin:



&#9654; Télécharge FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

&#9654; Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html

phantomxlord · Answer

Voilà le rapport


############################## | FindyKill V6.005 |

# User : #######################""
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 19:35:36 | 12/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 Duo CPU     T7500  @ 2.20GHz
# Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Disabled
# AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
# AV : Windows Live OneCare 1.0.0 [ Enabled | Updated ]
# AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
# FW : Norton Internet Security[ (!) Disabled ]2007
# FW : Pare-feu Windows Live OneCare[ Enabled ]1.0.0

# C:\ # Disque fixe local # 141,59 Go (1,79 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 149,05 Go (9,04 Go free) [DATA] # NTFS
# E:\ # Disque fixe local # 7,45 Go (2,3 Go free) [HP_RECOVERY] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM # 1,13 Mo (0 Mo free) [Movin key] # CDFS
# J:\ # Disque amovible # 7,41 Go (2,84 Go free) # FAT32
# K:\ # Disque fixe local # 465,75 Go (330,8 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\System32
otepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Registre Startup |

R1 - HKCU\..\Main: "Local Page"="C:\Windows\system32\blank.htm" 
R1 - HKCU\..\Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF" 
R1 - HKCU\..\Main: "Start Page"="https://www.google.com/?gws_rd=ssl" 
F2 - HKLM\..\logon:"Userinit"="C:\Windows\system32\userinit.exe," 
F2 - HKLM\..\logon:"LegalNoticeCaption"="" 
F2 - HKLM\..\logon:"LegalNoticeText"="" 
04 - HKLM\..\Run:  Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide 
04 - HKLM\..\Run:  WireLessMouse=C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe 
04 - HKLM\..\Run:  RtHDVCpl=RtHDVCpl.exe 
04 - HKLM\..\Run:  KMCONFIG=C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe 
04 - HKLM\..\Run:  CognizanceTS=rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule 
04 - HKLM\..\Run:  WAWifiMessage=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 
04 - HKLM\..\Run:  hpWirelessAssistant=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
04 - HKLM\..\Run:  OneCareUI="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" 
04 - HKLM\..\Run:  a-squared="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60 
04 - HKLM\..\Run:  SynTPStart=C:\Program Files\Synaptics\SynTP\SynTPStart.exe 
04 - HKLM\..\Run:  SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
04 - HKLM\..\Run:  QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start 
04 - HKLM\..\Run:  AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 
04 - HKLM\..\Run:  Dell MFP Color Laser Printer 3115cn Launcher="C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe"  /s 
04 - HKLM\..\Run:  lxdimon.exe="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" 
04 - HKLM\..\Run:  lxdiamon="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" 
04 - HKLM\..\Run:  FaxCenterServer="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s 
04 - HKLM\..\Run:  NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
04 - HKLM\..\Run:  NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
04 - HKLM\..\Run:  NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
04 - HKLM\..\Run:  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
04 - HKCU\..\Run:  SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe  
04 - HKCU\..\Run:  Gestionnaire Antidote.exe=C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe  
04 - HKCU\..\Run:  ehTray.exe=C:\Windows\ehome\ehTray.exe  
04 - HKCU\..\Run:  HKEY_CURRENT_USER\software\microsoft\windows\currentversionun\AdobeUpdater=  

################## | Fichiers # Dossiers infectieux |


################## | C:\Users\########\Temporary Internet Files |


################## | All Drives ... |

Présent ! I:\autorun.inf [2208f9836cc2f54d3c10f2b3582e20f2]  

################## | Registre # Clés Run infectieuses |

Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe    

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\J
shell\AutoRun\command =J:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{1893b613-99be-11dd-9499-001b24c24baf}
shell\AutoRun\command =H:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{21f51c95-c2a3-11dd-a22c-001b24c24baf}
shell\AutoRun\command =H:\winopen.exe iexplore www.klondikesilver.com/s/usb.asp

HKCU\..\..\Explorer\MountPoints2\{2e61620f-a19a-11dd-830b-001b24c24baf}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Boot.exe e
shell\Open\command =I:\Boot.exe e

HKCU\..\..\Explorer\MountPoints2\{33b1797f-a582-11dc-9e13-001b24c24baf}
shell\AutoRun\command =I:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{5db6adff-ad46-11dc-806c-001b24c24baf}
shell\AutoRun\command =I:\EXPLORER.EXE 
shell\explore\Command =I:\EXPLORER.EXE 
shell\open\Command =I:\EXPLORER.EXE 

HKCU\..\..\Explorer\MountPoints2\{66cb5f0b-cef6-11dc-9518-001b24c24baf}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{ae6d8d51-82f5-11dd-a194-001b24c24baf}
shell\AutoRun\command =H:\wdsync.exe 

HKCU\..\..\Explorer\MountPoints2\{ed6627fe-1b38-11dd-9054-001b24c24baf}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{ed662805-1b38-11dd-9054-001b24c24baf}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{f8a9210e-dc92-11dd-87b4-001b24c24baf}
shell\AutoRun\command =I:\LaunchU3.exe -a

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Uac : OK 
 
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 3 ( Good = 2 | Bad = 4 ) 
# windefend -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.005 ! |



Par contre je l'ai fait en étant en sans échec donc normal pour les disable de firewall etc etc

jlpjlp · Answer

ok en mode normal refais findykill choisi l'option 2 pour nettoyer et colle le rapport



puis dis nous comment se comporte ton pc


a plus

phantomxlord · Answer

Après option 2 y a pas eu de nouveau fichier txt de rapport
normal?

jlpjlp · Answer

non pas normal

refais findykill option 1 et colle le rapport



puis dis aussi comment va ton pc? si les soucis persistent

phantomxlord · Answer

J'ai refait l'option 2 en l'exécutant en administrateur et là c'est bon
pendant le scan onecare m'a supprimé deux ver obfuscator


############################## | FindyKill V6.005 |

# User : ******* (Administrateurs) # ******
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 20:14:26 | 12/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 Duo CPU     T7500  @ 2.20GHz
# Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Disabled
# AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
# AV : Windows Live OneCare 1.0.0 [ Enabled | Updated ]
# AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
# FW : Norton Internet Security[ (!) Disabled ]2007
# FW : Pare-feu Windows Live OneCare[ Enabled ]1.0.0

# C:\ # Disque fixe local # 141,59 Go (1,72 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 149,05 Go (9,04 Go free) [DATA] # NTFS
# E:\ # Disque fixe local # 7,45 Go (2,3 Go free) [HP_RECOVERY] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM # 1,13 Mo (0 Mo free) [Movin key] # CDFS
# J:\ # Disque amovible # 7,41 Go (2,84 Go free) # FAT32
# K:\ # Disque fixe local # 465,75 Go (330,8 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Users\Arian Noveir\Temporary Internet Files |


################## | All Drives ... |

(!) Non supprimé ! I:\autorun.inf   
################## | Autres ... |


################## | Registre # Clés Run infectieuses |

Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe    

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\J\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{1893b613-99be-11dd-9499-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{21f51c95-c2a3-11dd-a22c-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{2e61620f-a19a-11dd-830b-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{33b1797f-a582-11dc-9e13-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{5db6adff-ad46-11dc-806c-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{66cb5f0b-cef6-11dc-9518-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{ae6d8d51-82f5-11dd-a194-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{ed6627fe-1b38-11dd-9054-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{ed662805-1b38-11dd-9054-001b24c24baf}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{f8a9210e-dc92-11dd-87b4-001b24c24baf}\Shell\AutoRun\Command  

################## | Listing des fichiers présent |

[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[21/12/2007 07:39|--a------|212] - C:\BcBtRmv.log
[11/04/2009 08:36|-rahs----|333257] - C:\bootmgr
[18/09/2006 23:43|--a------|10] - C:\config.sys
[02/06/2008 21:22|--a------|3199] - C:\dvdlog.txt
[12/07/2009 20:48|--a------|6535] - C:\FindyKill.txt
[16/11/2008 15:30|--a------|1437] - C:\mpeg.txt
[12/11/2008 04:25|--a------|0] - C:\OrbPVR.db
[?|?|?] - C:\pagefile.sys
[10/01/2008 18:05|--a------|165] - C:\QPW.log
[12/03/2003 14:50|--ah-----|140] - C:\WM800918.bin
[16/02/2009 02:03|--a------|734205952] - D:\-The.Return.of.the.Pink.Panther.DVDrip.FRENCH.DivX.KiNG.avi
[18/03/2009 05:28|--a------|550727428] - D:\a la recherche de la panthere rose tvrip divx fr par julio.avi
[05/05/2009 22:25|--a------|134277883] - D:\AssassinsCreed.ipa
[20/05/2009 22:18|--a------|733110272] - D:\Fanboys.avi
[19/03/2009 03:50|--a------|733882368] - D:\INKHEART.2009.FRENCH.R5.MD.DivX.KiNG.avi
[09/07/2009 01:33|--a------|2093048527] - D:\La Belle Au Bois Dormant Blu-Ray 720p x264 DTS - SHERPA.mkv
[04/07/2009 16:52|--a------|733495296] - D:\Le.Monde.Des.Borrowers.TRUEFRENCH.DVDRip.XviD-HooPa.avi
[22/12/2008 03:42|--a------|1638303168] - D:\LocoRoco2.cso
[22/03/2009 11:22|--a------|7962291] - D:\Metro et RER de Paris_by KINDER.rar
[11/07/2009 15:57|--a------|262650276] - D:\MFX Lesbian trampling - Brutal face trampling of a submitted blonde slave girl - mf 1038.avi
[11/07/2009 23:26|--a------|265465100] - D:\MFX Lesbian trampling - Ebony mistress trample blonde slave girl  - mf 2349.avi
[11/07/2009 21:12|--a------|258726974] - D:\MFX Lesbian trampling - Face trampling , 4 mistress vs 1 slave girl - vn 0098.avi
[12/07/2009 04:43|--a------|530905096] - D:\MFX Lesbian trampling - Face trampling of a submitted slave girl 2 - mfp 154.avi
[09/07/2009 21:41|--a------|262430212] - D:\MFX Lesbian trampling - Hard trampling, 3 girls with high heels on cryng slave girl ,very strong! - vn 0124.avi
[11/07/2009 18:21|--a------|225867726] - D:\MFX Lesbian trampling submission - trample tits massacre - mf 2306.MPG
[11/07/2009 23:18|--a------|187689238] - D:\My.Name.is.Earl.S04E04.FRENCH.LD.HDTV.XviD-JMT.avi
[11/07/2009 23:16|--a------|187093448] - D:\My.Name.is.Earl.S04E05.FRENCH.LD.HDTV.XviD-JMT.avi
[11/07/2009 23:25|--a------|186694362] - D:\My.Name.is.Earl.S04E06.FRENCH.LD.HDTV.XviD-JMT.avi
[12/07/2009 00:03|--a------|190222706] - D:\My.Name.is.Earl.S04E10.FRENCH.LD.HDTV.XviD-JMT.avi
[12/07/2009 00:14|--a------|187319988] - D:\My.Name.is.Earl.S04E11.FRENCH.LD.HDTV.XviD-JMT.avi
[12/07/2009 00:20|--a------|187001408] - D:\My.Name.is.Earl.S04E12.FRENCH.LD.HDTV.XviD-JMT.avi
[25/06/2009 00:31|--a------|1767604284] - D:\NAVIGON-NAVIGATORv1.0.0.ipa
[08/03/2009 02:10|--a------|408409961] - D:\Patapon 2.cso
[06/03/2009 06:31|--a------|727875584] - D:\Punisher.War.Zone.FRENCH.DVDRiP.XviD-ULTRASON.avi
[07/07/2009 20:56|--a------|12439635] - D:\redsn0w-win_0.8.zip
[12/04/2009 14:08|--a------|4096659456] - D:\Rock and Roll Hall of Fame Ceremony 2009 - Metallica MPEG2 1080i - RAS.ts_new.m2ts
[21/02/2009 18:36|--a------|734709760] - D:\Role.Models.avi
[24/03/2009 23:15|--a------|20968005] - D:\Star Wars The Force Unleashed (v1.0.9).ipa
[20/02/2009 05:49|--a------|732481536] - D:\Surveillance.FRENCH.DVDRip.XviD-ZANBiC.avi
[01/04/2009 23:36|--a------|733378560] - D:\The Last Kiss.avi
[12/06/2009 20:18|--a------|733566976] - D:\The.Pink.Panther.2.FRENCH.DVDRip.XviD-SURViVAL.avi
[24/02/2009 23:57|--a------|733517824] - D:\Transporter.3.FRENCH.DVDRiP.XviD-ULTRASON.avi
[28/04/2009 01:01|--a------|734455808] - D:\Underworld.Rise.of.the.Lycans.FRENCH.DVDRip.XviD-SURViVAL.avi
[11/07/2009 15:58|--a------|1435202586] - D:\Watchmen.avi
[11/09/2005 17:18|---hs----|340] - E:\AUTOMODE
[07/12/2007 22:50|---hs----|13] - E:\BLOCK.RIN
[04/10/2006 01:02|---hs----|438328] - E:\bootmgr
[03/11/2006 21:43|---hs----|117] - E:\Desktop.ini
[10/09/2002 18:14|---hs----|8134] - E:\Folder.htt
[26/10/2007 08:29|---hs----|698] - E:\MASTER.LOG
[03/11/2005 17:19|---hs----|181736] - E:\protect.ed
[26/10/2007 08:29|---hs----|0] - E:\USER
[22/08/2008 19:52|-r-------|54] - I:\Autorun.inf
[29/07/2008 19:20|-r-------|234594] - I:\EN Memory bar manual.pdf
[29/07/2008 19:20|-r-------|177707] - I:\FR Memory bar manual.pdf
[17/03/2007 08:33|-r-------|716800] - I:\Memorybar.exe
[06/03/2008 09:37|-r-------|3774] - I:\Movin key.ico
[09/06/2009 11:50|--a------|18040566] - J:\Streamy_3.3_win32.zip
[11/06/2009 17:40|--a------|477240] - J:\semiv_1.jpg
[11/06/2009 17:32|--a------|697456] - J:\semiv_2.jpg
[07/07/2009 22:44|--a------|312292933] - J:\iPhone2,1_3.0_7A341_Restore.ipsw
[25/06/2009 00:31|--a------|1767604284] - J:\NAVIGON-NAVIGATORv1.0.0.ipa
[28/05/2009 08:46|--a------|273641] - J:\add_basket.psd
[27/05/2009 16:23|--a------|36126] - J:\font_quantite.psd
[27/05/2009 17:00|--a------|346583] - J:\apercu.psd
[27/05/2009 17:24|--a------|48910] - J:\caddie.psd
[08/03/2009 03:40|--a------|3093581824] - K:\Ambra.Experience.2008.BDRip.720p.sysy.avi
[26/03/2009 10:11|--a------|2676606976] - K:\Autodesk_3dsMax2009_DVD.iso
[08/03/2009 23:28|--a------|732465152] - K:\[I-F]Naruto Shippuuden le film - La Mort de Naruto.avi

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.  
# D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.  
# E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.  
# J:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.  
# K:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.  

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Uac : OK 
 
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) 
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# windefend -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 

################## | PEH ... |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.005 ! |

Virus et logiciel détéctant les tapes clavier

10 réponses

Discussions similaires

Newsletters