Win32.TrojanDownloader.Agent
podrob
Messages postés
15
Date d'inscription
Statut
Membre
Dernière intervention
-
podrob Messages postés 15 Date d'inscription Statut Membre Dernière intervention -
podrob Messages postés 15 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Je viens de perdre tout mon post (20min de rédaction), car j'ai de gros doigts, donc j'irai droit au but cette fois.
D'habitude je me débrouille seul, mais ici je patine un peu donc je viens faire appel à l'aide des experts qui rôdent par ici ;)
Symptômes :
- Différents process plutôt louches :
* Avec des nom aléatoires composé de six chiffres (ex : 570293)
* Plusieurs "cmd.exe" qui consomment bcp de ressources CPU
* "iexplorer.exe" lancé sans qu'aucune fenêtre IE soit ouverte (je n'utilise jamais IE)
- Des Alt-Tab spontannés lorsque je joue par exemple. Le jeu bascule sous Windows sans que je lui demande.
- L'interface Windows qui ne répond plus correctement :
* Le menu démarrer apparait mes les sous-menus et les boutons ne sont pas actifs
* Les icônes quicklaunch ne fonctionnent pas malgré le fait qu'il s'animent quand je clique dessus.
- Un programme "Yiqilai Lyrics" apparemment chinois qui s'installe tout seul, se lance parfois en tant que process, et semble impossible à désinstaller par voie normale.
Les diagnostiques des Antispyware :
Spypot : Il me trouve différentes choses que je supprime à chaque fois mais celà ne règle pas les problèmes.
Le résident Spybot Teatimer, me détecte souvent (au boot le plus souvent) bcp de modifications de registre, des valeurs ajoutées, des valeurs supprimées, que je refuse systématiquement.
Ad-Aware : Il me trouve un Virus (TAI 10) Win32.TrojanDownloader.Agent et d'autres joyeuseté commd es Redirected Hostfile Entries impossibles à supprimer. J'ai beau tout supprimer, celà revient toujours...
Regcleaner : J'ai effectué des nettoyages auto avec ce soft en me disant que ça pouvait être utile, je l'ai aussi utilisé pour virer les éléments yiqilai.com impossibles à supprimer autrement, de la liste des programmes installés notemment. Sans succès ça revient sans cesse aussi.
En desespoir de cause j'ai essayé d'installer Avast (Free Version), mais une erreur critique a lieu au milieu de l'installation. Ca sent le foin tout ça ! :)
J'ai effectué un scan online avec l'outils Symantec qui m'a trouvé ceci :
D:\Brikbrok\Bourdel de Grouik\Outils Utils Logs\Cleaning\CWShredder.exe is infected with Adware.Websearch
C:\WINDOWS\system32\antiwpa.dll is infected with Hacktool
C:\WINDOWS\system32\msporc.dll is infected with Backdoor.Graybird
C:\WINDOWS\system32\xmlhlpdat.dll is infected with Downloader
Comme un gros bourrin je me suis dit que les 2 premiers listés étaient "normaux" (hum) et j'ai donc virés les deux derniers listés à la mains sans passer par la corbeille....
Bref, avant de reformater l'ensemble, je viens donc poster ici mon log Hijackthis avec un dernier espoir de sauver ce système bien rempli, sans backup qui est le miens :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:47, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06 test 6\RivaTuner.exe
C:\WINDOWS\system32\taskmagr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Brikbrok\Bourdel de Grouik\Outils Utils Logs\Hijackthis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bradsoft.com/
O1 - Hosts: 60.173.10.243 www.sznews.com
O1 - Hosts: 60.173.10.243 www.baidu.com
O1 - Hosts: 60.173.10.243 www.idoer.org
O1 - Hosts: 60.173.10.243 baidu.com
O1 - Hosts: 60.173.10.243 www.lhgz.com.cn
O1 - Hosts: 60.173.10.243 qq123.d189.5kweb.cn
O1 - Hosts: 60.173.10.243 www.taxexpert.com.cn
O1 - Hosts: 60.173.10.243 web.szds.gov.cn
O1 - Hosts: 60.173.10.243 www.szgs.gov.cn
O1 - Hosts: 60.173.10.243 www.szds.gov.cn
O1 - Hosts: 60.173.10.243 www.qz315.cn
O1 - Hosts: 60.173.10.243 www.315safe.com
O1 - Hosts: 60.173.10.243 www.315.gov.cn
O1 - Hosts: 60.173.10.243 www.315wm.com
O1 - Hosts: 60.173.10.243 www.ca315.com.cn
O1 - Hosts: 60.173.10.243 www.315ts.net
O1 - Hosts: 60.173.10.243 szgz.gov.cn
O1 - Hosts: 60.173.10.243 www.szgz.gov.cn
O1 - Hosts: 60.173.10.243 wenwen.soso.com
O1 - Hosts: 60.173.10.243 qbar.qq.com
O1 - Hosts: 60.173.10.243 imsafe.qq.com
O1 - Hosts: 60.173.10.243 service.qq.com
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.1.1.1 555.hfdy2828.com
O1 - Hosts: 127.1.1.1 666.hfdy2828.com
O1 - Hosts: 127.0.1.1 59.34.216.143
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E5CEEDA-BC3A-4624-B932-F6025E979E74} - C:\Program Files\Internet Explorer\Rsentz.z91
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: (no name) - {A95083BE-3D1F-4C7E-ACCC-EC11EA9D498A} - C:\Program Files\Internet Explorer\UfzsKetNt.Ps3
O2 - BHO: JavaSunSurf Class - {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06 test 6\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06 test 6\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Alcmtr] anymie360.exe
O4 - HKLM\..\Policies\Explorer\Run: [qq] C:\DOCUME~1\Rob\LOCALS~1\Temp\585143
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-57989841-1547161642-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ghjmecno.dll,fghhmibe.dll,HBZHUXIAN.dll,HBWULIN2.dll,clafgnfi.dll,HBCHIBI.dll,HBTW2.dll,kfccmajk.dll,oephnmak.dll,mbhckeig.dll,bcjockjc.dll,lihlofaa.dll,baicmhnc.dll,nciimnic.dll,mocndgba.dll,aifkojnj.dll,pabcfphe.dll,enjlenil.dll,fcpikjee.dll,aeipdhak.dll,annghdlg.dll,phceafjl.dll,dobggkmb.dll,cpodliio.dll,ejjmdefk.dll,okodmlfk.dll,ogkmggdk.dll,bhdndaak.dll,enikimgp.dll,jakgkbni.dll,lakhhbfb.dll,mnpadelo.dll,dnhbcijo.dll,okniockd.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O21 - SSODL: 0136EC78 - {0136EC78-845D-4103-9AE7-D2F4A860E300} - C:\WINDOWS\system32\ghjmecno.dll
O21 - SSODL: C5AF07F2 - {C5AF07F2-0D18-4A52-B4F2-400B29ACC637} - C:\WINDOWS\system32\clafgnfi.dll
O21 - SSODL: F01162BE - {F01162BE-F75D-491D-B46F-0632164B9316} - C:\WINDOWS\system32\fghhmibe.dll
O21 - SSODL: 4FCC6A34 - {4FCC6A34-49C7-49CD-8457-8746ABBA4A2C} - C:\WINDOWS\system32\kfccmajk.dll
O21 - SSODL: 8E9176A4 - {8E9176A4-9C94-4A16-8843-6F42B0C78960} - C:\WINDOWS\system32\oephnmak.dll
O21 - SSODL: 6B1C4E20 - {6B1C4E20-030E-4757-BF0D-7E410C9AA51B} - C:\WINDOWS\system32\mbhckeig.dll
O21 - SSODL: BC38C43C - {BC38C43C-7319-4C56-BA61-F80F53C65E20} - C:\WINDOWS\system32\bcjockjc.dll
O21 - SSODL: 52158FAA - {52158FAA-7FCA-476C-BFA3-7C135676D905} - C:\WINDOWS\system32\lihlofaa.dll
O21 - SSODL: 187E16CA - {187E16CA-29F2-4046-A428-206164E2A8C4} - (no file)
O21 - SSODL: 7A87C5DA - {7A87C5DA-D26B-44E6-8711-515321418E13} - (no file)
O21 - SSODL: 56CE52F4 - {56CE52F4-B5E3-436A-BA04-2B672A02CDDF} - (no file)
O21 - SSODL: B23266BE - {B23266BE-D020-4C59-B3DB-E6956B752606} - (no file)
O21 - SSODL: 467FB717 - {467FB717-837B-4DE7-9A5E-2B42A353CA4C} - (no file)
O21 - SSODL: 7995C461 - {7995C461-CCA7-46F8-9505-4D7EF0C8466A} - (no file)
O21 - SSODL: 3AFE8CF1 - {3AFE8CF1-9392-4665-8D5A-775B1ABA7F7E} - (no file)
O21 - SSODL: 0D792E9D - {0D792E9D-54A8-4F79-962D-36E51BDBED94} - (no file)
O21 - SSODL: C6FB199A - {C6FB199A-846C-46FA-8FDF-5CCFEE779021} - (no file)
O21 - SSODL: 16913F10 - {16913F10-8C46-49E5-BFD4-F9EC3206305D} - (no file)
O21 - SSODL: 99EB4268 - {99EB4268-07D0-48C3-B334-163EB5521716} - (no file)
O21 - SSODL: D6C1A116 - {D6C1A116-B833-4F4F-871C-FDBE2E0C173E} - (no file)
O21 - SSODL: BA2C617C - {BA2C617C-AA42-46DD-81A9-0210EB00B285} - C:\WINDOWS\system32\baicmhnc.dll
O21 - SSODL: 9ABCF91E - {9ABCF91E-55D2-4A3D-AAFE-4C8789383B60} - C:\WINDOWS\system32\pabcfphe.dll
O21 - SSODL: A2F48373 - {A2F48373-0D34-4321-96B8-0C101AB0A261} - C:\WINDOWS\system32\aifkojnj.dll
O21 - SSODL: A829F352 - {A829F352-4FEF-4331-859D-C4A70FEAD4EB} - (no file)
O21 - SSODL: 336A0EC4 - {336A0EC4-EB82-41D7-997D-C89A11AE5DE5} - (no file)
O21 - SSODL: EF6447A6 - {EF6447A6-3A93-47C8-B898-13B7E069CF0C} - (no file)
O21 - SSODL: 1B9B0C3C - {1B9B0C3C-A0B5-4434-97CB-6BB1E64F6264} - (no file)
O21 - SSODL: 96EB6C46 - {96EB6C46-DFD9-45CA-87C5-500F86EC5BE0} - (no file)
O21 - SSODL: 9160D308 - {9160D308-DD6D-4C86-ADB8-2C5D509AF220} - (no file)
O21 - SSODL: FC9243EE - {FC9243EE-227E-4D9A-BB29-117EAFA860E7} - C:\WINDOWS\system32\fcpikjee.dll
O21 - SSODL: E735E725 - {E735E725-8B86-4775-887F-8311D6097AC4} - C:\WINDOWS\system32\enjlenil.dll
O21 - SSODL: 91CEAF35 - {91CEAF35-F8D6-4BC7-AA59-5E614D52AC4F} - C:\WINDOWS\system32\phceafjl.dll
O21 - SSODL: A7701D50 - {A7701D50-1C46-45D1-8CDB-F4EDBF4912CF} - C:\WINDOWS\system32\annghdlg.dll
O21 - SSODL: AE29D1A4 - {AE29D1A4-67F7-48D8-96B0-2E614BEDB740} - C:\WINDOWS\system32\aeipdhak.dll
O21 - SSODL: 84728C4D - {84728C4D-298B-4FC5-A783-57DECD9C2AA6} - C:\WINDOWS\system32\okniockd.dll
O21 - SSODL: 68C7D0BA - {68C7D0BA-D10A-4B81-A366-3DBE3CD7D821} - C:\WINDOWS\system32\mocndgba.dll
O21 - SSODL: 7C22672C - {7C22672C-BE49-42FE-A0A5-05F88DDA8E0F} - C:\WINDOWS\system32\nciimnic.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Je viens de perdre tout mon post (20min de rédaction), car j'ai de gros doigts, donc j'irai droit au but cette fois.
D'habitude je me débrouille seul, mais ici je patine un peu donc je viens faire appel à l'aide des experts qui rôdent par ici ;)
Symptômes :
- Différents process plutôt louches :
* Avec des nom aléatoires composé de six chiffres (ex : 570293)
* Plusieurs "cmd.exe" qui consomment bcp de ressources CPU
* "iexplorer.exe" lancé sans qu'aucune fenêtre IE soit ouverte (je n'utilise jamais IE)
- Des Alt-Tab spontannés lorsque je joue par exemple. Le jeu bascule sous Windows sans que je lui demande.
- L'interface Windows qui ne répond plus correctement :
* Le menu démarrer apparait mes les sous-menus et les boutons ne sont pas actifs
* Les icônes quicklaunch ne fonctionnent pas malgré le fait qu'il s'animent quand je clique dessus.
- Un programme "Yiqilai Lyrics" apparemment chinois qui s'installe tout seul, se lance parfois en tant que process, et semble impossible à désinstaller par voie normale.
Les diagnostiques des Antispyware :
Spypot : Il me trouve différentes choses que je supprime à chaque fois mais celà ne règle pas les problèmes.
Le résident Spybot Teatimer, me détecte souvent (au boot le plus souvent) bcp de modifications de registre, des valeurs ajoutées, des valeurs supprimées, que je refuse systématiquement.
Ad-Aware : Il me trouve un Virus (TAI 10) Win32.TrojanDownloader.Agent et d'autres joyeuseté commd es Redirected Hostfile Entries impossibles à supprimer. J'ai beau tout supprimer, celà revient toujours...
Regcleaner : J'ai effectué des nettoyages auto avec ce soft en me disant que ça pouvait être utile, je l'ai aussi utilisé pour virer les éléments yiqilai.com impossibles à supprimer autrement, de la liste des programmes installés notemment. Sans succès ça revient sans cesse aussi.
En desespoir de cause j'ai essayé d'installer Avast (Free Version), mais une erreur critique a lieu au milieu de l'installation. Ca sent le foin tout ça ! :)
J'ai effectué un scan online avec l'outils Symantec qui m'a trouvé ceci :
D:\Brikbrok\Bourdel de Grouik\Outils Utils Logs\Cleaning\CWShredder.exe is infected with Adware.Websearch
C:\WINDOWS\system32\antiwpa.dll is infected with Hacktool
C:\WINDOWS\system32\msporc.dll is infected with Backdoor.Graybird
C:\WINDOWS\system32\xmlhlpdat.dll is infected with Downloader
Comme un gros bourrin je me suis dit que les 2 premiers listés étaient "normaux" (hum) et j'ai donc virés les deux derniers listés à la mains sans passer par la corbeille....
Bref, avant de reformater l'ensemble, je viens donc poster ici mon log Hijackthis avec un dernier espoir de sauver ce système bien rempli, sans backup qui est le miens :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:47, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06 test 6\RivaTuner.exe
C:\WINDOWS\system32\taskmagr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Brikbrok\Bourdel de Grouik\Outils Utils Logs\Hijackthis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bradsoft.com/
O1 - Hosts: 60.173.10.243 www.sznews.com
O1 - Hosts: 60.173.10.243 www.baidu.com
O1 - Hosts: 60.173.10.243 www.idoer.org
O1 - Hosts: 60.173.10.243 baidu.com
O1 - Hosts: 60.173.10.243 www.lhgz.com.cn
O1 - Hosts: 60.173.10.243 qq123.d189.5kweb.cn
O1 - Hosts: 60.173.10.243 www.taxexpert.com.cn
O1 - Hosts: 60.173.10.243 web.szds.gov.cn
O1 - Hosts: 60.173.10.243 www.szgs.gov.cn
O1 - Hosts: 60.173.10.243 www.szds.gov.cn
O1 - Hosts: 60.173.10.243 www.qz315.cn
O1 - Hosts: 60.173.10.243 www.315safe.com
O1 - Hosts: 60.173.10.243 www.315.gov.cn
O1 - Hosts: 60.173.10.243 www.315wm.com
O1 - Hosts: 60.173.10.243 www.ca315.com.cn
O1 - Hosts: 60.173.10.243 www.315ts.net
O1 - Hosts: 60.173.10.243 szgz.gov.cn
O1 - Hosts: 60.173.10.243 www.szgz.gov.cn
O1 - Hosts: 60.173.10.243 wenwen.soso.com
O1 - Hosts: 60.173.10.243 qbar.qq.com
O1 - Hosts: 60.173.10.243 imsafe.qq.com
O1 - Hosts: 60.173.10.243 service.qq.com
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.1.1.1 555.hfdy2828.com
O1 - Hosts: 127.1.1.1 666.hfdy2828.com
O1 - Hosts: 127.0.1.1 59.34.216.143
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E5CEEDA-BC3A-4624-B932-F6025E979E74} - C:\Program Files\Internet Explorer\Rsentz.z91
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: (no name) - {A95083BE-3D1F-4C7E-ACCC-EC11EA9D498A} - C:\Program Files\Internet Explorer\UfzsKetNt.Ps3
O2 - BHO: JavaSunSurf Class - {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06 test 6\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06 test 6\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Alcmtr] anymie360.exe
O4 - HKLM\..\Policies\Explorer\Run: [qq] C:\DOCUME~1\Rob\LOCALS~1\Temp\585143
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-57989841-1547161642-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ghjmecno.dll,fghhmibe.dll,HBZHUXIAN.dll,HBWULIN2.dll,clafgnfi.dll,HBCHIBI.dll,HBTW2.dll,kfccmajk.dll,oephnmak.dll,mbhckeig.dll,bcjockjc.dll,lihlofaa.dll,baicmhnc.dll,nciimnic.dll,mocndgba.dll,aifkojnj.dll,pabcfphe.dll,enjlenil.dll,fcpikjee.dll,aeipdhak.dll,annghdlg.dll,phceafjl.dll,dobggkmb.dll,cpodliio.dll,ejjmdefk.dll,okodmlfk.dll,ogkmggdk.dll,bhdndaak.dll,enikimgp.dll,jakgkbni.dll,lakhhbfb.dll,mnpadelo.dll,dnhbcijo.dll,okniockd.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O21 - SSODL: 0136EC78 - {0136EC78-845D-4103-9AE7-D2F4A860E300} - C:\WINDOWS\system32\ghjmecno.dll
O21 - SSODL: C5AF07F2 - {C5AF07F2-0D18-4A52-B4F2-400B29ACC637} - C:\WINDOWS\system32\clafgnfi.dll
O21 - SSODL: F01162BE - {F01162BE-F75D-491D-B46F-0632164B9316} - C:\WINDOWS\system32\fghhmibe.dll
O21 - SSODL: 4FCC6A34 - {4FCC6A34-49C7-49CD-8457-8746ABBA4A2C} - C:\WINDOWS\system32\kfccmajk.dll
O21 - SSODL: 8E9176A4 - {8E9176A4-9C94-4A16-8843-6F42B0C78960} - C:\WINDOWS\system32\oephnmak.dll
O21 - SSODL: 6B1C4E20 - {6B1C4E20-030E-4757-BF0D-7E410C9AA51B} - C:\WINDOWS\system32\mbhckeig.dll
O21 - SSODL: BC38C43C - {BC38C43C-7319-4C56-BA61-F80F53C65E20} - C:\WINDOWS\system32\bcjockjc.dll
O21 - SSODL: 52158FAA - {52158FAA-7FCA-476C-BFA3-7C135676D905} - C:\WINDOWS\system32\lihlofaa.dll
O21 - SSODL: 187E16CA - {187E16CA-29F2-4046-A428-206164E2A8C4} - (no file)
O21 - SSODL: 7A87C5DA - {7A87C5DA-D26B-44E6-8711-515321418E13} - (no file)
O21 - SSODL: 56CE52F4 - {56CE52F4-B5E3-436A-BA04-2B672A02CDDF} - (no file)
O21 - SSODL: B23266BE - {B23266BE-D020-4C59-B3DB-E6956B752606} - (no file)
O21 - SSODL: 467FB717 - {467FB717-837B-4DE7-9A5E-2B42A353CA4C} - (no file)
O21 - SSODL: 7995C461 - {7995C461-CCA7-46F8-9505-4D7EF0C8466A} - (no file)
O21 - SSODL: 3AFE8CF1 - {3AFE8CF1-9392-4665-8D5A-775B1ABA7F7E} - (no file)
O21 - SSODL: 0D792E9D - {0D792E9D-54A8-4F79-962D-36E51BDBED94} - (no file)
O21 - SSODL: C6FB199A - {C6FB199A-846C-46FA-8FDF-5CCFEE779021} - (no file)
O21 - SSODL: 16913F10 - {16913F10-8C46-49E5-BFD4-F9EC3206305D} - (no file)
O21 - SSODL: 99EB4268 - {99EB4268-07D0-48C3-B334-163EB5521716} - (no file)
O21 - SSODL: D6C1A116 - {D6C1A116-B833-4F4F-871C-FDBE2E0C173E} - (no file)
O21 - SSODL: BA2C617C - {BA2C617C-AA42-46DD-81A9-0210EB00B285} - C:\WINDOWS\system32\baicmhnc.dll
O21 - SSODL: 9ABCF91E - {9ABCF91E-55D2-4A3D-AAFE-4C8789383B60} - C:\WINDOWS\system32\pabcfphe.dll
O21 - SSODL: A2F48373 - {A2F48373-0D34-4321-96B8-0C101AB0A261} - C:\WINDOWS\system32\aifkojnj.dll
O21 - SSODL: A829F352 - {A829F352-4FEF-4331-859D-C4A70FEAD4EB} - (no file)
O21 - SSODL: 336A0EC4 - {336A0EC4-EB82-41D7-997D-C89A11AE5DE5} - (no file)
O21 - SSODL: EF6447A6 - {EF6447A6-3A93-47C8-B898-13B7E069CF0C} - (no file)
O21 - SSODL: 1B9B0C3C - {1B9B0C3C-A0B5-4434-97CB-6BB1E64F6264} - (no file)
O21 - SSODL: 96EB6C46 - {96EB6C46-DFD9-45CA-87C5-500F86EC5BE0} - (no file)
O21 - SSODL: 9160D308 - {9160D308-DD6D-4C86-ADB8-2C5D509AF220} - (no file)
O21 - SSODL: FC9243EE - {FC9243EE-227E-4D9A-BB29-117EAFA860E7} - C:\WINDOWS\system32\fcpikjee.dll
O21 - SSODL: E735E725 - {E735E725-8B86-4775-887F-8311D6097AC4} - C:\WINDOWS\system32\enjlenil.dll
O21 - SSODL: 91CEAF35 - {91CEAF35-F8D6-4BC7-AA59-5E614D52AC4F} - C:\WINDOWS\system32\phceafjl.dll
O21 - SSODL: A7701D50 - {A7701D50-1C46-45D1-8CDB-F4EDBF4912CF} - C:\WINDOWS\system32\annghdlg.dll
O21 - SSODL: AE29D1A4 - {AE29D1A4-67F7-48D8-96B0-2E614BEDB740} - C:\WINDOWS\system32\aeipdhak.dll
O21 - SSODL: 84728C4D - {84728C4D-298B-4FC5-A783-57DECD9C2AA6} - C:\WINDOWS\system32\okniockd.dll
O21 - SSODL: 68C7D0BA - {68C7D0BA-D10A-4B81-A366-3DBE3CD7D821} - C:\WINDOWS\system32\mocndgba.dll
O21 - SSODL: 7C22672C - {7C22672C-BE49-42FE-A0A5-05F88DDA8E0F} - C:\WINDOWS\system32\nciimnic.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
A voir également:
- Win32.TrojanDownloader.Agent
- Puabundler win32 candyopen - Forum Virus
- Win32:miscx-gen ✓ - Forum Linux / Unix
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- Trojan win32 - Forum Virus
26 réponses
Mmh en attendant je me demandais, je devrais pas désactiver la restoration système ? Je vois que MB trouve des merdes dans le dossier c:\system volume information\_restore_blahblah
C'est pas lié ?
C'est pas lié ?
Bon voilà un log Malware Byte. C'est le 3ème et il trouve de plus en plus d'éléments infectés !
Le log après vidange de la quarantaine :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
16/01/2009 20:52:33
mbam-log-2009-01-16 (20-52-33).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 103663
Temps écoulé: 19 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\csrss.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Not selected for removal.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\b54321.ieencryptapp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09eb15fa-17d8-4d60-8598-3f549a848df2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09eb15fa-17d8-4d60-8598-3f549a848df2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09eb15fa-17d8-4d60-8598-3f549a848df2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68f25c63-e798-4255-89ce-243aa3757638} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68f25c63-e798-4255-89ce-243aa3757638} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apcdli (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Alcmtr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Common Files\PushWare (Adware.CPush) -> Delete on reboot.
C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\iTunes (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Internet Explorer\PLUGINS\b54321.bho (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Rob\Local Settings\Temp\11529.dll (Trojan.Starter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\84a1.dll (Trojan.Starter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\fd0d.dll (Trojan.Starter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\suchots.exe (Trojan.Ducky) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Temporary Internet Files\Content.IE5\1N3C0V26\newads26[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Temporary Internet Files\Content.IE5\1N3C0V26\newads28[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Temporary Internet Files\Content.IE5\3DJLO6MW\newads21[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anymie360.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PushWare\cpush.dll (Adware.CPush) -> Delete on reboot.
C:\Program Files\Common Files\PushWare\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\iTunes\iTunesYQLyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer\RealYQLyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_ui_columns.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_ui_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\iTunesYQLyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\RealYQLyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\Ò»ÆðÀ´ÒôÀÖÖúÊÖ°ïÖú.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\GetMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\music.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\csrss.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Not selected for removal.
C:\WINDOWS\system32\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HBWULIN2.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\HBCHIBI.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll (Adware.CPush) -> Delete on reboot.
C:\Documents and Settings\Rob\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\cpush.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Je reboot pour un scan RSIT...
Le log après vidange de la quarantaine :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
16/01/2009 20:52:33
mbam-log-2009-01-16 (20-52-33).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 103663
Temps écoulé: 19 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 40
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\csrss.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Not selected for removal.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\b54321.ieencryptapp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09eb15fa-17d8-4d60-8598-3f549a848df2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09eb15fa-17d8-4d60-8598-3f549a848df2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09eb15fa-17d8-4d60-8598-3f549a848df2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68f25c63-e798-4255-89ce-243aa3757638} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68f25c63-e798-4255-89ce-243aa3757638} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apcdli (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Alcmtr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Common Files\PushWare (Adware.CPush) -> Delete on reboot.
C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\iTunes (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Internet Explorer\PLUGINS\b54321.bho (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Rob\Local Settings\Temp\11529.dll (Trojan.Starter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\84a1.dll (Trojan.Starter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\fd0d.dll (Trojan.Starter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\suchots.exe (Trojan.Ducky) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Temporary Internet Files\Content.IE5\1N3C0V26\newads26[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Temporary Internet Files\Content.IE5\1N3C0V26\newads28[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Temporary Internet Files\Content.IE5\3DJLO6MW\newads21[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anymie360.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PushWare\cpush.dll (Adware.CPush) -> Delete on reboot.
C:\Program Files\Common Files\PushWare\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\iTunes\iTunesYQLyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer\RealYQLyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_ui_columns.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_ui_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\iTunesYQLyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\RealYQLyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\Ò»ÆðÀ´ÒôÀÖÖúÊÖ°ïÖú.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\GetMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\music.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\csrss.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Not selected for removal.
C:\WINDOWS\system32\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HBWULIN2.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\HBCHIBI.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll (Adware.CPush) -> Delete on reboot.
C:\Documents and Settings\Rob\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\cpush.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Je reboot pour un scan RSIT...
Re,
-Tu utilises une version pirate de WINDOWS;
J'utilise une version piratée de Windows
Pourquoi CCM n'aide pas à pirater des logiciels
Charte d'utilisation de CommentCaMarche.net - Aspects légaux
le bonus
Le super bonus
-Tu utilises une version pirate de WINDOWS;
J'utilise une version piratée de Windows
Pourquoi CCM n'aide pas à pirater des logiciels
Charte d'utilisation de CommentCaMarche.net - Aspects légaux
le bonus
Le super bonus
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Oooh désolé de t'avoir fait perdre ton temps alors. Sincèrement.
Je ne savais pas que ce genre de principes étaient d'actualité ici, j'ai cru que ce forum était une endroit ou la majorité des utilisateurs "casual" pouvaient exprimer leurs problèmes. Car on sait tous qu'il y a plus de particuliers "pirates", que de particuliers propriétaire d'une licence bien sûr...
Soit, loin de moi l'idée de lancer un débat stérile sur le prix des licences Windows, ou pire sur leur rapport qualité/prix !!! Non je veux juste m'excuser de t'avoir fait perdre ton temps.
Je vais encore passer quelques scans mais le problème semble récurent et je n'ai pas les compétences requises pour m'en débarasser. Un petit format C: fera l'affaire, et c'est reparti pour deux ans... for free ! ;)
ps : Si mes jeux tournaient sous Linux, je me transformerais en Pingouin bien volontier. Malheureusement, j'aime le jeu vidéo et dans cette mesure, je n'ai pas bcp de choix. Pourquoi devrai-je payer pour une olbligation dictée par les lois de la demande et du marché ?
Merci encore pour ton aide ;)
Je ne savais pas que ce genre de principes étaient d'actualité ici, j'ai cru que ce forum était une endroit ou la majorité des utilisateurs "casual" pouvaient exprimer leurs problèmes. Car on sait tous qu'il y a plus de particuliers "pirates", que de particuliers propriétaire d'une licence bien sûr...
Soit, loin de moi l'idée de lancer un débat stérile sur le prix des licences Windows, ou pire sur leur rapport qualité/prix !!! Non je veux juste m'excuser de t'avoir fait perdre ton temps.
Je vais encore passer quelques scans mais le problème semble récurent et je n'ai pas les compétences requises pour m'en débarasser. Un petit format C: fera l'affaire, et c'est reparti pour deux ans... for free ! ;)
ps : Si mes jeux tournaient sous Linux, je me transformerais en Pingouin bien volontier. Malheureusement, j'aime le jeu vidéo et dans cette mesure, je n'ai pas bcp de choix. Pourquoi devrai-je payer pour une olbligation dictée par les lois de la demande et du marché ?
Merci encore pour ton aide ;)