5 trojan.win32.monder.gen et 3 trojan generic

bilibob78 Messages postés 86 Statut Membre -  
bilibob78 Messages postés 86 Statut Membre -
Bonjour,
J'ai un petit problème de virus, je suis pris avec 5 trojan.win32.monder.gen et 3 trojan generic...
Quelqu'un peu m'aider s'il vous Plait!!! Cela serait vraiment aprécié.
Configuration: Windows Vista Internet Explorer 7.0

14 réponses

  1. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Win32.Monder, c' est un variant de Vundo !

    -----
    Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
    http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

    PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
    puis sur Supprimer la sélection.

    -----
    Ensuite, fais un scan HijackThis :
    http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ... et poste le rapport.
    0
  2. bilibob78 Messages postés 86 Statut Membre
     
    voilà le rapport de malaware...

    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2507
    Windows 6.0.6001 Service Pack 1

    2009-07-26 18:49:36
    mbam-log-2009-07-26 (18-49-36).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 276735
    Temps écoulé: 1 hour(s), 19 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\Alex\documents\cs non-steam hack\SSW4.8\SSW4.8.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    c:\Users\Alex\documents\cs non-steam hack\SSWv5.0\SSWv5.0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    c:\Users\Alex\documents\cs non-steam hack\wallhack\SSWv4.7.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

    Et puis celui de hijackthis...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:00:51, on 2009-07-26
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dealsplus.com/karmaloop-coupons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MEGAUPLOAD 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.spineworld.com/s?method=register"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-ca.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.210.72.31/activex/AxisCamControl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  3. bilibob78 Messages postés 86 Statut Membre
     
    je fait quoi après cela?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    (si ce n’ est déjà fait) Télécharge CCleaner :
    http://www.filehippo.com/download_ccleaner.html
    ("Download Latest Version", sur la droite) et laisse-toi guider.
    A un moment, il te sera demandé de cocher :
    "Ajouter la barre d' outils Yahoo". Refuse et …
    Laisse-le s’ installer tel que …

    -------
    Redémarre le PC en mode sans échec ...
    https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
    (méthode F8 de préférence)

    --------------------------------------------
    Tu n' auras pas accès à Internet pendant le "mode sans échec".
    Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
    sur le "bureau" pour l' avoir à ta disposition.
    --------------------------------------------

    Ferme toutes les fenêtres et applications.
    Relance HijackThis et clique sur > Do a system scan only puis, coche
    les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

    Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

    Rends-toi dans Démarrer > Poste de travail > Panneau de config. > Programmes et fonctionnalités et
    supprimes, si tu le trouves :

    Megaupload

    Puis, va dans > Démarrer > Poste de travail > C:\ > Program Files

    et supprime le(s) programme(s) en gras, ci-dessous, si tu le(s) trouves.

    Megaupload <--

    Lance CCleaner ...
    Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
    (re)Lance le nettoyage et (re)confirme par OK.

    Redémarre le PC en mode normal ...

    Télécharge Toolbar S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique maintenant sur le raccourci de Toolbar-S&D.
    Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
    Ensuite, choisis l'option 1 (Recherche).
    Patiente jusqu'à la fin de la recherche.
    Le contenu du rapport est situé dans : C:\TB.txt
    Poste-le.

    ---
    Enfin, fais ce scan en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Clique sur J' accepte > Démarrer l' analyse, etc ...

    Une fois le scan achevé, sauvegarde le rapport et poste-le.

    Tuto : https://forum.pcastuces.com/default.asp

    ---
    PS : désactive tes protections résidentes, notamment celle de Kaspersky le temps du scan ...

    -----
    A propos de ta version d' Adobe Reader (9.0) qui est susceptible de contenir des failles de sécurité :

    installe la toute dernière version : http://www.secuser.com/vulnerabilite/2009/090429-adobe-reader.htm

    http://www.secuser.com/faq/securite/#faille_securite

    ---
    Par ailleurs, concernant les toolbars, je t' invite à lire ce qui suit :

    https://forum.malekal.com/viewtopic.php?f=45&t=6173
    0
  6. bilibob78 Messages postés 86 Statut Membre
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A13
    USER : Alex ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 7.0.0.125 (Activated)
    C:\ (Local Disk) - NTFS - Total:220 Go (Free:126 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
    E:\ (CD or DVD)
    G:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 2009-07-27|20:14 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.dealsplus.com/karmaloop-coupons"
    "Default_Page_URL"="https://www.google.ca"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\Alex\Music\Bishop Lamont - Pope Mobile\01-pope_mobile_intro_heaven_ft._bilal_&_rev._keep_it_crackin_(produced_by_dr._dre).mp3
    C:\Users\Alex\Music\EminemTheDayAfterRelapse\Eminem - The Day After Relapse\01 - Eminem - Crack a Bottle (feat. Dr. Dre & 50 Cent) [Extended].mp3
    C:\Users\Alex\Music\EminemTheDayAfterRelapse\Eminem - The Day After Relapse\10 - Eminem - Crack a Bottle Remix (feat. Ca$his and Bobby Creek).mp3
    C:\Users\Alex\Music\Ghostface Killah - 2006 - Fishscale\Ghostface Killah - 2006 - Fishscale\09-ghostface_killah-columbus_exchange_(skit)-crack_spot.mp3
    C:\Users\Alex\Music\Jay-Z - Vol.1 - In My Lifetime - 1997\Jay-Z - Vol.1 - In My Lifetime - 1997\97\12-jay-z-rap_game-_crack_game-rec.mp3
    C:\Users\Alex\Music\Notorious B.I.G - Greatest hits\Notorious_B.I.G.-Greatest_Hits-2007-\Notorious_B.I.G.-Greatest_Hits-2007-\09-ten_crack_commandments.mp3

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 2009-07-27|20:15 - Option : [1]

    -----------\\ Fin du rapport a 20:15:37,98
    0
  7. bilibob78 Messages postés 86 Statut Membre
     
    Voici le scan de bitdefender

    BitDefender Online Scanner

    Scan report generated at: Mon, Jul 27, 2009 - 21:46:32

    Scan path: C:\;D:\;E:\;G:\;

    Statistics

    Time
    01:13:46

    Files
    406823

    Folders
    23705

    Boot Sectors
    0

    Archives
    2549

    Packed Files
    31761

    Results

    Identified Viruses
    5

    Infected Files
    9

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    9

    Engines Info

    Virus Definitions
    3850199

    Engine build
    AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

    Scan plugins
    17

    Archive plugins
    44

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    4

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Users\Alex\Documents\CS non-steam hack\BaDBoYv5_www.cs16-hacks.de.tl\BaDBoYv5\BaDBoYv5.exe
    Infected with: Trojan.Generic.1012384

    C:\Users\Alex\Documents\CS non-steam hack\BaDBoYv5_www.cs16-hacks.de.tl\BaDBoYv5\BaDBoYv5.exe
    Deleted

    C:\Users\Alex\Documents\CS non-steam hack\SSWv5.0\SSWv5.0.dll
    Infected with: Worm.Generic.37831

    C:\Users\Alex\Documents\CS non-steam hack\SSWv5.0\SSWv5.0.dll
    Deleted

    C:\Users\Alex\Documents\CS non-steam hack\wallhack\SSWv4.7.dll
    Infected with: Worm.Generic.37788

    C:\Users\Alex\Documents\CS non-steam hack\wallhack\SSWv4.7.dll
    Deleted

    C:\Users\Alex\Documents\CS non-steam hack\xqz_hack_1.44\xqz hack 1.44\Xqz hack 1.44.exe
    Infected with: Backdoor.Generic.114806

    C:\Users\Alex\Documents\CS non-steam hack\xqz_hack_1.44\xqz hack 1.44\Xqz hack 1.44.exe
    Deleted

    C:\Users\Alex\Documents\LimeWire\Saved\Kid Cudi - Day 'N' Nite.zip=>Kid Cudi - Day 'N' Nite/Kid Cudi - Day 'N' Nite.mp3.exe
    Infected with: Trojan.Generic.1854064

    C:\Users\Alex\Documents\LimeWire\Saved\Kid Cudi - Day 'N' Nite.zip=>Kid Cudi - Day 'N' Nite/Kid Cudi - Day 'N' Nite.mp3.exe
    Deleted

    C:\Users\Alex\Documents\LimeWire\Saved\Kid Cudi - Day 'N' Nite.zip
    Updated

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>SSWv5.0\SSWv5.0.dll
    Infected with: Worm.Generic.37831

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>SSWv5.0\SSWv5.0.dll
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>wallhack\SSWv4.7.dll
    Infected with: Worm.Generic.37788

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>wallhack\SSWv4.7.dll
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>xqz_hack_1.44\xqz hack 1.44\Xqz hack 1.44.exe
    Infected with: Backdoor.Generic.114806

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>xqz_hack_1.44\xqz hack 1.44\Xqz hack 1.44.exe
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>BaDBoYv5_www.cs16-hacks.de.tl\BaDBoYv5\BaDBoYv5.exe
    Infected with: Trojan.Generic.1012384

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>BaDBoYv5_www.cs16-hacks.de.tl\BaDBoYv5\BaDBoYv5.exe
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed
    0
  8. bilibob78 Messages postés 86 Statut Membre
     
    À voir le rapport de Bit defender... il y en reste une coupe à éliminer!
    0
  9. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    "À voir le rapport de Bit defender... il y en reste une coupe à éliminer! "

    Non, pas tant que cela ...

    Relance un scan BitDefender et poste le rapport.

    -----

    "--------------------\\ Cracks & Keygens ..

    C:\Users\Alex\Music\Bishop Lamont - Pope Mobile\01-pope_mobile_intro_heaven_ft._bilal_&_rev._keep_it_crackin_(produced_by_dr._dre).mp3
    C:\Users\Alex\Music\EminemTheDayAfterRelapse\Eminem - The Day After Relapse\01 - Eminem - Crack a Bottle (feat. Dr. Dre & 50 Cent) [Extended].mp3
    C:\Users\Alex\Music\EminemTheDayAfterRelapse\Eminem - The Day After Relapse\10 - Eminem - Crack a Bottle Remix (feat. Ca$his and Bobby Creek).mp3
    C:\Users\Alex\Music\Ghostface Killah - 2006 - Fishscale\Ghostface Killah - 2006 - Fishscale\09-ghostface_killah-columbus_exchange_(skit)-crack_spot.mp3
    C:\Users\Alex\Music\Jay-Z - Vol.1 - In My Lifetime - 1997\Jay-Z - Vol.1 - In My Lifetime - 1997\97\12-jay-z-rap_game-_crack_game-rec.mp3
    C:\Users\Alex\Music\Notorious B.I.G - Greatest hits\Notorious_B.I.G.-Greatest_Hits-2007-\Notorious_B.I.G.-Greatest_Hits-2007-\09-ten_crack_commandments.mp3
    "

    A lire à propos des cracks : https://forum.malekal.com/viewtopic.php?t=893&start=

    et aussi : https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/

    ---
    0
  10. bilibob78 Messages postés 86 Statut Membre
     
    Voici mon rapport de Bitdefender...dois-je deleter les fichiers en gras manuellement...(cracks)

    BitDefender Online Scanner

    Scan report generated at: Tue, Jul 28, 2009 - 19:04:20

    Scan path: C:\;D:\;E:\;G:\;

    Statistics

    Time
    01:14:40

    Files
    410675

    Folders
    23715

    Boot Sectors
    0

    Archives
    2551

    Packed Files
    31853

    Results

    Identified Viruses
    4

    Infected Files
    4

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    4

    Engines Info

    Virus Definitions
    3869281

    Engine build
    AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

    Scan plugins
    17

    Archive plugins
    45

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    4

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>SSWv5.0\SSWv5.0.dll
    Infected with: Worm.Generic.37831

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>SSWv5.0\SSWv5.0.dll
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>wallhack\SSWv4.7.dll
    Infected with: Worm.Generic.37788

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>wallhack\SSWv4.7.dll
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>xqz_hack_1.44\xqz hack 1.44\Xqz hack 1.44.exe
    Infected with: Backdoor.Generic.114806

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>xqz_hack_1.44\xqz hack 1.44\Xqz hack 1.44.exe
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>BaDBoYv5_www.cs16-hacks.de.tl\BaDBoYv5\BaDBoYv5.exe
    Infected with: Trojan.Generic.1012384

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar=>BaDBoYv5_www.cs16-hacks.de.tl\BaDBoYv5\BaDBoYv5.exe
    Deleted

    C:\Users\Alex\Downloads\Fichier WinRar\cs_non_steam_hack_pack.rar
    Update failed
    0
  11. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Si tu as pris connaissance des liens que j' ai mis et que tu es convaincu des problèmes que cela peut
    engendrer, alors, tu sais ce qu' il te reste à faire pour ces cracks !

    ---
    Un autre scan en ligne ...

    Lance un scan Nod32 : https://www.eset.com/
    (il faut utiliser Internet Explorer) …

    - coche toutes les cases à chaque fois, et lorsque c'est terminé, poste le rapport :
    - C:\Program Files\EsetOnlineScanner\log.txt <--
    0
  12. bilibob78 Messages postés 86 Statut Membre
     
    voici ce qu'il y avait dans log.txt

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK

    et voici ce que la fenetre du scan disait:

    C:\Downloads\FamilyFeudSetup-dm[1].exe Win32/Adware.Trymedia application cleaned by deleting - quarantined
    C:\Users\Alex\Documents\CS non-steam hack\SSW4.8\SSW4.8.dll a variant of Win32/Conficker.X worm cleaned by deleting - quarantined
    C:\Users\Alex\Downloads\AutoClick.exe Win32/TrojanClicker.Agent.NFX trojan cleaned by deleting - quarantined
    C:\Users\Public\Downloads\FamilyFeudSetup-dm[1].exe Win32/Adware.Trymedia application cleaned by deleting - quarantined
    0
  13. Krunch
     
    je peut te dire que c'est pas des hack que ta downloader pour css mais belle et bien des virus
    0
  14. bilibob78 Messages postés 86 Statut Membre
     
    L'affaire c'est que j'ai pas voulu les downloader....c'est un de mes amis qui a downloader Css et il ma passé sa clé USB pour que je l'install sur mon ordi.
    0