Wintrim gj

mandy911 Messages postés 1 Statut Membre -  
 mandy911 -
Bonjour,

Voilà, je suis complètement novice (c'est mon premier PC), et je m'aperçois en utilisant l'anti-spy de yahoo qu'un trojan nommé wintrim gj est introduit dans mon ordinateur. Je ne parviens pas le supprimer. Quelqu'un pourrait-il m'aider dans les étapes de désinfection, les rapports, etc ?

36 réponses

Précédent
  • 1
  • 2
Réponse 21 / 36
Mandy911
 
A ceux qui auront le courage de lire jusqu'au bout ...


J'ai fait le test sur VirusTotal pour le fichier de TelephoneSurPC. Je ne le poste pas car il n'a rien trouvé.

Pas moyen de faire le scan en ligne sur kaspersky, donc j'ai installé Kaspersky Virus Remover, et là il m'a trouvé Worm.Win32.AutoRun.axog sur le fichier C:Windows\sysWOW64\dccaecfae.dll. Mais impossible de le désinfecter.

Donc scan complet avec F-secure, BitDefender et TrendMicro, qui ont supprimé 2 ou 3 vers/virus. J'ai vérifié ensuite avec F-Secure et McAfee qui ne trouvent plus rien.

Le problème, c'est qu'au départ, le rapport de VirusTotal indiquaient 10 infections, avec d'autres logiciels qui détectaient des virus aux noms différents de ceux qui ont été éliminés.

=> Ca signifie :

-soit qu'il y en a encore 5 qui se baladent dans mon ordinateur (d'ailleurs, ya un foutoire monstre dans mes dossiers ; c'est à cause d'eux ?).

- soit qu'un même virus est détecté sous plusieurs noms.

Voici le test sur VirusTotal au départ : http://www.virustotal.com/fr/analisis/cfe8c28d908f3de8f96f4a5b0f5e23338c5404dd1982657dc9bf65606150bfb1-1254625480

Après tous les scans et désinfections ci-dessus, j'aurais aimais refaire le test sur VirusTotal mais le fichier en question (C:\Windows\system32\dccaecfae.dll) est introuvable. Idem pour le fichier infecté repéré par Kaspersky.

Ca voudrait dire que tout est propre? J'ai pas l'impression ...

Merci de me renseiggner : (
0
Réponse 22 / 36
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
Hello,



1/
*Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

*Télécharge OTM (OldTimer) sur ton Bureau :

*Double-clique sur OTM.exe afin de le lancer.

* Copie (Ctrl+C) le texte en gras ci-dessous :



:processes
explorer.exe


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dccaecfae]
"dccaecfae" =-




:files
C:\Windows\system32\dccaecfae.dll
C:\Program Files (x86)\AskBarDis
C:\Users\amandine\AppData\Roaming\live-player
C:\Program Files (x86)\Live-Player

:commands
[purity]
[emptytemp]
[reboot]




*Colle (Ctrl+V) le texte précédemment copié dans le cadre "Paste Instructions for Items to be Moved".

*Clique maintenant sur le bouton "MoveIt"! puis ferme OTMoveIt3.

*Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

*Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log




2/
Double clique sur Rsit.exe qui se trouve dans ce dossier: C:\Users\amandine\Downloads\
Et poste le rapport Log.txt qui apparaîtra.


A+
0
Réponse 23 / 36
Mandy911
 
Voici le rapport de OTM:


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dccaecfae\\dccaecfae" not found.
========== FILES ==========
File/Folder C:\Windows\system32\dccaecfae.dll not found.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
C:\Users\amandine\AppData\Roaming\live-player moved successfully.
Folder move failed. C:\Program Files (x86)\Live-Player\skins scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: amandine
File delete failed. C:\Users\amandine\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
->Temp folder emptied: 302490629 bytes
File delete failed. C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 11005623 bytes
->Java cache emptied: 29164680 bytes
->FireFox cache emptied: 88549546 bytes
->Google Chrome cache emptied: 26077302 bytes

User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 132681784 bytes

Total Files Cleaned = 562,70 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10072009_121734

Files moved on Reboot...
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\skins scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\skins scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\img scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player\data scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Live-Player scheduled to be moved on reboot.
File move failed. C:\Users\amandine\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
Réponse 24 / 36
Mandy911
 
Je n'ai pas trouvé le rapport ci-dessus dans le fichier que tu as nommé, mais je suppose que c'est celui-là, et apparemment ça a échoué ?

Le deuxième rapport : impossible de le trouver. Normal, mes dossiers sont dispersés en vrac. Ca craint ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 36
Mandy911
 
Le programme me demande effectivement de redémarrer, mais pas de nouvelles au redémarrage, et le rapport ci-dessus (qui au passage n'a pas été trouvé dans le fichier que tu m'indiquais, car C:\_OTMoveIt\MovedFiles\ est introuvable) indique que le nettoyage a échoué.

Apparemment je suis encore avec mes fichiers infectés. Idem pour le rapport log.txt,puisque je n'ai même plus de dossier C:\Users\amandine\Downloads\ . Impossible de retrouver quoique ce soit.

PS: j'ai refait le scan complet avec Kaspersky, et le vers qu'il avait trouvé a bien été éliminé.
0
Réponse 26 / 36
Mandy911
 
J'y vois un peu plus clair, mais c'est pas rassurant : (

La cause de tous mes problèmes : téléchargement à l'aveugle de :

- live-player
- speed download
- veoh media player

contenant 1 spyware "Magic.Control" non détecté par tous les logiciels connus.

J'ai désactivé l'UAC de Vista, et j'ai téléchargé Navilog1. Mais impossible de l'ouvrir. Une fenêtre très rapide s'ouvre, puis plus rien.
0
Réponse 27 / 36
Mandy911
 
Navilog1 incompatible avec vista 64 bits. Donc scan avec MBAM qui m'a trouvé "Trojan.Dropper" dans le fichier C:\Program Files (x86) \Navilog1 \gnc.exe. Je l'ai mis en quarantaine ; j'attends ton feu vert pour le supprimer définitivement.

Sinon, OTM n'est pas utilisable sur vista 64 bits, donc j'ai installé OTL qui a sorti les 2 rapports ci-joints:

OTL.Txt : http://www.cijoint.fr/cjlink.php?file=cj200910/cijZIMEuy4.txt

Extras.Txt : http://www.cijoint.fr/cjlink.php?file=cj200910/cijGm3foUU.txt

Merci d'avance ; )
0
Réponse 28 / 36
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
Mandy911, c'est bien de prendre des initiatives, mais c'est mieux dans un domaine qu'on maîtrise :)

Il ne faut pas utiliser ces outils à la légère...
Si je ne t'ai pas fait utiliser Navilog1, c'est qu'il y a une raison.


OTM n'est pas utilisable sur vista 64 bits
Si, il l'est.


j'attends ton feu vert pour le supprimer définitivement.
Ce n'est pas une menace, c'est une composante de navilog1, mais tu peux supprimer:)


Désolé, mais c'est suffisament complexe un système 64 pour que je fouille dans un rapport OTL: Je m'en servirai de manière complémentaire puisqu'il est là mais je préfère continuer ainsi:


- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Lorsque l'analyse sera terminée, poste le contenu de log.txt (c'est celui qui apparaît à l'écran).

@+

PS: Si MBAM a détecté autre chose, merci de me coller le rapport.
0
Réponse 29 / 36
Mandy911
 
Plus j'en cherche, plus j'en trouve, c'est sans fin... Je me demande si ces saletés ne se sont pas carrément attaqués aux outils de sécurité. Le suis pas dans la m...

Scan de e-set et counterspy dans la nuit. Verdict : Win32/Adware.LivePlayer.AA.application => désinfecté

+ Trojan.Win32.Generic! BT (trouvé dans C:\Program Files \COMODO\COMODO Internet Security\Hopsurf.ex) + Favorit Network (cookies)

Les cookies, je les supprime. Mais les chevaux de troie, je les msupprime ou je les mets en quarantaine?

Dite-moi.
0
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
Je ne travaille pas sans rapport: si tu en as, poste les.
Je préfère que tu fasses ce que je t'indique: si tu souhaites te débrouiller seule...

Tu n'as pas lu mon message au dessus?
0
Réponse 30 / 36
Mandy911
 
C'est idiot mais j'essayais juste de t'informer au mieux : (

Je ne peux pas ouvrir le rapport de MBAM car une fenêtre s'ouvre et me dit :

"windows ne parvient pas à acc"der au périphérique, au chemin d'accès, ou au fichier spécifié. Vous ne disposez peut-ê pas des autorisqtions appropriées pr avoir accès à l'élément."

Voici le rapport de OTM :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dccaecfae\\dccaecfae" not found.
========== FILES ==========
File/Folder C:\Windows\system32\dccaecfae.dll not found.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
File/Folder C:\Users\amandine\AppData\Roaming\live-player not found.
File/Folder C:\Program Files (x86)\Live-Player not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: amandine
File delete failed. C:\Users\amandine\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
->Temp folder emptied: 21539279 bytes
File delete failed. C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3530444 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87105787 bytes
->Google Chrome cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 6544349 bytes

Total Files Cleaned = 113,28 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10082009_092117
0
Réponse 31 / 36
Mandy911
 
Voici log.txt :


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dccaecfae\\dccaecfae" not found.
========== FILES ==========
File/Folder C:\Windows\system32\dccaecfae.dll not found.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
File/Folder C:\Users\amandine\AppData\Roaming\live-player not found.
File/Folder C:\Program Files (x86)\Live-Player not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: amandine
File delete failed. C:\Users\amandine\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
->Temp folder emptied: 21539279 bytes
File delete failed. C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3530444 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87105787 bytes
->Google Chrome cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBFS9KZ4\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7FUS3TE\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZ77YS6\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QW3LWRZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 6544349 bytes

Total Files Cleaned = 113,28 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10082009_092117
0
Réponse 32 / 36
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
Quand je te parles de rapports, c'est parce que tu m'as parlé de:" e-set et counterspy".

Si je n'ai pas les rapports, je ne peux pas te dire quoi que ce soit.

Je t'ai demandé le rapport Log.txt d'Rsit.


Si tu veux prendre une initiative, je te te suggère de demander confirmation sur le topic avant.
0
Réponse 33 / 36
Mandy911
 
Le rapport log.Txt de RSIT est posté juste au-dessus. Pour ceux de E-set et Counterspy, aucun n'a été édité. Si oui, je ne sais pas où les trouver.

J'arrête là pour les scans.

A + tard.
0
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
Décidément, j'ai pas l'impression qu'on se comprenne.

Le seul rapport Log.txt d'Rsit date d'un petit moment.

Si tu ne fais pas ce que je te demande, je ne peux pas t'aider.

Puis-je avoir ce rapport stp?
0
Réponse 34 / 36
Mandy911
 
Rapport log.txt :


Logfile of random's system information tool 1.06 (written by random/random)
Run by amandine at 2009-10-08 11:03:15
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 462 GB (77%) free of 597 GB
Total RAM: 3837 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:32, on 08/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files (x86)\OrangeHSS\systray\systrayapp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\OrangeHSS\Launcher\Launcher.exe
C:\Program Files (x86)\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files (x86)\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\amandine\Downloads\RSIT(2).exe
C:\Program Files (x86)\Trend Micro\HijackThis\amandine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files (x86)\OrangeHSS\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TELEPHONESURPCAGENT] C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5763/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42BB3666-C16F-41E3-B91C-665228E7FF19}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{42BB3666-C16F-41E3-B91C-665228E7FF19}: NameServer = 156.154.70.25,156.154.71.25
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: dccaecfae - C:\Windows\system32\dccaecfae.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
0
Réponse 35 / 36
Trying2 Messages postés 7751 Statut Contributeur sécurité 234
 
1/
Fais un clic doit sur ce dossier (en gras): C:\Program Files (x86)\AskBarDis et choisi supprimer.
Vide ta corbeille.



2/

-Lance Amandine.exe (Hijackthis) qui se trouve dans ce dossier 
C:\Program Files\trend micro\
-Clique sur "Do a system scan only" puis coche ces 52 lignes et clique sur le bouton "Fix checked", en bas à gauche :




O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -
C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TELEPHONESURPCAGENT] C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O20 - Winlogon Notify: dccaecfae - C:\Windows\system32\dccaecfae.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)



Comment fixer une ligne. (merci à Balltrap 34 pour la démo)




3/

Suis ces instructions, pour exécuter ccleaner (Il est déjà installé sur ton PC).

En résumé, il faut cocher ces deux cases avant le nettoyage:
* clique sur "Options", "Avancé" et décoche la case: "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".

*Dans Nettoyeur/Windows /avancé il faut cocher la case vieilles données du prefetch.


Et fais ensuite ces deux procédures:
1/Nettoyage classique
2/Recherche des erreurs .--> Tu peux effectuer 3 fois la recherche des erreurs de registre.(en n'oubliant pas à chaque fois comme proposé de faire une sauvegarde dans mes documents)

CCleaner ne génère pas de rapports: ne perd pas ton temps à en chercher un. :)

4/
Ensuite: Redémarre ton PC et dis moi comment il tourne.
0
mandy911
 
J'ai fait ce que tu m'as dit. Mais je reçois encore de la pub en rafale, la commande de mon gestionnaire internet est bloquée, et j'ai des tas de feuilles en vrac du type "ntuser.dat {....}, "ehthumbs-vista.db", ou "desktop.ini".

Question : dans la manip' que tu m' as demandé de faire ci-dessus avec HiJackThis, j'ai coupé la connection internet avant de fermer Mozilla juste avant le redémarrage. Ca a une incidence sur le résultat de la manip'?

Je reviendrai sur le forum demain après-midi, pour voir si tu en sais plus.
0
Réponse 36 / 36
mandy911
 
Bon, je vais me faire houspiller mais tant pis :

Navipromo et Magic Control ont été reperés pour sûr lors de mes précédents scans. Le premier a été supprimé par McAffe qui n'a pas donné de rapport. L'autre a été détecté par MBAM, et je crois qu'il l'a supprimé mais j'en suis pas certaine.

Sinon, le pare feu se bloque quand j'essaie d'accéder à la messagerie orange. Idem pour TelephoneSurPC. Et toujours des pubs à gogo.
0

Discussions similaires

wintrim GJ
santanbouchuncoin -
jacques.gache -

16 réponses