Msn Hacker V4.0 .... Saloper** Fermé

Question

Bonjour,
Voila avant que vous ne me sortiez le speech sur le Hacking c'est mal et tout le bordel, Je tient a vous expliquer les faits .... :
Il y a environ 2 semaine alors qu'un de mes amis passe chez moi il m'a demandé que je lui prete mon Ordi portable ( je n m'en sert jamais il est vieux et il rame ....) pour qu'il cherche un emploi au lieux qu'il parasite mon appart .... bref , il me l'a rendu hier car mon autre Pc a rendu l'ame .....( RIP) donc il me le rend et lorsque je le démarre je voit qu'il rame donc je vait dans le gestionnaire des taches et ej voit qu'il y a un porcssus MSN Hackr 4.0 qui m lance une Application nomm 1.exe je crois et également internet explorer.... je le redémmare plusieur fois et rien y fait c'est persistant.....voila
Donc ma question est: 1) Y'a t'il un moyen de trouver et de supprimer ce foutu programme sans formater,ni faire de restauration du systeme?
                                  2) Quel est ce moyen ^^

(je précise que je vous écrit a partir du mode sans echec de window)
Sur ce, 

                           Bonne journée ^^

papyber · Answer

bonjour
Télécharge MalwareBytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Installe-le, mets le à jour
Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.
Sélectionne ton (tes) disques durs.
Lance l'examen, supprime tout ce qu’il trouve !
Clique sur Enregistrer le rapport et choisis ton Bureau
 puis tu feras ceci
•	Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,
http://images.malwareremoval.com/random/RSIT.exe
•	Double-clique sur RSIT.exe pour lancer le programme,
•	Clique sur continuer sur l'écran Disclaimer,
•	Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
•	Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

GuyFawke · Answer

Merci j'essaye et je te dit ça....

GuyFawke · Answer

L contenu du rapport de Malwarebytes:

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3353
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

13/12/2009 18:16:35
mbam-log-2009-12-13 (18-16-35).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 160521
Temps écoulé: 54 minute(s), 35 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
C:\Program Files\Windows NT\cmd32.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{237xbf70-whq6-461d-567b-640tp432h3n7} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mozilla (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mozilla (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cseport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cses1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.22 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\dark.bat (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Program Files\Windows NT\cmd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Local Settings\Temp\MSN Hacker V4.0.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Local Settings\Temp
tdtcstp.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP330\A0206985.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP330\A0207985.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP331\A0209179.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP331\A0210179.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP331\A0210956.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP331\A0211954.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP331\A0211956.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP332\A0212953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP332\A0212960.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0212978.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0212986.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0212991.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0214022.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0214023.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0214037.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0215038.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0215039.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4AE2DD26-E907-4463-A6DD-D035FB7578B9}\RP333\A0216037.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
F:\Téléchargements\flash-plugin.40004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cseport\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cseport\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\ShoppingReport\cses1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\klog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:WIN32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Windows NT\antivir.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Program Files\Windows NT\explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:WIN32 (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WIN32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CLAUDE\Local Settings\Temp\cmsetac.dll (Trojan.Agent) -> Quarantined and deleted successfully.



Voici le contenu du log de RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by CLAUDE at 2009-12-13 18:26:08
WIN_XP Service Pack 2
System drive C: has 2 GB (8%) free of 18 GB
Total RAM: 446 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:12, on 13/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\RSIT.exe
C:\Program Files	rend micro\CLAUDE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM	bShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM	bShar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1708537768-492894223-1957994488-1003\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
ppdf32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

papyber · Answer

System drive C: has 2 GB (8%) free of 18 GB 
va falloir faire de la place il t'en reste trop peu sur ton dd
bon du ménage a été fait
il reste encore quelques lignes bizarroïdes alors on faire encore çà
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau : 
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut. 

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir. 

--> Double-clique sur le raccourci UsbFix sur ton Bureau. 

--> Le PC va redémarrer. 

--> Après redémarrage, poste le rapport UsbFix.txt 

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque. 

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

GuyFawke · Answer

C'est quoi le principe de cette application ( simple curiosité ^^)

papyber · Answer

il va rechercher des fichiers dossiers infectés ainsi que les hkeys infectées par divers virus se propageant par clés usb et divers périphériques externes

GuyFawke · Answer

J'ai un probleme suite a l'analyse avec MalwareBytes: depuis que je l'ai finie je suis obligé d'executer les programmes en faisant Clic droit puis ouvrir et juste au dessus y'a écrit syntax0, je peu plus modifier l'heure et surtout j'arrive pas a lancer UsbFix... Je pense que certain fichier important devaient etre infectés ....

papyber · Answer

télécharge Zeb Restore 
http://telechargement.zebulon.fr/zeb-restore.html
Zeb-Restore est un petit utilitaire de restauration de clés de la base de registre. Le but du programme n'est pas de restaurer l'ensemble du système mais uniquement les points les plus souvent touchés afin de solutionner différents problèmes qui peuvent revenir de façon récurrente.

Voici les éléments qui peuvent être restaurés :
coche les lignes en gras en premier
- RegEdit : réactive l'accès à RegEdit
- Clés RUN : réactive le lancement de programmes par clés RunXXX
- Bouton Arrêter : rétablit le bouton Arrêter
- Windows Update : rétablit la fonction Windows Update
- Gestionnaire des tâches : réactive le gestionnaire des tâches
- Panneau de configuration : réactive le Panneau de configuration
- Ajout/Suppression de programmes : restaure la fonction Ajout-Suppression de programmes
- Policies : remet en place des éléments désactivés par "Policies"
- Bureau : réactive le Bureau
- Réparation IE : répare Internet Exploreur (pages de recherche)
- Extension des fichiers : répare les extensions des fichiers .exe .bat .reg. Pif.cmd.scr .com
- Sites de confiance et sensibles : efface le contenu de ces zones (à utiliser si vous êtes infecté par des malwares)
- Préfixes et Protocoles Internet : restaure les clés des protocoles Internet (ZoneMap etc.)
- Réinitialiser Fichier Hosts : réinitialise le fichier Hosts
et dis moi

Msn Hacker V4.0 .... Saloper**

8 réponses

Discussions similaires