Sujet Précédent Sujet Suivant

[Virus ?] Besoin d'aide pour nettoyer

Akilae94 -  
 cornujp -
Bonjour,

Je pense que mon PC est infecté par une sorte de virus ou trojan bizarre qui tente d'executer des fichier .exe a partir du repertoire AppData/Local/Temp.
Je suis sous windows 7 et n'y connaissant pratiquement rien en informatique je me permet de demander l'aide aux "pro" qu'il y a sur ce forum :)

J'utilise BitDefender et Spybot qui n'ont rien trouvé d'anormal.
Voici un log HijackThis (que je ne sais pas du tout interpreter :))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:01, on 23/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Samsung New PC Studio\NPSAgent.exe
D:\Razer\Lachesis\razerhid.exe
D:\Razer\Lachesis\OSD.exe
D:\Razer\Lachesis\razertra.exe
D:\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\jpnlm6b51g.exe
C:\Users\Aki\AppData\Local\Temp\njkndld.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\wfkzvfxo1.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\lo2fbag.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\yermso.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\rns6lpkjwy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\hmk7y.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\k9c6tyz.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\whne7.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Aki\AppData\Local\Temp\rfoxtexsa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Aki\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: C:\Windows\SysWow64\tiviwz.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\SysWow64\tiviwz.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "D:\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [Lachesis] D:\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [winupate] C:\Windows\system32\wupdate.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\winupd.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] D:\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Startup] C:\Users\Aki\AppData\Roaming\Microsoft\svchost.exe
O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\Windows\system32\tiviwz.dll, HUI_proc
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\Aki\AppData\Local\Temp\wfkzvfxo1.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\winupd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: system.exe114
O4 - Startup: system.exe297
O4 - Startup: system.exe433
O4 - Startup: system.exe455
O4 - Startup: system.exe462
O4 - Startup: system.exe519
O4 - Startup: system.exe684
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F55B9D2-E8F6-4914-832D-AA7980629255}: NameServer = 192.168.1.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:

9 réponses

Réponse 1 / 9
Utilisateur anonyme
 
1. Télécharge http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/ par Swandog46 sur ton Bureau.

* Décompresse le fichier
* avenger.exe sur le bureau

2. Copie le contenu en gras ci-dessous (CTRL+C),

Files to delete:
c:\windows\winupd.exe
c:\users\aki\appdata\local\temp\wfkzvfxo1.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | uishf9wuifwuh387fh3wufinhjfdwefe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3. Maintenant, lance The Avenger par clic droit, exécuter en tant qu'administrateur.

* Faites un clic droit sur la fenêtre sous "Input Script There":, Et choisissez Coller.A présent du dois avoir le script dans la fenétre Avenger.
* Clique sur Exécuter
* Réponds "Yes" quand demandé.

4. The Avenger va automatiquement faire ce qui suit:

* Il va Redémarrer le système.
* Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur le bureau, c'est normal.
* Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

5. Pour finir copie/colle le contenu du ficher c:\avenger.txt dans ta prochaine réponse.
0
Réponse 2 / 9
Akilae94
 
J'ai lancé MBAM en attendant une reponse voici le log :

Malwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/02/2010 12:37:26
mbam-log-2010-02-23 (12-37-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 279663
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupate (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startup (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uishf9wuifwuh387fh3wufinhjfdwefe (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remote system protection (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wupdate.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\SysWOW64\umnkjz8kpo.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Aki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26YFZNJX\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Aki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26YFZNJX\ycpxe[2].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Aki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDTZTCBV\your_exe[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Aki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDTZTCBV\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Aki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WE1YBFEQ\vzgomuf[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Aki\AppData\Local\Temp\njkndld.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\wupdate.exe (Backdoor.Bot) -> Delete on reboot.
D:\Warez\keygenOO.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Windows\logfile32.txt (Malware.Trace) -> Delete on reboot.
C:\Users\Aki\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\umnkjz8kpo.dll (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------

Merci pour ta réponse je fais ça de suite.
0
Réponse 3 / 9
Akilae94
 
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7600)
Tue Feb 23 12:46:56 2010

12:46:29: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\­Run|uishf9wuifwuh387fh3wufinhjfdwefe"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Il semble y avoir un soucis :)
0
Réponse 4 / 9
Akilae94
 
Encore un scan MBAM en atendant une réponse voici le log :

Malwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/02/2010 12:57:49
mbam-log-2010-02-23 (12-57-49).txt

Scan type: Quick Scan
Objects scanned: 96932
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mujzzwpd (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yjaz (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uishf9wuifwuh387fh3wufinhjfdwefe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\drivers\ramk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\votxmpk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Il semble qu'il supprime des choses mais j'ai toujours les popups au demarrage de windows :(
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Akilae94
 
Encore un scan MBAM :

Malwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/02/2010 13:05:24
mbam-log-2010-02-23 (13-05-24).txt

Scan type: Quick Scan
Objects scanned: 96953
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uishf9wuifwuh387fh3wufinhjfdwefe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------

Dites moi si ça sert à rien que je continue hein :))

-------------

Nouveau loh HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:15, on 23/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Samsung New PC Studio\NPSAgent.exe
C:\Users\Aki\AppData\Local\Temp\jpnlm6b51g.exe
D:\Razer\Lachesis\razerhid.exe
D:\Razer\Lachesis\OSD.exe
D:\Razer\Lachesis\razertra.exe
D:\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Aki\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "D:\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [Lachesis] D:\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AutoStartNPSAgent] D:\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\Aki\AppData\Local\Temp\jpnlm6b51g.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: system.exe114
O4 - Startup: system.exe297
O4 - Startup: system.exe433
O4 - Startup: system.exe455
O4 - Startup: system.exe462
O4 - Startup: system.exe519
O4 - Startup: system.exe684
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F55B9D2-E8F6-4914-832D-AA7980629255}: NameServer = 192.168.1.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
0
Réponse 6 / 9
Utilisateur anonyme
 
Pour analyser ton pc.

• Télécharge [https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html ZHPDiag ( de Nicolas coolman ).
• Laisse toi guider lors de l'installation
• Il se lancera automatiquement à la fin de l'installation
• Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
• Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
• Héberge le rapport ZHPDiag.txt sur le site cijoint.fr, puis copie/colle le lien fournit dans ta prochaine réponse sur le forum
0
Réponse 7 / 9
Akilae94
 
http://www.cijoint.fr/cjlink.php?file=cj201002/cijjnr2gN3.txt

Voilou :)
désolé j'ai mis du temps, le boulot tout ça...
0
Réponse 8 / 9
Utilisateur anonyme
 
Ton système est propre.Aucune infection .Bon surf.
0
Réponse 9 / 9
cornujp
 
Bonjour à tous, je me suis cassé à acheter bitdefender sous un faux acronyme pack sécurité de la FNAC. Résultat hormis me demander constamment de faire un purchase alors que je l'ai payé le site est constamment indisponible.
Donc j'ai laissé tomber mais le pire ç'est qu'il bloque toujour mon PC malgré de multiples désinstallation, ça pue l'arnaque. Je réinstalle windows. Maintenant si j'ai un conseil à donner utilisez AdAware, j'ai aucune action chez eux mais pour l'avoir utilisé professionnellement j'ai pas encore trouvé mieux.
Bon courage à tous
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses