Virus cacher dans un dossier Roaming
Tonton marc35
Messages postés
12
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Je pense que mon ordi est bien infecté, j'ai un programme qui se lance systématiquement depuis un répertoire ... appdat\roaming\...
J'ai lancer un rapport Hijackthis mais je n'arrive pas à décripter :-(
Si une bonne âme pouvais m'aider, MERCI d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:41, on 08/12/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Users\Tri Martolod\AppData\Roaming\Microsoft\taskmgr.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Users\Tri Martolod\crss.exe
C:\Users\Tri Martolod\csrss.exe
C:\windows\system32\svchost.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\afrujuqvg.exe
C:\windows\system32\conhost.exe
C:\Users\Tri Martolod\AppData\Roaming\muslimtv.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\Tri Martolod\Desktop\sécurité\01net_HijackThis.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\nsuC39D.tmp\ProxyInstaller.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\nsuC39D.tmp\SecondOffer1.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\nsu5541.tmp\stub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tri Martolod\Desktop\sécurité\HiJackThis.exe
C:\windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=hp&babsrc=lnkry_nt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=30de296b-3fb8-11e1-b063-001bb1fc50e4
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\TRIMAR~1\LOCALS~1\Temp\mstarfb.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Linkury SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
O4 - HKCU\..\Run: [Profile Manager2] C:\Users\Tri Martolod\crss.exe
O4 - HKCU\..\Run: [Document Explorer2] C:\Users\Tri Martolod\Documents\crss.exe
O4 - HKCU\..\Run: [Download Manager2] C:\Users\Tri Martolod\Downloads\crss.exe
O4 - HKCU\..\Run: [9Y0E6A7B2HVWXFUDFQVTGAAORHSVTZR] C:\config.bin\9A052F91A01.exe /q
O4 - HKCU\..\Run: [name_me] C:\Users\Tri Martolod\My Documents\cmd.exe
O4 - HKCU\..\Run: [8V1A3Y4F2HVWXFUDAN] C:\config.bin\9A052F91A01.exe /q
O4 - HKCU\..\Run: [TaskMgr] C:\Users\Tri Martolod\AppData\Roaming\Microsoft\taskmgr.exe
O4 - HKCU\..\Run: [Winsvc] C:\Users\Tri Martolod\AppData\Local\Temp\053c3b94.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\Tri Martolod\AppData\Roaming\WinSrv12\winsrv.exe
O4 - HKCU\..\Run: [Security] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\svhostmsdcsc.exe
O4 - HKCU\..\Run: [Profile Manager3] C:\Users\Tri Martolod\csrss.exe
O4 - HKCU\..\Run: [Document Explorer3] C:\Users\Tri Martolod\Documents\csrss.exe
O4 - HKCU\..\Run: [Download Manager3] C:\Users\Tri Martolod\Downloads\csrss.exe
O4 - HKCU\..\Run: [pdoubrhgfjkxeiqndts] C:\Users\Tri Martolod\AppData\Roaming\pdoubrhgfjkxeiqndts.exe
O4 - HKCU\..\Run: [MuslimTV] C:\Users\Tri Martolod\AppData\Roaming\muslimtv.exe
O4 - HKCU\..\Run: [ZAWIYYVH2HVWXFUDMKAESJBSYGAF] C:\config.bin\9A052F91A01.exe /q
O4 - HKCU\..\Run: [PC Speed Maximizer] C:\Program Files\PC Speed Maximizer\SPMLauncher.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Tri Martolod\AppData\Roaming\C474A6\C474A6.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: A1398478499.exe
O4 - Startup: cmd.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FreeWifi Manager.lnk = C:\Program Files\FreeWifi Manager\FWM_Start.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe
Je pense que mon ordi est bien infecté, j'ai un programme qui se lance systématiquement depuis un répertoire ... appdat\roaming\...
J'ai lancer un rapport Hijackthis mais je n'arrive pas à décripter :-(
Si une bonne âme pouvais m'aider, MERCI d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:41, on 08/12/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Users\Tri Martolod\AppData\Roaming\Microsoft\taskmgr.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Users\Tri Martolod\crss.exe
C:\Users\Tri Martolod\csrss.exe
C:\windows\system32\svchost.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\afrujuqvg.exe
C:\windows\system32\conhost.exe
C:\Users\Tri Martolod\AppData\Roaming\muslimtv.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\Tri Martolod\Desktop\sécurité\01net_HijackThis.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\nsuC39D.tmp\ProxyInstaller.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\nsuC39D.tmp\SecondOffer1.exe
C:\Users\TRIMAR~1\AppData\Local\Temp\nsu5541.tmp\stub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tri Martolod\Desktop\sécurité\HiJackThis.exe
C:\windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=hp&babsrc=lnkry_nt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=30de296b-3fb8-11e1-b063-001bb1fc50e4
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=FR&userid=76a32b4a-889d-4103-b537-79a2e58fb2bb&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\TRIMAR~1\LOCALS~1\Temp\mstarfb.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Linkury SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
O4 - HKCU\..\Run: [Profile Manager2] C:\Users\Tri Martolod\crss.exe
O4 - HKCU\..\Run: [Document Explorer2] C:\Users\Tri Martolod\Documents\crss.exe
O4 - HKCU\..\Run: [Download Manager2] C:\Users\Tri Martolod\Downloads\crss.exe
O4 - HKCU\..\Run: [9Y0E6A7B2HVWXFUDFQVTGAAORHSVTZR] C:\config.bin\9A052F91A01.exe /q
O4 - HKCU\..\Run: [name_me] C:\Users\Tri Martolod\My Documents\cmd.exe
O4 - HKCU\..\Run: [8V1A3Y4F2HVWXFUDAN] C:\config.bin\9A052F91A01.exe /q
O4 - HKCU\..\Run: [TaskMgr] C:\Users\Tri Martolod\AppData\Roaming\Microsoft\taskmgr.exe
O4 - HKCU\..\Run: [Winsvc] C:\Users\Tri Martolod\AppData\Local\Temp\053c3b94.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\Tri Martolod\AppData\Roaming\WinSrv12\winsrv.exe
O4 - HKCU\..\Run: [Security] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\svhostmsdcsc.exe
O4 - HKCU\..\Run: [Profile Manager3] C:\Users\Tri Martolod\csrss.exe
O4 - HKCU\..\Run: [Document Explorer3] C:\Users\Tri Martolod\Documents\csrss.exe
O4 - HKCU\..\Run: [Download Manager3] C:\Users\Tri Martolod\Downloads\csrss.exe
O4 - HKCU\..\Run: [pdoubrhgfjkxeiqndts] C:\Users\Tri Martolod\AppData\Roaming\pdoubrhgfjkxeiqndts.exe
O4 - HKCU\..\Run: [MuslimTV] C:\Users\Tri Martolod\AppData\Roaming\muslimtv.exe
O4 - HKCU\..\Run: [ZAWIYYVH2HVWXFUDMKAESJBSYGAF] C:\config.bin\9A052F91A01.exe /q
O4 - HKCU\..\Run: [PC Speed Maximizer] C:\Program Files\PC Speed Maximizer\SPMLauncher.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Tri Martolod\AppData\Roaming\C474A6\C474A6.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: A1398478499.exe
O4 - Startup: cmd.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FreeWifi Manager.lnk = C:\Program Files\FreeWifi Manager\FWM_Start.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe
A voir également:
- Appdata roaming virus
- Appdata - Guide
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
21 réponses
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
