Sujet Précédent Sujet Suivant

Besoin d'aide pour ces satanées virus

bucheron007 Messages postés 94 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

depuis 3 jours environ j'ai attrapé des virus. En effet Avast m'indique la présence de virus. Pas 1 mais plusieurs.
Il y a eu le Adaware-gen, Win32:Tiny-JC.

J'ai fait un test antivirus au démarrage de windows avec avast. Celui ci m'a trouvé les virus je les ai supprimé mais ils persistent.
Maintenant Avast ne m'indique plus la présence d'Adaware-gen mais je ne suis pas sur qu'il est bien supprimé.

Voila mon rapport hijack en espérant que quelqu'un peut m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:52, on 25/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Bucheron\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\wamp\wampmanager.exe
C:\Program Files\EasyEclipse for PHP 1.2.2.2\eclipse.exe
C:\Program Files\EasyEclipse for PHP 1.2.2.2\jre\bin\javaw.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Users\Bucheron\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hagpxy1.sxb.eu.mars:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;10.*;*.mars;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [4a03a710] rundll32.exe "C:\Windows\system32\qqehxvcb.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] C:\Users\Bucheron\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mymms.fr
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmuk.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\__c00F4DAF.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DomainService - - C:\Windows\system32\votbwuun.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
A voir également:

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

desinstalle titan poker,Titan Poker

__________________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hagpxy1.sxb.eu.mars:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;10.*;*.mars;<local>;*.local

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [4a03a710] rundll32.exe "C:\Windows\system32\qqehxvcb.dll",b

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O15 - Trusted Zone: http://*.mymms.fr
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmuk.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\__c00F4DAF.dat

_____________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\qqehxvcb.dll
C:\Windows\system32\__c00F4DAF.dat

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________________

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

puis :

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

___________________

colle le rapport d'un scan en ligne
avec (desactive avast le temps du scan):

Panda en ligne :
http://pandasoftware.fr

_____________________
recolle un rapot hijakthis et dis tes soucis

a plus
0
Réponse 2 / 5
bucheron007 Messages postés 94 Statut Membre 2
 
merci pour ton aide.

Voila ce que cela donne.

Rapport OTMoveIt :

File/Folder not found.
DllUnregisterServer procedure not found in C:\Windows\system32\qqehxvcb.dll
C:\Windows\system32\qqehxvcb.dll NOT unregistered.
C:\Windows\system32\qqehxvcb.dll moved successfully.
File/Folder C:\Windows\system32\__c00F4DAF.dat not found.

Created on 11/25/2007 13:59:10

Rapport de virtumondebegone :

[11/25/2007, 14:20:57] - VirtumundoBeGone v1.5 ( "C:\Users\Bucheron\Desktop\VirtumundoBeGone.exe" )
[11/25/2007, 14:21:07] - Detected System Information:
[11/25/2007, 14:21:07] - Windows Version: 6.0.6000,
[11/25/2007, 14:21:07] - Current Username: Bucheron (Admin)
[11/25/2007, 14:21:07] - Windows is in NORMAL mode.
[11/25/2007, 14:21:07] - Searching for Browser Helper Objects:
[11/25/2007, 14:21:07] - BHO 1: {04B92673-15DD-4014-95A4-BC8AB5557CAD} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 2: {04DFE745-6669-42EE-94B0-3405B1EAC8C9} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/25/2007, 14:21:07] - BHO 4: {2C6BC599-1276-48E4-92C8-0B76B0230CD0} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/25/2007, 14:21:07] - BHO 6: {555FEAA9-2865-4F59-B706-42F301CE156C} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - Checking for HKLM\...\Winlogon\Notify\tuvwv
[11/25/2007, 14:21:07] - Key not found: HKLM\...\Winlogon\Notify\tuvwv, continuing.
[11/25/2007, 14:21:07] - BHO 7: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[11/25/2007, 14:21:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/25/2007, 14:21:07] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 10: {881BA6AC-59E0-4C24-A789-3ED555CCE56B} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 11: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 12: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[11/25/2007, 14:21:07] - BHO 13: {BC427641-528C-4B34-8303-3ACB43464C12} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - No filename found. Continuing.
[11/25/2007, 14:21:07] - BHO 14: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[11/25/2007, 14:21:07] - BHO 15: {FC7707C4-7D60-4A8D-A7B1-C73322EED2B3} ()
[11/25/2007, 14:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/25/2007, 14:21:07] - Checking for HKLM\...\Winlogon\Notify\tuvwv
[11/25/2007, 14:21:07] - Key not found: HKLM\...\Winlogon\Notify\tuvwv, continuing.
[11/25/2007, 14:21:07] - Finished Searching Browser Helper Objects
[11/25/2007, 14:21:08] - Finishing up...
[11/25/2007, 14:21:08] - Nothing found! Exiting...

Rapport du scan en ligne:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-25 14:41:52
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1043 [VPS 071124-0] 4.7.1043 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.mediaplex.com/]
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.112.2o7.net/]
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.112.2o7.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\2205jvos.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.bs.serving-sys.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[server.iad.liveperson.net/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[statse.webtrendslive.com/S126436]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@bluestreak[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.adultfriendfinder.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[searchportal.information.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Mozilla\Firefox\Profiles\03fmggmd.bucheron\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Bucheron\AppData\Roaming\Microsoft\Windows\Cookies\bucheron@smartadserver[1].txt
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4PI2Y2O\poiu[1]
02646028 Adware/PurityScan Adware No 0 Yes No C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITDQF5X1\mosx1024[1]
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJRJRSA\pochki20071106[1]
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\iphhrjwf.exe
02688344 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\VOTBWUUN.EXE
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJRJRSA\upd32_v14[1]
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\rwccqotp.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

A priori il reste des virus.
Comment les enlever ?
0
Réponse 3 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4PI2Y2O\poiu[1]
C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITDQF5X1\mosx1024[1]
C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJRJRSA\pochki20071106[1]
C:\Windows\System32\iphhrjwf.exe
C:\WINDOWS\SYSTEM32\VOTBWUUN.EXE
C:\Users\Bucheron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJRJRSA\upd32_v14[1]
C:\Windows\System32\rwccqotp.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://boards.cexx.org/index.php?topic=15787.msg65211

________________________

recolle un rapport hijackthis et dis tes problemes
0
Réponse 4 / 5
bucheron007 Messages postés 94 Statut Membre 2
 
J'ai l'impression quand suivant tes instructions j'ai réussit à supprimer le virus.

Je colle un rapport hijack, donc si vous voyez des trucs encore suspects merci de me l'indiquer.

Un grand merci pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:31, on 28/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\nwtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Bucheron\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Bucheron\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {04B92673-15DD-4014-95A4-BC8AB5557CAD} - (no file)
O2 - BHO: (no name) - {04DFE745-6669-42EE-94B0-3405B1EAC8C9} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C6BC599-1276-48E4-92C8-0B76B0230CD0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {555FEAA9-2865-4F59-B706-42F301CE156C} - C:\Windows\system32\tuvwv.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {881BA6AC-59E0-4C24-A789-3ED555CCE56B} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BC427641-528C-4B34-8303-3ACB43464C12} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: (no name) - {FC7707C4-7D60-4A8D-A7B1-C73322EED2B3} - C:\Windows\system32\tuvwv.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] C:\Users\Bucheron\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: ddcbcby - C:\Windows\SYSTEM32\ddcbcby.dll
O20 - Winlogon Notify: ysrjjgpl - C:\Windows\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lance hijackthis et fixe ces lignes

O2 - BHO: (no name) - {04B92673-15DD-4014-95A4-BC8AB5557CAD} - (no file)
O2 - BHO: (no name) - {04DFE745-6669-42EE-94B0-3405B1EAC8C9} - (no file)

O2 - BHO: (no name) - {2C6BC599-1276-48E4-92C8-0B76B0230CD0} - (no file)
O
O2 - BHO: (no name) - {555FEAA9-2865-4F59-B706-42F301CE156C} - C:\Windows\system32\tuvwv.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {881BA6AC-59E0-4C24-A789-3ED555CCE56B} - (no file)

O2 - BHO: (no name) - {BC427641-528C-4B34-8303-3ACB43464C12} - (no file)

O2 - BHO: (no name) - {FC7707C4-7D60-4A8D-A7B1-C73322EED2B3} - C:\Windows\system32\tuvwv.dll (file missing)

O20 - Winlogon Notify: ddcbcby - C:\Windows\SYSTEM32\ddcbcby.dll
O20 - Winlogon Notify: ysrjjgpl - C:\Windows\

_______________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\SYSTEM32\ddcbcby.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://boards.cexx.org/index.php?topic=15787.msg65211

________________________

recolle un rapport hijackthis et dis tes problemes
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses