Pb ecran de fond spyware , et autre probleme
Dada666
Messages postés
15
Statut
Membre
-
Dada666 Messages postés 15 Statut Membre -
Dada666 Messages postés 15 Statut Membre -
Bonjour,
voila je suis desesperé devant les probleme qu'a mon ordinateur , j'ai en effet un ecran de fond tout bleu qui m'indique l'infection de mon ordinateur par un spyware , j'ai aussi plein de spam et au demarrage de mon ordinateur parfois sa me met que mon ordinateur est infecter , donc voila je m'en remet a vous car la je ne sais plus quoi faire
merci d'avance a tous ceux qui voudrons bien m'aidez
voila je suis desesperé devant les probleme qu'a mon ordinateur , j'ai en effet un ecran de fond tout bleu qui m'indique l'infection de mon ordinateur par un spyware , j'ai aussi plein de spam et au demarrage de mon ordinateur parfois sa me met que mon ordinateur est infecter , donc voila je m'en remet a vous car la je ne sais plus quoi faire
merci d'avance a tous ceux qui voudrons bien m'aidez
A voir également:
- Pb ecran de fond spyware , et autre probleme
- Double ecran - Guide
- Comment mettre une vidéo en fond d'écran - Guide
- Capture d'écran whatsapp - Accueil - Messagerie instantanée
- Retourner ecran pc - Guide
- Écran de veille - Guide
30 réponses
Ok .
désinstalle le sponsor msn +.
Tu vas dans ajout/suppression des programmes tu fait désinstaller et tu enleve juste le sponsor.
Dit tes soucis .
a+ ben.
désinstalle le sponsor msn +.
Tu vas dans ajout/suppression des programmes tu fait désinstaller et tu enleve juste le sponsor.
Dit tes soucis .
a+ ben.
Salut les filles ;-)
Toutes ces infections avec Avira ? Bizarre......
Pour vérifier qu'il est bien là, peux tu faire ceci stp ?
Télécharge HIJACKTHIS <--- ici.
Enregistre HJTInstall.exe sur ton bureau. Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là : C:\Program Files\HijackThis\HijackThis.exe
Accepte la license en cliquant sur le bouton "I Accept"
Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
voir ici
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
Comment fixer les lignes et générer un rapport <---- voir ici
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
IMPERATIF !! Avant de lancer HIJACKTHIS , il faut fermer tous les programmes ouverts, se déconnecter d' INTERNET !!
Toutes ces infections avec Avira ? Bizarre......
Pour vérifier qu'il est bien là, peux tu faire ceci stp ?
Télécharge HIJACKTHIS <--- ici.
Enregistre HJTInstall.exe sur ton bureau. Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là : C:\Program Files\HijackThis\HijackThis.exe
Accepte la license en cliquant sur le bouton "I Accept"
Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
voir ici
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
Comment fixer les lignes et générer un rapport <---- voir ici
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
IMPERATIF !! Avant de lancer HIJACKTHIS , il faut fermer tous les programmes ouverts, se déconnecter d' INTERNET !!
merci tout d'abord pour la reactiviter , et voila le raport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:24, on 03/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMSC\Seticon.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Services en ligne\meden77798.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\tony\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Words\Words.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\ArbeKillPub\ArbeKillPub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\tony\Bureau\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [meden] C:\Program Files\Services en ligne\meden77798.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\System32\service.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [6032a52b] rundll32.exe "C:\WINDOWS\System32\vimmtaka.dll",b
O4 - HKLM\..\Run: [BM630196b7] Rundll32.exe "C:\WINDOWS\System32\rdksedpc.dll",s
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\tony\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\tony\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: system32 - {B8622936-2F78-4964-9757-FD599A259A7B} - sysprinters.dll (file missing)
O21 - SSODL: OBChLH - {6032A585-CA98-0F2F-37C4-D11A79AF5594} - C:\WINDOWS\System32\kfsvp.dll (file missing)
O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Fichiers communs\PagingSYS.dll
O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\System32\sleep32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rteqegaxax.html
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:24, on 03/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMSC\Seticon.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Services en ligne\meden77798.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\tony\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Words\Words.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\ArbeKillPub\ArbeKillPub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\tony\Bureau\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [meden] C:\Program Files\Services en ligne\meden77798.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\System32\service.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [6032a52b] rundll32.exe "C:\WINDOWS\System32\vimmtaka.dll",b
O4 - HKLM\..\Run: [BM630196b7] Rundll32.exe "C:\WINDOWS\System32\rdksedpc.dll",s
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\tony\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\tony\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: system32 - {B8622936-2F78-4964-9757-FD599A259A7B} - sysprinters.dll (file missing)
O21 - SSODL: OBChLH - {6032A585-CA98-0F2F-37C4-D11A79AF5594} - C:\WINDOWS\System32\kfsvp.dll (file missing)
O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Fichiers communs\PagingSYS.dll
O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\System32\sleep32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rteqegaxax.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Oulà !!! il en reste des cochonneries....
on continue ...
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
on continue ...
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
voila j'ai fait ce que tu ma demandé mais pendant que j'ai redemarer j'ai eu au demarage un signal montrant qu'un virus etait present , sinon pendant SDfix faisait le travail j'ai eu aussi un ecran bleu me disant qu'il y avait un probleme :S
en tout cas voila le rapport :
[b]SDFix: Version 1.158 [/b]
Run by tony on 03/17/2008 at 18:36
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\tony\Bureau\SDFix
[b]Checking Services [/b]:
Name:
ICF
werasqlp
Path:
C:\WINDOWS\System32\svchost.exe:exe.exe
\??\C:\WINDOWS\Cursors\werasqlp.cur
ICF - Deleted
werasqlp - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\20.TMP - Deleted
C:\21.TMP - Deleted
C:\22.TMP - Deleted
C:\23.TMP - Deleted
C:\24.TMP - Deleted
C:\161393~1 - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~1 - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~2 - Deleted
C:\PROGRA~1\SERVIC~1\MEDEN7~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\COMDLG3.DLL - Deleted
C:\DOCUME~1\ALLUSE~1\DOCUME~1\SETTINGS\CONFIG.INI - Deleted
C:\PROGRA~1\WINDOW~3\QU6416~1.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~1.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~2.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~3.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~4.DLL - Deleted
C:\PROGRA~1\WINDOW~2\LITUWY~1.DLL - Deleted
C:\Documents and Settings\tony\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\tony\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\tony\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Insider\Insider.exe - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\Program Files\ISM\BndDrive7.dll - Deleted
C:\Program Files\ISM\bndloader.exe - Deleted
C:\Program Files\ISM\dictionary.gz - Deleted
C:\Program Files\ISM\kazooupd.exe - Deleted
C:\Program Files\ISM\targets.gz - Deleted
C:\Program Files\ISM\Uninstall.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\QdrPack10.exe - Deleted
C:\Program Files\QdrPack\QdrPack11.exe - Deleted
C:\Program Files\QdrPack\QdrPack12.exe - Deleted
C:\Program Files\QdrPack\QdrPack13.exe - Deleted
C:\Program Files\QdrPack\QdrPack14.exe - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\Program Files\QdrPack\zhydupd.exe - Deleted
C:\Program Files\QdrModule\dic.gz - Deleted
C:\Program Files\QdrModule\kwd.gz - Deleted
C:\Program Files\QdrModule\QdrModule12.exe - Deleted
C:\Program Files\QdrModule\QdrModule13.exe - Deleted
C:\Program Files\QdrModule\QdrModule9.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\b148.exe - Deleted
C:\Documents and Settings\tony\new.txt - Deleted
C:\install\credits.bat - Deleted
C:\nethlpr.exe - Deleted
C:\WINDOWS\system32\appleo.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\cookie.dat - Deleted
C:\WINDOWS\system32\cookie1.dat - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\help.txt - Deleted
C:\WINDOWS\system32\lrito.ini - Deleted
C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\system32\ps.dat - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\rotoon.dll - Deleted
C:\WINDOWS\system32\service.exe - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
C:\WINDOWS\tk58.exe - Deleted
C:\WINDOWS\wr.txt - Deleted
C:\WINDOWS\Cursors\werasqlp.cur - Deleted
Folder C:\Documents and Settings\tony\Application Data\WinTouch - Removed
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\ISM - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\QdrModule - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed
Removing Temp Files
[b]ADS Check [/b]:
C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 28672 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS\system32\svchost.exe
No streams found.
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 18:45:03
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cxq69]
"Type"=dword:00000001
"Tag"=dword:00000002
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,60,2b,28,b4,70,20,9d,9c,28,e4,d6,78,09,bb,68,3b,d8,..
"hj34z0"=hex:99,cc,4c,4f,97,b8,c0,0c,0f,e7,7f,4f,4c,1c,59,b0,44,15,6b,2b,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cxq69]
"Type"=dword:00000001
"Tag"=dword:00000002
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\Typ]
scanning hidden files ...
C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Cxq69.sys 167936 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 71
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\tony\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 19 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 4 May 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Mon 28 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\system32\??mbols\?pool32.exe"
Thu 6 Mar 2008 70,656 ..SHR --- "C:\Documents and Settings\tony\Mes documents\?ppPatch\msconfig.exe"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
[b]Finished![/b]
en tout cas voila le rapport :
[b]SDFix: Version 1.158 [/b]
Run by tony on 03/17/2008 at 18:36
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\tony\Bureau\SDFix
[b]Checking Services [/b]:
Name:
ICF
werasqlp
Path:
C:\WINDOWS\System32\svchost.exe:exe.exe
\??\C:\WINDOWS\Cursors\werasqlp.cur
ICF - Deleted
werasqlp - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\20.TMP - Deleted
C:\21.TMP - Deleted
C:\22.TMP - Deleted
C:\23.TMP - Deleted
C:\24.TMP - Deleted
C:\161393~1 - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~1 - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~2 - Deleted
C:\PROGRA~1\SERVIC~1\MEDEN7~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\COMDLG3.DLL - Deleted
C:\DOCUME~1\ALLUSE~1\DOCUME~1\SETTINGS\CONFIG.INI - Deleted
C:\PROGRA~1\WINDOW~3\QU6416~1.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~1.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~2.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~3.DLL - Deleted
C:\PROGRA~1\WINDOW~3\QUHARE~4.DLL - Deleted
C:\PROGRA~1\WINDOW~2\LITUWY~1.DLL - Deleted
C:\Documents and Settings\tony\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\tony\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\tony\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Insider\Insider.exe - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\Program Files\ISM\BndDrive7.dll - Deleted
C:\Program Files\ISM\bndloader.exe - Deleted
C:\Program Files\ISM\dictionary.gz - Deleted
C:\Program Files\ISM\kazooupd.exe - Deleted
C:\Program Files\ISM\targets.gz - Deleted
C:\Program Files\ISM\Uninstall.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\QdrPack10.exe - Deleted
C:\Program Files\QdrPack\QdrPack11.exe - Deleted
C:\Program Files\QdrPack\QdrPack12.exe - Deleted
C:\Program Files\QdrPack\QdrPack13.exe - Deleted
C:\Program Files\QdrPack\QdrPack14.exe - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\Program Files\QdrPack\zhydupd.exe - Deleted
C:\Program Files\QdrModule\dic.gz - Deleted
C:\Program Files\QdrModule\kwd.gz - Deleted
C:\Program Files\QdrModule\QdrModule12.exe - Deleted
C:\Program Files\QdrModule\QdrModule13.exe - Deleted
C:\Program Files\QdrModule\QdrModule9.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\b148.exe - Deleted
C:\Documents and Settings\tony\new.txt - Deleted
C:\install\credits.bat - Deleted
C:\nethlpr.exe - Deleted
C:\WINDOWS\system32\appleo.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\cookie.dat - Deleted
C:\WINDOWS\system32\cookie1.dat - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\help.txt - Deleted
C:\WINDOWS\system32\lrito.ini - Deleted
C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\system32\ps.dat - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\rotoon.dll - Deleted
C:\WINDOWS\system32\service.exe - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
C:\WINDOWS\tk58.exe - Deleted
C:\WINDOWS\wr.txt - Deleted
C:\WINDOWS\Cursors\werasqlp.cur - Deleted
Folder C:\Documents and Settings\tony\Application Data\WinTouch - Removed
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\ISM - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\QdrModule - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed
Removing Temp Files
[b]ADS Check [/b]:
C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 28672 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS\system32\svchost.exe
No streams found.
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 18:45:03
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cxq69]
"Type"=dword:00000001
"Tag"=dword:00000002
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,60,2b,28,b4,70,20,9d,9c,28,e4,d6,78,09,bb,68,3b,d8,..
"hj34z0"=hex:99,cc,4c,4f,97,b8,c0,0c,0f,e7,7f,4f,4c,1c,59,b0,44,15,6b,2b,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cxq69]
"Type"=dword:00000001
"Tag"=dword:00000002
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\Typ]
scanning hidden files ...
C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Cxq69.sys 167936 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 71
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\tony\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 19 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 4 May 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Mon 28 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\system32\??mbols\?pool32.exe"
Thu 6 Mar 2008 70,656 ..SHR --- "C:\Documents and Settings\tony\Mes documents\?ppPatch\msconfig.exe"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
[b]Finished![/b]
Reposte moi un nouvel Hijackjthis stp
Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
Comment fixer les lignes et générer un rapport <---- voir ici
@+
Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
Comment fixer les lignes et générer un rapport <---- voir ici
@+
voila le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:34, on 03/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMSC\Seticon.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\tony\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [6032a52b] rundll32.exe "C:\WINDOWS\System32\cnnmnkxt.dll",b
O4 - HKLM\..\Run: [BM630196b7] Rundll32.exe "C:\WINDOWS\System32\kgvsfper.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: OBChLH - {6032A585-CA98-0F2F-37C4-D11A79AF5594} - C:\WINDOWS\System32\kfsvp.dll (file missing)
O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Fichiers communs\PagingSYS.dll
O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\System32\sleep32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:34, on 03/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMSC\Seticon.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\tony\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [6032a52b] rundll32.exe "C:\WINDOWS\System32\cnnmnkxt.dll",b
O4 - HKLM\..\Run: [BM630196b7] Rundll32.exe "C:\WINDOWS\System32\kgvsfper.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: OBChLH - {6032A585-CA98-0F2F-37C4-D11A79AF5594} - C:\WINDOWS\System32\kfsvp.dll (file missing)
O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Fichiers communs\PagingSYS.dll
O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\System32\sleep32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
on continue !
# Ouvre l'ajout/suppression de programmes : Démarrer / panneau de configuration / Ajout/suppressions de programmes
# supprime : Mirar
# Télécharge clean.zip, décompresse-le sur le bureau (clic droit / extraire tout), tu obtiens alors un dossier clean
# Télécharge et installe Malwarebyte's Anti-Malware
# Démarre Windows en mode sans échec : Guide pour redémarrer en mode sans échec
# Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean., une fenêtre noire va apparaître , choisis l'option 2 et laisse l'operation de nettoyage s'effectuer.
Afin de supprimer toutes traces du spyware et d'autres élements qu'il aurait pu installer, scanne l' ordinateur avec MalwareBytes_AntiMalware ( regarde le tuto )
Redémarre l'ordinateur normalement, poste moi le rapport Cleanzip qui est sauvegardé dans le fichier suivant :
"rapport_clean.txt" à la racine du disque dur (ex : C:\rapport_clean.txt), ainsi que le rapport MalwareBytes_AntiMalware et un nouvel Hijackthis stp !
# Ouvre l'ajout/suppression de programmes : Démarrer / panneau de configuration / Ajout/suppressions de programmes
# supprime : Mirar
# Télécharge clean.zip, décompresse-le sur le bureau (clic droit / extraire tout), tu obtiens alors un dossier clean
# Télécharge et installe Malwarebyte's Anti-Malware
# Démarre Windows en mode sans échec : Guide pour redémarrer en mode sans échec
# Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean., une fenêtre noire va apparaître , choisis l'option 2 et laisse l'operation de nettoyage s'effectuer.
Afin de supprimer toutes traces du spyware et d'autres élements qu'il aurait pu installer, scanne l' ordinateur avec MalwareBytes_AntiMalware ( regarde le tuto )
Redémarre l'ordinateur normalement, poste moi le rapport Cleanzip qui est sauvegardé dans le fichier suivant :
"rapport_clean.txt" à la racine du disque dur (ex : C:\rapport_clean.txt), ainsi que le rapport MalwareBytes_AntiMalware et un nouvel Hijackthis stp !
voila le rapport Malware :
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 501
Type de recherche: Examen rapide
Eléments examinés: 34049
Temps écoulé: 4 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awvtu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cnnmnkxt.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{735b60aa-844e-4ad4-9c84-2772671a007d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{735b60aa-844e-4ad4-9c84-2772671a007d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c315cf32-135f-3112-31ac-f611d777c63d} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4760c7ca-5e06-00a6-0465-5b00b6c98abb} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4760c7ca-5e06-00a6-0465-5b00b6c98abb} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BndDrive (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\TrafficEngine (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SleepApp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awvtu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awvtu.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\ISM2 (Trojan.Downloader) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\awvtu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\utvwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utvwa.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\becebtti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ittbeceb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnnmnkxt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\txknmnnc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hplrsvku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukvsrlph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mybcqyvp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pvyqcbym.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njbkljxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxjlkbjn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sleep32.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\qqhp.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\xpmdxq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\yesqion.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CPQRG5UV\2202aa[1].exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLQF4P23\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\adhydraupd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\dictionary.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\targets.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wlogon32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\Drivers\riode32.sys (Rootkit.Srizbi) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
mais le rapport Clean n'a pas aboutie j'ai attendue mais sa n'a rien donner je vais refaire voire si sa marche
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 501
Type de recherche: Examen rapide
Eléments examinés: 34049
Temps écoulé: 4 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awvtu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cnnmnkxt.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{735b60aa-844e-4ad4-9c84-2772671a007d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{735b60aa-844e-4ad4-9c84-2772671a007d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c315cf32-135f-3112-31ac-f611d777c63d} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4760c7ca-5e06-00a6-0465-5b00b6c98abb} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4760c7ca-5e06-00a6-0465-5b00b6c98abb} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BndDrive (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\TrafficEngine (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SleepApp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awvtu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awvtu.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\ISM2 (Trojan.Downloader) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\awvtu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\utvwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utvwa.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\becebtti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ittbeceb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnnmnkxt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\txknmnnc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hplrsvku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukvsrlph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mybcqyvp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pvyqcbym.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njbkljxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxjlkbjn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sleep32.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\qqhp.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\xpmdxq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\yesqion.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CPQRG5UV\2202aa[1].exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLQF4P23\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\adhydraupd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\dictionary.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\targets.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wlogon32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\Drivers\riode32.sys (Rootkit.Srizbi) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
mais le rapport Clean n'a pas aboutie j'ai attendue mais sa n'a rien donner je vais refaire voire si sa marche
