Suprimer plusieurs trojan

Résolu
Warkeny Messages postés 22 Statut Membre -  
ludsfa Messages postés 1287 Statut Membre -
Bonjour a tous

Voilà je vous faite vite un topo
Rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 11:51:51, on 25/04/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\VM_STI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\Explorer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\CROGUENNEC\Documents\Mes téléchargements\VundoFix.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\CROGUENNEC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ccEvtMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ccSetMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

voilà j'ai essayer de supprimer le trojan virtumonde, mais le trojan Conhook et le trojan.Agent qui reviennent a chaque fois aussi

1) Pour le Trojan Virtumonde j'ai fais Combo fix et les 2autres logiciel mais il me reste la ligne 02 que j'arrive pas a supprimer(il me dit de arréter IE et Explorateur Windows ????? je l'ai utilise même pas c'est bizarre)

2) Pour les autres trojan et bien je n'es aucune idée

3) Les trojans se propage dans mon ordi car tous les 10 minutes 1Go est Utiliser à quelque chose mais je sais pas

Voilà en espérant une réponse Positive et rapide.
Configuration: Windows Vista
Firefox 2.0.0.14

25 réponses

  • 1
  • 2
  1. ludsfa Messages postés 1287 Statut Membre 15
     
    salut à toi

    1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe .
    Clique sur Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Ensuite clique sur YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

    Poste le rapport qui se trouve dans C:\vundofix.txt

    2/ Télécharge Combofix :http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    tuto combofix:http://mickael.barroux.free.fr/securite/combofix.php
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt

    3) fais moi un rapport hijackthis.
    0
  2. Warkeny Messages postés 22 Statut Membre
     
    Voilà le rapport de hijackthis est fais après avoir Utiliser
    Combo Fix et VirtumundoBeGone

    Dont voilà les rapport avant rapport hijackthis si dessus

    Combo Fix

    ComboFix 08-04-22.5 - Wares 2008-04-25 1:39:19.1 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1594 [GMT 2:00]
    Endroit: C:\Users\Wares\Desktop\index_fichiers\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
    C:\Windows\system32\cBSmNgFX.dll
    C:\Windows\system32\vTlLDwuT.dll
    C:\Windows\system32\vtUOhhIY.dll

    ----- BITS: Possible sites infectés -----

    hxxp://rad.msn.com
    hxxp://ads.msn.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 23:37 --------- d---a-w C:\PROGRA~2\TEMP
    2008-04-24 22:13 --------- d-----w C:\Users\Wares\AppData\Roaming\uTorrent
    2008-04-24 18:50 --------- d-----w C:\Program Files\Lavasoft
    2008-04-24 18:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-24 18:06 1,048,576 --sha-w C:\Users\Invité\ntuser.dat
    2008-04-24 18:06 1,048,576 --sha-w C:\Users\Invité\ntuser.dat
    2008-04-24 18:04 --------- d-----w C:\Program Files\Steam
    2008-04-24 13:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-24 11:43 --------- d-----w C:\PROGRA~2\Google Updater
    2008-04-24 10:16 --------- d-----w C:\Program Files\Spyware Doctor
    2008-04-23 22:29 --------- d-----w C:\Program Files\Real
    2008-04-23 22:29 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-04-23 22:29 --------- d-----w C:\Program Files\Common Files\Real
    2008-04-23 13:08 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
    2008-04-23 10:03 --------- d-----w C:\Program Files\Norton 360
    2008-04-22 17:07 --------- d-----w C:\Program Files\Ubisoft
    2008-04-22 11:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-22 09:33 --------- d-----w C:\Program Files\Google
    2008-04-20 22:01 --------- d-----w C:\Program Files\Eidos Interactive
    2008-04-20 15:34 --------- d-----w C:\Users\Wares\AppData\Roaming\SystemRequirementsLab
    2008-04-20 15:34 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-04-20 13:57 --------- d-----w C:\Users\Wares\AppData\Roaming\HP
    2008-04-20 12:30 --------- d-----w C:\PROGRA~2\NVIDIA
    2008-04-19 21:10 --------- d-----w C:\Users\Wares\AppData\Roaming\Ubisoft
    2008-04-19 21:10 --------- d-----w C:\PROGRA~2\Ubisoft
    2008-04-19 16:49 --------- d-----w C:\PROGRA~2\Skype
    2008-04-19 08:42 --------- d-----w C:\Users\Wares\AppData\Roaming\Roxio
    2008-04-18 18:29 --------- d-----w C:\PROGRA~2\Symantec
    2008-04-18 17:17 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-04-18 11:07 --------- d-----w C:\Program Files\Activision
    2008-04-17 21:00 --------- d-----w C:\Users\Wares\AppData\Roaming\Symantec
    2008-04-17 15:10 --------- d-----w C:\Program Files\NavigationTool
    2008-04-17 12:34 --------- d-----w C:\Users\Wares\AppData\Roaming\LimeWire
    2008-04-14 23:23 --------- d-----w C:\Users\Wares\AppData\Roaming\Classes de site
    2008-04-14 23:19 --------- d-----w C:\Users\Wares\AppData\Roaming\Sites
    2008-04-14 23:09 --------- d-----w C:\Users\Wares\AppData\Roaming\Dynamique
    2008-04-14 23:09 --------- d-----w C:\Program Files\vmntoolbar
    2008-04-14 23:09 --------- d-----w C:\Program Files\Visicom Media
    2008-04-14 16:51 --------- d-----w C:\Users\Wares\AppData\Roaming\gtk-2.0
    2008-04-14 08:21 --------- d-----w C:\Program Files\HP
    2008-04-13 17:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
    2008-04-10 04:00 --------- d-----w C:\Program Files\Windows Mail
    2008-04-09 19:25 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-04-08 03:47 --------- d-----w C:\Program Files\Picasa2
    2008-04-07 15:32 --------- d-----w C:\Program Files\Infogrames
    2008-04-06 15:50 --------- d-----w C:\Users\Wares\AppData\Roaming\ma-config.com
    2008-04-06 15:50 --------- d-----w C:\Program Files\ma-config.com
    2008-04-05 19:23 --------- d-----w C:\PROGRA~2\Trymedia
    2008-04-03 03:38 --------- d-----w C:\Program Files\Common Files\Steam
    2008-04-02 10:38 --------- d-----w C:\Program Files\AVIConverter
    2008-03-29 12:17 --------- d-----w C:\Program Files\NovaLogic
    2008-03-29 08:59 --------- d-----w C:\Program Files\Java
    2008-03-26 19:28 --------- d-----w C:\Users\Wares\AppData\Roaming\Media Player Classic
    2008-03-26 17:05 --------- d-----w C:\Users\Wares\AppData\Roaming\Petroglyph
    2008-03-26 17:01 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
    2008-03-26 16:56 --------- d-----w C:\Program Files\LucasArts
    2008-03-26 16:55 --------- d-----w C:\Users\Wares\AppData\Roaming\InstallShield
    2008-03-26 07:22 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-03-26 07:22 --------- d-----w C:\PROGRA~2\BOONTY
    2008-03-23 19:16 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-03-22 11:58 --------- d-----w C:\PROGRA~2\NFS Underground
    2008-03-22 10:57 --------- d-----w C:\Program Files\EA GAMES
    2008-03-22 10:46 174 --sha-w C:\Program Files\desktop.ini
    2008-03-22 10:34 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-22 10:34 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-03-22 10:34 --------- d-----w C:\Program Files\Windows Journal
    2008-03-22 10:34 --------- d-----w C:\Program Files\Windows Defender
    2008-03-22 10:34 --------- d-----w C:\Program Files\Windows Collaboration
    2008-03-22 10:34 --------- d-----w C:\Program Files\Windows Calendar
    2008-03-22 09:38 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-03-22 09:37 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-03-16 10:26 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-16 10:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-16 10:19 --------- d-----w C:\Program Files\Windows Live
    2008-03-16 10:18 --------- d-----w C:\PROGRA~2\WLInstaller
    2008-03-15 10:25 --------- d-----w C:\PROGRA~2\Lavasoft
    2008-03-11 19:38 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
    2008-03-08 16:00 --------- d-----w C:\Users\Wares\AppData\Roaming\PC Tools
    2008-03-07 22:22 673 ----a-w C:\Users\Wares\AppData\Roaming\waver_2.95.dat
    2008-03-07 22:05 --------- d-----w C:\Program Files\Common Files\AVSMedia
    2008-03-07 21:42 --------- d-----w C:\Users\Wares\AppData\Roaming\AVS4YOU
    2008-03-07 21:42 --------- d-----w C:\PROGRA~2\AVS4YOU
    2008-03-07 04:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-03-03 14:27 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-03-03 14:27 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-03-03 14:27 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-03-03 14:27 --------- d-----w C:\Program Files\Symantec
    2008-03-03 10:01 --------- d-----w C:\Users\Wares\AppData\Roaming\Packard Bell
    2008-03-02 09:49 --------- d-----w C:\Program Files\Electronic Arts
    2008-03-01 09:00 --------- d-----w C:\Program Files\SiS VGA Utilities
    2008-03-01 09:00 --------- d-----w C:\Program Files\Seagate
    2008-03-01 07:28 --------- d-----w C:\PROGRA~2\Templates
    2008-03-01 07:28 --------- d-----w C:\PROGRA~2\Start Menu
    2008-03-01 07:28 --------- d-----w C:\PROGRA~2\Favorites
    2008-03-01 07:28 --------- d-----w C:\PROGRA~2\Documents
    2008-03-01 07:28 --------- d-----w C:\PROGRA~2\Desktop
    2008-03-01 07:28 --------- d-----w C:\PROGRA~2\Application Data
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 17:06 2027792]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 17:02 563984]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "BigDogPath"="C:\Windows\VM_STI.exe" [2003-01-21 15:19 40960]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 00:29 185896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-07 06:46:45 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{33EBDB45-7880-42BC-A6BE-2003E1022927}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B66B330A-EE87-4740-8CA9-183419F95EA3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{90F14DB1-1C3D-40BC-901E-FB8E04F3100B}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{BD70D58B-D197-468E-B2E8-E4F4AEB295D0}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{706EA35C-D32F-43E3-87AC-C0CA5DADD9AD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{3EAF7C77-3290-45D3-99E5-F086F2C406BC}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{E4B0A7C9-5623-48E6-A29F-44C2DF74BDA1}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{B88485D1-B17C-4008-AF43-B2AEFA4B7E2D}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{361AB187-FD3A-43A7-BDF0-FA867EF8228E}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{1CA6CFF5-08D7-4D0F-AAB4-3C894BB6A386}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{7C264828-BFF5-4867-BF83-717ABF684FF1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{42D0C7DB-949D-4354-88A8-9E843552591A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{806A3D45-3025-4DB9-B3C3-C89365D031CE}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{64CD30B3-EA4C-4216-80CE-D216417F9151}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{08AF8AA0-E159-4898-A8BE-609171BF9B9C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{F660AD53-EA97-45E8-B4CD-B55255A68489}C:\\users\\croguennec\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\croguennec\program files\utorrent\utorrent.exe:utorrent.exe
    "UDP Query User{3BB51B8A-C0C9-4732-B8B7-1864232D7E9C}C:\\users\\croguennec\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\croguennec\program files\utorrent\utorrent.exe:utorrent.exe
    "TCP Query User{83B6A308-4C74-49A6-8758-7484B93BD145}C:\\program files\\ea games\\mohda\\mohaa.exe"= UDP:C:\program files\ea games\mohda\mohaa.exe:Medal of Honor Allied Assault(tm)
    "UDP Query User{05244FF0-E72A-4A4F-AD46-A05DB3C20B75}C:\\program files\\ea games\\mohda\\mohaa.exe"= TCP:C:\program files\ea games\mohda\mohaa.exe:Medal of Honor Allied Assault(tm)
    "{09D57283-C31A-44B9-902D-F7D6A6259065}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{39875AB0-FC21-4166-B703-34EF2386181F}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
    "{65B77F42-A6D3-4603-8C5D-52FCC6B916CA}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
    "{66ECA6A0-F98A-4A36-98CA-6157870E782C}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)
    "{2F4C69C2-6F69-44CA-A2F6-57439A7C5E17}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)
    "TCP Query User{1715B042-EEFB-47FC-A2C3-D97EDC21160E}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{8B1B09C1-1AB7-4DD2-95F3-8BDE1D7561FB}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer

    S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080423.001\IDSvix86.sys [2008-02-14 03:39]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-03-26 09:22]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 11:24]
    S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
    S3 ZSMC302;V-Gear TalkCam 1.1;C:\Windows\system32\Drivers\usbvm302.sys [2004-03-19 18:11]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \shell\AutoRun\command - J:\
    \shell\open\Command - 1074A087.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \shell\AutoRun\command - M:\
    \shell\open\Command - 1074A087.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af19c37-d4e6-11dc-8635-806e6f6e6963}]
    \shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf9d4ab-d536-11dc-9334-001d7d2482df}]
    \shell\AutoRun\command - M:\
    \shell\open\Command - 1074A087.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - ECACHE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-25 01:43:03
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-25 1:44:07
    ComboFix-quarantined-files.txt 2008-04-24 23:44:04

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    240 --- E O F --- 2008-04-24 21:56:09

    Rapport VirtumundoBeGone

    [04/25/2008, 12:07:19] - VirtumundoBeGone v1.5 ( "C:\Users\CROGUENNEC\Documents\Mes téléchargements\VirtumundoBeGone.exe" )
    [04/25/2008, 12:07:21] - Detected System Information:
    [04/25/2008, 12:07:21] - Windows Version: 6.0.6001, Service Pack 1
    [04/25/2008, 12:07:21] - Current Username: Wares (Admin)
    [04/25/2008, 12:07:21] - Windows is in NORMAL mode.
    [04/25/2008, 12:07:21] - Searching for Browser Helper Objects:
    [04/25/2008, 12:07:21] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
    [04/25/2008, 12:07:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/25/2008, 12:07:21] - Checking for HKLM\...\Winlogon\Notify\NppBho
    [04/25/2008, 12:07:21] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
    [04/25/2008, 12:07:21] - Finished Searching Browser Helper Objects
    [04/25/2008, 12:07:21] - Finishing up...
    [04/25/2008, 12:07:21] - Nothing found! Exiting...
    0
  3. ludsfa Messages postés 1287 Statut Membre 15
     
    bien on continue,

    Copie le texte se situant en gras ci-dessous.

    folder::
    C:\Program Files\Common Files\BOONTY Shared
    C:\PROGRA~2\BOONTY

    registry::

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"=


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :clic sur le lien pour voir.
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    Fais analyser ces fichier sur ce site >> Virustotal: http://www.virustotal.com/flash/index_en.html

    Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :

    C:\Windows\System32\ifxcardm.dll

    C:\Windows\System32\axaltocm.dll

    Clique maintenant sur envoyer le fichier.
    Poste le rapport
    0
  4. Warkeny Messages postés 22 Statut Membre
     
    OK je vais le faire

    Pour combofix je fais se que ta dit je tape 1 mais quand je met entrer sa me met 1 n'es pas reconnu en tans que commande Externe
    Que faire en mode sans echec pour vista normalement ????
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ludsfa Messages postés 1287 Statut Membre 15
     
    Ce n'est pas grave laisse combofix pour le moment et analyse les fichiers.

    ensuite efface ta version d'hijackthis et télécharge cette version: Hijackthis et fais un rapport.

    à tout à l'heure.
    0
  7. Warkeny Messages postés 22 Statut Membre
     
    OK
    0
  8. Warkeny Messages postés 22 Statut Membre
     
    Voilà le rapport de ifxcardm.dll

    AhnLab-V3 2008.4.25.2 2008.04.25 -
    AntiVir 7.8.0.10 2008.04.25 -
    Authentium 4.93.8 2008.04.25 -
    Avast 4.8.1169.0 2008.04.24 -
    AVG 7.5.0.516 2008.04.25 -
    BitDefender 7.2 2008.04.25 -
    CAT-QuickHeal 9.50 2008.04.24 -
    ClamAV 0.92.1 2008.04.25 -
    DrWeb 4.44.0.09170 2008.04.25 -
    eSafe 7.0.15.0 2008.04.21 -
    eTrust-Vet 31.3.5733 2008.04.25 -
    Ewido 4.0 2008.04.25 -
    F-Prot 4.4.2.54 2008.04.24 -
    F-Secure 6.70.13260.0 2008.04.25 -
    FileAdvisor 1 2008.04.25 -
    Fortinet 3.14.0.0 2008.04.25 -
    Ikarus T3.1.1.26.0 2008.04.25 -
    Kaspersky 7.0.0.125 2008.04.25 -
    McAfee 5281 2008.04.24 -
    Microsoft 1.3408 2008.04.22 -
    NOD32v2 3054 2008.04.25 -
    Norman 5.80.02 2008.04.24 -
    Panda 9.0.0.4 2008.04.25 -
    Prevx1 V2 2008.04.25 -
    Rising 20.41.42.00 2008.04.25 -
    Sophos 4.28.0 2008.04.25 -
    Sunbelt 3.0.1056.0 2008.04.17 -
    Symantec 10 2008.04.25 -
    TheHacker 6.2.92.291 2008.04.24 -
    VBA32 3.12.6.5 2008.04.24 -
    VirusBuster 4.3.26:9 2008.04.24 -
    Webwasher-Gateway 6.6.2 2008.04.25 -
    Information additionnelle
    File size: 101888 bytes
    MD5...: 4709b08070aad89bb6b40e4014321f59
    SHA1..: d1ee7f64522fe5971a76660890576587376230bc
    SHA256: 5a18d5c6c68e87c0e14657438deed8efb73a0602510c26cb22287ec8489bcc8b
    SHA512: 78732b15ebe07b35bf65e7e4a7b7a28bf351bc667f8852112a92def6a7571582
    475555a85e99ddacc585ff7018d00e102d027a88dd6d772f16663034a0eff52a
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x133f4206
    timedatestamp.....: 0x4791a6ea (Sat Jan 19 07:29:46 2008)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1724c 0x17400 5.87 de177d7b39dda5c8f195491e483ee444
    .data 0x19000 0x558 0x200 4.76 63aaad904088cc42d33f1575e2187c96
    .rsrc 0x1a000 0x3f8 0x400 3.37 c16ad1e9f03d898c7920f70e5a19c2c5
    .reloc 0x1b000 0xf16 0x1000 6.12 1e103b80273071b56b2d2879143d4a11

    ( 3 imports )
    > msvcrt.dll: _XcptFilter, _initterm, _amsg_exit, _adjust_fdiv, __1type_info@@UAE@XZ, _callnewh, __dllonexit, _lock, _onexit, _except_handler4_common, __RTDynamicCast, wcsncmp, memcmp, memcpy, memmove_s, memcpy_s, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, strlen, __0exception@@QAE@XZ, __1exception@@UAE@XZ, __0exception@@QAE@ABV0@@Z, _purecall, __CxxFrameHandler3, _msize, memset, free, _CxxThrowException, _unlock, malloc
    > KERNEL32.dll: GetSystemTimeAsFileTime, InterlockedExchange, Sleep, InterlockedCompareExchange, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, DisableThreadLibraryCalls, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, OutputDebugStringA
    > WinSCard.dll: SCardSetCardTypeProviderNameA, SCardIntroduceCardTypeA, SCardTransmit, SCardForgetCardTypeA

    ( 3 exports )
    CardAcquireContext, DllRegisterServer, DllUnregisterServer
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=4709b08070aad89bb6b40e4014321f59

    et l'autre axaltocm.dll

    AhnLab-V3 2008.4.19.0 2008.04.18 -
    AntiVir 7.8.0.8 2008.04.20 -
    Authentium 4.93.8 2008.04.20 -
    Avast 4.8.1169.0 2008.04.21 -
    AVG 7.5.0.516 2008.04.20 -
    BitDefender 7.2 2008.04.21 -
    CAT-QuickHeal 9.50 2008.04.19 -
    ClamAV 0.92.1 2008.04.21 -
    DrWeb 4.44.0.09170 2008.04.20 -
    eSafe 7.0.15.0 2008.04.17 -
    eTrust-Vet 31.3.5714 2008.04.19 -
    Ewido 4.0 2008.04.20 -
    F-Prot 4.4.2.54 2008.04.20 -
    F-Secure 6.70.13260.0 2008.04.21 -
    FileAdvisor 1 2008.04.21 -
    Fortinet 3.14.0.0 2008.04.21 -
    Ikarus T3.1.1.26 2008.04.21 -
    Kaspersky 7.0.0.125 2008.04.21 -
    McAfee 5277 2008.04.18 -
    Microsoft 1.3408 2008.04.21 -
    NOD32v2 3041 2008.04.19 -
    Norman 5.80.02 2008.04.18 -
    Panda 9.0.0.4 2008.04.20 -
    Prevx1 V2 2008.04.21 -
    Rising 20.40.62.00 2008.04.20 -
    Sophos 4.28.0 2008.04.21 -
    Sunbelt 3.0.1056.0 2008.04.17 -
    Symantec 10 2008.04.21 -
    TheHacker 6.2.92.285 2008.04.19 -
    VBA32 3.12.6.4 2008.04.16 -
    VirusBuster 4.3.26:9 2008.04.20 -
    Webwasher-Gateway 6.6.2 2008.04.20 -
    Information additionnelle
    File size: 82432 bytes
    MD5...: b00b85d60f8678f011f76943041b619b
    SHA1..: 14c85ee0d22c0c4dcab637ed70da59aac6202487
    SHA256: e5586c2188c680efefd5685d74f1ecf8462f69d3fd939608b2ac92ee53c6ac16
    SHA512: 042cf6fcb3dd263dd195060d6d1b5fd4fb84975c0d4480f1f619e7485d5bc9e9
    13f193fe39b2b6a1d01a6b8f7b2d523774405e6a519c3ff22a7d42493eead1b7
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1592c400
    timedatestamp.....: 0x4791a656 (Sat Jan 19 07:27:18 2008)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x118bb 0x11a00 6.30 61b7bdc8304e04a09b143127cc163475
    .data 0x13000 0xca0 0xa00 4.60 6ba1b0a295ee909c462904c6f09b59f7
    .rsrc 0x14000 0x3e0 0x400 3.32 7eca6bde52d42704f96af557ee53a442
    .reloc 0x15000 0x142a 0x1600 5.59 16265e207c2c70b6f0fdfdc377faefe3

    ( 3 imports )
    > msvcrt.dll: _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __1type_info@@UAE@XZ, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, malloc, _callnewh, free, _strdup, _strlwr_s, memset, _stricmp, strtoul, _purecall, __0exception@@QAE@XZ, _CxxThrowException, __CxxFrameHandler3, memcpy, memmove_s, memcpy_s, __0exception@@QAE@ABV0@@Z, __1exception@@UAE@XZ, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z
    > KERNEL32.dll: DisableThreadLibraryCalls, InitializeCriticalSection, DeleteCriticalSection, GetModuleHandleW, FormatMessageW, InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LocalFree
    > WinSCard.dll: SCardIntroduceCardTypeW, SCardForgetCardTypeW, SCardBeginTransaction, SCardEndTransaction, SCardReleaseContext, SCardConnectW, SCardEstablishContext, SCardTransmit, g_rgSCardT0Pci, SCardFreeMemory, SCardDisconnect, SCardGetStatusChangeW, SCardListReadersW, SCardSetCardTypeProviderNameW

    ( 105 exports )
    __0SmartCardMarshaller@Marshaller@@QAE@KGPAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@V_STL70@@@std@@IG@Z, __0SmartCardMarshaller@Marshaller@@QAE@PAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@V_STL70@@@std@@G0IG@Z, __0StringArray@Marshaller@@QAE@ABV01@@Z, __0StringArray@Marshaller@@QAE@H@Z, __0u1Array@Marshaller@@QAE@AAV01@II@Z, __0u1Array@Marshaller@@QAE@ABV01@@Z, __0u1Array@Marshaller@@QAE@H@Z, __0u2Array@Marshaller@@QAE@ABV01@@Z, __0u2Array@Marshaller@@QAE@H@Z, __0u4Array@Marshaller@@QAE@ABV01@@Z, __0u4Array@Marshaller@@QAE@H@Z, __0u8Array@Marshaller@@QAE@ABV01@@Z, __0u8Array@Marshaller@@QAE@H@Z, __1SmartCardMarshaller@Marshaller@@QAE@XZ, __1StringArray@Marshaller@@QAE@XZ, __1u1Array@Marshaller@@QAE@XZ, __1u2Array@Marshaller@@QAE@XZ, __1u4Array@Marshaller@@QAE@XZ, __1u8Array@Marshaller@@QAE@XZ, __4SmartCardMarshaller@Marshaller@@QAEAAV01@ABV01@@Z, __4StringArray@Marshaller@@QAEAAV01@ABV01@@Z, __4u1Array@Marshaller@@QAEAAV01@ABV01@@Z, __4u2Array@Marshaller@@QAEAAV01@ABV01@@Z, __4u4Array@Marshaller@@QAEAAV01@ABV01@@Z, __4u8Array@Marshaller@@QAEAAV01@ABV01@@Z, __Hu1Array@Marshaller@@QAEAAV01@AAV01@@Z, __Hu1Array@Marshaller@@QAEAAV01@E@Z, __Hu1Array@Marshaller@@QAEAAV01@G@Z, __Hu1Array@Marshaller@@QAEAAV01@I@Z, __Hu1Array@Marshaller@@QAEAAV01@_K@Z, __Hu2Array@Marshaller@@QAEAAV01@AAV01@@Z, __Hu2Array@Marshaller@@QAEAAV01@G@Z, __Hu4Array@Marshaller@@QAEAAV01@AAV01@@Z, __Hu4Array@Marshaller@@QAEAAV01@I@Z, __Hu8Array@Marshaller@@QAEAAV01@AAV01@@Z, __Hu8Array@Marshaller@@QAEAAV01@_K@Z, __Yu1Array@Marshaller@@QAEAAV01@AAV01@@Z, __Yu1Array@Marshaller@@QAEAAV01@E@Z, __Yu1Array@Marshaller@@QAEAAV01@G@Z, __Yu1Array@Marshaller@@QAEAAV01@I@Z, __Yu1Array@Marshaller@@QAEAAV01@_K@Z, __Yu2Array@Marshaller@@QAEAAV01@AAV01@@Z, __Yu2Array@Marshaller@@QAEAAV01@G@Z, __Yu4Array@Marshaller@@QAEAAV01@AAV01@@Z, __Yu4Array@Marshaller@@QAEAAV01@I@Z, __Yu8Array@Marshaller@@QAEAAV01@AAV01@@Z, __Yu8Array@Marshaller@@QAEAAV01@_K@Z, _Append@u1Array@Marshaller@@QAEAAV12@PAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@V_STL70@@@std@@@Z, _GetBuffer@u1Array@Marshaller@@QAEPAEXZ, _GetBuffer@u2Array@Marshaller@@QAEPAGXZ, _GetBuffer@u4Array@Marshaller@@QAEPAIXZ, _GetBuffer@u8Array@Marshaller@@QAEPA_KXZ, _GetLength@StringArray@Marshaller@@QAEIXZ, _GetLength@u1Array@Marshaller@@QAEIXZ, _GetLength@u2Array@Marshaller@@QAEIXZ, _GetLength@u4Array@Marshaller@@QAEIXZ, _GetLength@u8Array@Marshaller@@QAEIXZ, _GetStringAt@StringArray@Marshaller@@QAEPAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@V_STL70@@@std@@I@Z, _Invoke@SmartCardMarshaller@Marshaller@@QAAXHZZ, _IsNull@StringArray@Marshaller@@QAEEXZ, _IsNull@u1Array@Marshaller@@QAEEXZ, _IsNull@u2Array@Marshaller@@QAEEXZ, _IsNull@u4Array@Marshaller@@QAEEXZ, _IsNull@u8Array@Marshaller@@QAEEXZ, _ReadU1At@u1Array@Marshaller@@QAEEI@Z, _ReadU2At@u2Array@Marshaller@@QAEGI@Z, _ReadU4At@u4Array@Marshaller@@QAEII@Z, _ReadU8At@u8Array@Marshaller@@QAE_KI@Z, _SetBuffer@u1Array@Marshaller@@QAEXPAE@Z, _SetBuffer@u2Array@Marshaller@@QAEXPAG@Z, _SetBuffer@u4Array@Marshaller@@QAEXPAI@Z, _SetBuffer@u8Array@Marshaller@@QAEXPA_K@Z, _SetInputStream@SmartCardMarshaller@Marshaller@@QAEXP6GXAAVu1Array@2@0@Z@Z, _SetOutputStream@SmartCardMarshaller@Marshaller@@QAEXP6GXAAVu1Array@2@0@Z@Z, _SetStringAt@StringArray@Marshaller@@QAEXIPAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@V_STL70@@@std@@@Z, _SetU1At@u1Array@Marshaller@@QAEXIE@Z, _UpdatePCSCCardHandle@SmartCardMarshaller@Marshaller@@QAEXK@Z, CardAcquireContext, CardAuthenticateChallenge, CardAuthenticatePin, CardChangeAuthenticator, CardConstructDHAgreement, CardCreateContainer, CardCreateDirectory, CardCreateFile, CardDeauthenticate, CardDeleteContainer, CardDeleteContext, CardDeleteDirectory, CardDeleteFile, CardEnumFiles, CardGetChallenge, CardGetContainerInfo, CardGetFileInfo, CardQueryCapabilities, CardQueryFreeSpace, CardQueryKeySizes, CardRSADecrypt, CardReadFile, CardSignData, CardUnblockPin, CardWriteFile, DllMain, DllRegisterServer, DllUnregisterServer
    0
  9. ludsfa Messages postés 1287 Statut Membre 15
     
    bien relance combofix une fois mais sans le script et fais un hijackthis ensuite.
    0
  10. Warkeny Messages postés 22 Statut Membre
     
    Voilà

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:15:09, on 25/04/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\VM_STI.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Users\Wares\Desktop\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  11. ludsfa Messages postés 1287 Statut Membre 15
     
    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau:
    https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE :http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

    * Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
    * Afin de lancer la recherche, clic sur"Rechercher".
    * Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

    AIDE sur malwarebytes anti malware:http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
    0
  12. Warkeny Messages postés 22 Statut Membre
     
    ok je ferait
    pour savoir quand esque que sa sera bon
    0
  13. ludsfa Messages postés 1287 Statut Membre 15
     
    après ça normalement se seras bon.
    0
  14. Warkeny Messages postés 22 Statut Membre
     
    voilà le rapport

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 599

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 177123
    Temps écoulé: 32 minute(s), 18 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenUSave) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.

    Fichier(s) infecté(s):
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Users\Wares\Documents\Mes téléchargements\PLAY_MP3.exe (Adware.Agent) -> No action taken.

    visiblement sa va mieux j'ai récupérer 10Go pourquoi sa ??
    0
  15. ludsfa Messages postés 1287 Statut Membre 15
     
    Ce sont des malware.

    Il me faut le deuxième rapport malwarebytes celui avec les suppression.

    ensuite refais moi un hijackthis stp.
    0
  16. Warkeny Messages postés 22 Statut Membre
     
    Eux il y avait un deuxième ????

    Voilà HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:12:01, on 25/04/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\VM_STI.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Spyware Doctor\pctsGui.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Wares\Desktop\Antis virus et cheval de troie\HiJackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  17. ludsfa Messages postés 1287 Statut Membre 15
     
    oui ,

    si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    0
  18. ludsfa Messages postés 1287 Statut Membre 15
     
    Bien ,
    on termine.

    Télécharge sur ton bureau Clean (zip) :
    http://www.malekal.com/download/clean.zip

    = Clic droit sur Clean.zip et Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
    =double-clic Dossier Clean
    = double-clic Clean. ( avec comme symbole une roue dentée)
    = Option 1 = taper 1
    = Clean va générer un rapport sur le C: (rapport.txt)
    0
  19. Warkeny Messages postés 22 Statut Membre
     
    mais c'est se que j'ai fait j'ai suprimer et un rapport est apparu donc je l'ai enregistrer
    mais je vais refaire au cas ou
    0
  20. Warkeny Messages postés 22 Statut Membre
     
    le logiciel clean marche pas
    sa me met sa avant la touche 1

    http://img174.imageshack.us/img174/1078/ferk9.jpg

    Après la touche 1

    http://img129.imageshack.us/img129/3139/nsrevyp5.jpg

    que faire attendre
    0
  21. ludsfa Messages postés 1287 Statut Membre 15
     
    ok télécharge ToolsCleaner sur ton bureau .
    une fois installé tu fais rechercher et puis en suite suppression.
    un rapport va être fait envois le stp.
    0
  • 1
  • 2