[virus] Je crois etre infecté

Question

Bonjour,
J'explique mon cas , je suis newbie dans tous ce qui est windows , virus etc et je pense etre infecté , ( je crois que c'est le virus heat )
J'explique mon cas :
-Des fenetre de pub qui s'ouvre parfois .
A chaque démarrage , mon antivirus me signale des virus dans AppData ( ce sont des fichier dll ) 
Puis de temp en temp , mon ordinateur ram beaucoup .

Donc ques que je dois faire , j'ai regardé un peu de partout , et j'ai vu qui faut télécharger des logiciel comme hijakthis , combofix ... lequel je dois prendre ?

jlpjlp · Answer

slt,






Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider. 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 

-----------------

colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

-----------------

mako6 · Answer

J'ai fais avec combofix , et voila le rapport
ComboFix 08-05-01.3 - Gardes 2008-05-04 17:39:25.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.909 [GMT 2:00]
Endroit: C:\Users\Gardes\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))))))))
.

2008-05-04 17:36 . 2008-05-04 17:37 <REP> d-------- C:\327882R2FWJFW
2008-05-02 18:46 . 2008-05-02 23:56 <REP> d-------- C:\Users\Gardes\AppData\Roaming\Skype
2008-05-01 19:51 . 2008-05-01 19:51 <REP> d-------- C:\Program Files\RADVideo
2008-05-01 15:50 . 2008-05-01 15:50 <REP> d-------- C:\Users\All Users\pI3demoLicense
2008-05-01 13:55 . 2008-05-01 13:56 <REP> d-------- C:\Program Files\particleIllusion 3.0 demo
2008-04-26 11:29 . 2008-04-26 11:29 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-26 11:29 . 2008-04-26 11:29 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-26 11:28 . 2008-04-26 11:28 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-04-26 11:28 . 2008-04-26 11:28 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-04-26 11:28 . 2008-04-26 11:28 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-04-26 11:28 . 2008-04-26 11:28 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-04-26 11:28 . 2008-04-26 11:28 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-04-26 11:28 . 2008-04-26 11:28 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-04-26 11:26 . 2008-04-26 11:26 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-04-26 11:23 . 2008-04-26 11:23 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-26 11:22 . 2008-04-26 11:22 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-26 11:22 . 2008-04-26 11:22 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-26 11:22 . 2008-04-26 11:22 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-26 11:22 . 2008-04-26 11:22 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-26 11:21 . 2008-04-26 11:21 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-04-26 11:21 . 2008-04-26 11:21 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-04-26 11:21 . 2008-04-26 11:21 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-26 11:20 . 2008-04-26 11:20 118 --a------ C:\Windows\System32\MRT.INI
2008-04-26 11:19 . 2008-04-26 11:19 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-26 11:19 . 2008-04-26 11:19 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-26 11:14 . 2008-04-26 11:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-04-26 11:14 . 2008-04-26 11:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-26 11:14 . 2008-04-26 11:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-26 11:14 . 2008-04-26 11:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-26 11:14 . 2008-04-26 11:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-26 11:08 . 2008-04-26 11:08 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-26 11:08 . 2008-04-26 11:08 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-26 11:08 . 2008-04-26 11:08 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-04-26 11:07 . 2008-04-26 11:07 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-26 00:42 . 2008-04-26 00:48 <REP> d-------- C:\Downloads
2008-04-26 00:41 . 2008-04-26 00:41 <REP> d-------- C:\Program Files\FlashGet
2008-04-25 19:25 . 2008-04-25 19:25 <REP> d-------- C:\Users\All Users\Macromedia
2008-04-25 19:22 . 2008-04-25 19:22 <REP> d-------- C:\Windows\Downloaded Installations
2008-04-25 18:34 . 2008-04-25 18:35 <REP> d-------- C:\Users\Gardes\AppData\Roaming\Notepad++
2008-04-24 19:15 . 2008-04-24 19:18 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-23 18:33 . 2008-04-23 18:33 2,655 --a------ C:\Users\All Users\LUUnInstall.LiveUpdate
2008-04-23 16:43 . 2008-04-23 16:43 <REP> d-------- C:\Program Files\IntelliTamper
2008-04-18 18:15 . 2008-04-27 12:34 <REP> d-------- C:\Users\Gardes\AppData\Roaming\FileZilla
2008-04-18 03:08 . 2008-04-18 03:10 <REP> d-------- C:\FAUXVIRUS
2008-04-17 23:15 . 2008-04-17 23:15 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-17 23:15 . 2008-04-17 23:15 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-17 23:15 . 2008-04-17 23:15 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-17 23:15 . 2008-04-17 23:15 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-17 23:14 . 2008-04-17 23:14 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-17 23:14 . 2008-04-17 23:14 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-17 23:14 . 2008-04-17 23:14 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-17 23:13 . 2008-04-17 23:13 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-17 23:13 . 2008-04-17 23:13 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-17 18:55 . 2008-04-17 18:55 <REP> d-------- C:\Users\Gardes\AppData\Roaming\Grisoft
2008-04-17 18:55 . 2008-04-17 18:55 <REP> d-------- C:\Users\All Users\Grisoft
2008-04-17 18:55 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-11 22:04 . 2008-04-11 22:04 <REP> d-------- C:\Windows\System32\QuickTime
2008-04-11 22:04 . 2008-01-18 03:36 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-04-11 22:03 . 2008-04-11 22:03 <REP> d-------- C:\Users\All Users\TechSmith
2008-04-11 22:03 . 2008-04-11 22:03 <REP> d-------- C:\Program Files\TechSmith
2008-04-11 22:03 . 2008-04-11 22:03 <REP> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-04-11 21:42 . 2008-04-11 21:42 <REP> d-------- C:\Program Files\Fraps
2008-04-11 21:15 . 2008-04-11 21:15 <REP> d-------- C:\Program Files\DebugMode
2008-04-11 17:17 . 2008-04-11 17:17 <REP> d-------- C:\Program Files\Capturino 1.4
2008-04-11 12:34 . 2008-04-11 12:34 <REP> d-------- C:\Users\Gardes\All Users
2008-04-11 00:46 . 2008-04-11 00:46 <REP> d-------- C:\Users\All Users\Lauyan
2008-04-11 00:46 . 2008-04-11 00:46 <REP> d-------- C:\Program Files\Lauyan
2008-04-09 23:41 . 2008-04-09 23:43 <REP> d-------- C:\Users\Gardes\AppData\Roaming\teamspeak2
2008-04-08 17:18 . 2008-04-08 17:18 <REP> d-------- C:\Program Files\The Foundry
2008-04-08 14:50 . 2008-04-08 14:56 <REP> d-------- C:\Users\Gardes\AppData\Roaming\Audacity
2008-04-08 13:25 . 2008-04-08 13:25 <REP> d-------- C:\Program Files\HyCam2
2008-04-05 23:55 . 2008-04-05 23:55 <REP> d-------- C:\Program Files\Boris FX, Inc
2008-04-04 20:58 . 2008-04-04 20:59 <REP> d-------- C:\Users\All Users\WinZip
2008-04-04 17:22 . 2008-04-04 17:23 <REP> d-------- C:\Users\Gardes\AppData\Roaming\Autodesk
2008-04-04 16:47 . 2008-04-04 16:47 <REP> d-------- C:\Autodesk
2008-04-04 13:43 . 2008-04-14 12:23 <REP> d-------- C:\Users\Gardes\AppData\Roaming\TeamViewer
2008-04-04 12:40 . 2008-05-04 10:30 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-04 12:40 . 2008-04-04 12:40 1,409 --a------ C:\Windows\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 14:46 27,430 ----a-w C:\Users\Gardes\AppData\Roaming\nvModes.dat
2008-05-04 13:09 --------- d-----w C:\Users\Gardes\AppData\Roaming\LimeWire
2008-04-27 07:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-26 09:12 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-26 09:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-26 09:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-26 09:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-25 17:28 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-25 17:25 --------- d-----w C:\Program Files\Macromedia
2008-04-25 17:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 15:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-23 16:33 --------- d-----w C:\Program Files\Symantec
2008-04-23 16:33 --------- d-----w C:\Program Files\Norton 360
2008-04-17 12:32 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-15 17:37 --------- d-----w C:\Program Files\EA GAMES
2008-04-15 17:35 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-15 11:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-12 13:03 --------- d-----w C:\Program Files\DivX
2008-04-10 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 19:31 --------- d-----w C:\Program Files\Java
2008-04-04 20:10 --------- d-----w C:\Users\Gardes\AppData\Roaming\Roxio
2008-04-04 15:04 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-04 15:00 --------- d-----w C:\Program Files\Autodesk
2008-04-03 21:08 --------- d-----w C:\Program Files\ThiWeb Live 2
2008-04-03 06:27 --------- d-----w C:\Program Files\Google
2008-04-02 18:56 --------- d-----w C:\Users\Gardes\AppData\Roaming\Packard Bell
2008-04-02 18:27 36,868 ----a-w C:\Program Files\uninst-SoundKeys.exe
2008-04-02 18:27 --------- d-----w C:\Program Files\Trapcode
2008-04-01 15:29 --------- d-----w C:\Program Files\LAB
2008-04-01 14:18 --------- d-----w C:\Users\Gardes\AppData\Roaming\DivX
2008-04-01 11:52 --------- d-----w C:\Users\Gardes\AppData\Roaming\vlc
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 19:52 37,888 ----a-w C:\Windows\System32\rar.exe
2008-03-31 19:00 --------- d-----w C:\Users\Gardes\AppData\Roaming\Ulead Systems
2008-03-31 18:08 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-03-31 18:06 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-31 18:03 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-31 18:00 --------- d-----w C:\Program Files\Ulead Systems
2008-03-30 15:05 --------- d-----w C:\Program Files\WebSite X5 Evolution
2008-03-30 14:50 --------- d-----w C:\Program Files\eMule2
2008-03-30 14:44 --------- d-----w C:\Users\Gardes\AppData\Roaming\eMule
2008-03-30 14:44 --------- d-----w C:\Program Files\eMule
2008-03-30 14:05 --------- d-----w C:\Program Files\Blender Foundation
2008-03-30 13:24 --------- d-----w C:\Program Files\QuickTime
2008-03-30 07:55 --------- d-----w C:\Users\Gardes\AppData\Roaming\Talkback
2008-03-29 22:07 --------- d-----w C:\Users\Gardes\AppData\Roaming\CyberLink
2008-03-29 19:10 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-29 19:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 18:56 --------- d-----w C:\Program Files\Ubisoft
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-28 07:15 --------- d-----w C:\Program Files\Winamp
2008-03-28 07:10 --------- d-----w C:\Program Files\Fake Webcam
2008-03-28 06:31 --------- d-----w C:\Program Files\Photoshop
2008-03-25 18:38 --------- d-----w C:\Program Files\Bonjour
2008-03-25 17:42 --------- d-----w C:\Program Files\Alwil Software
2008-03-24 11:02 --------- d-----w C:\Program Files\Winamp Remote
2008-03-22 15:47 --------- d-----w C:\Program Files\Icecast2 Win32
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-16 09:26 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-02-21 02:05 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-02-21 02:05 120,056 ------w C:\Windows\System32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\Windows\System32\pxinsi64.exe
2007-01-01 00:43 174 --sha-w C:\Program Files\desktop.ini
2007-01-01 08:49 65,536 --sha-w C:\Windows\oem\mp\boot\bootstat.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-26 11:21 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
"cmds"="C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll" [2008-04-25 19:07 315728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-01-01 11:18 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 07:19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 07:19 8478720]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 07:19 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 11:41 845360]
"BisonHK"="C:\Windows\BisonCam\BisonHK.exe" [2007-05-16 18:08 73728]
"EasyMIC"="C:\Windows\BisonCam\EasyMIC.exe" [2007-08-27 22:17 569344]
"CardReaderMonitor"="C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 18:45 643072]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 12:52 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"MRT"="C:\Windows\system32\MRT.exe" [2008-04-05 22:56 19836024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C6D8D525-0CC5-4752-840A-F8396062062E}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{C0D6CFCF-F032-4C36-A8D8-8284A6D23A31}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0D803923-CBC2-4F62-B50F-AF82B2C60771}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2E8F2AF0-5FC5-4E9C-BEEC-0FA2A5DA2A58}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{7862D80F-4D42-4DAF-9F8B-57D6FDE24CD1}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{DAE80581-C80F-4FC7-A44F-39D01B23DC61}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{806653AB-BB48-437F-AFF5-395032F876AA}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{C91EDA8A-1EFC-4821-B3A5-768C2FB2FFDC}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{E5DCEF60-D11D-476B-A2E8-2FF0B735478B}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{08FF93B4-A6D1-4F6D-89C0-73EA0934F8E0}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{DFB43188-63F7-4D69-B404-8114595BC260}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{B82C0615-FDB8-4646-A580-2F341390ABBE}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{180E2A0C-DEEF-4965-A94F-30B0377B200B}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{FC3E064F-F898-464A-BA74-F170176DFD3B}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{AF45D948-FE1A-45F5-AB64-8688B7D6156F}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{E8F05C34-773F-4CCA-9A3B-E6390812DA43}"= UDP:C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{A67103BB-6EC5-4447-99A9-D87DEBE99C48}"= TCP:C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{4AD4D778-27DB-4733-BE51-AFDDAD09460F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{416A807A-9DAD-4B8E-AC26-7F216CFEA625}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{047085C9-88B1-44FA-81B2-8F8266CE75A9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{673DA240-7496-483D-9772-FAE75733D4C3}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EAE45B97-BBD6-45BE-8FCC-C7236AF6BE5A}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{305CB793-B645-42A9-936F-687274CAA301}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{33146210-5223-4916-A469-97CB52FD56A9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3B27B0ED-F5C4-4821-8522-82FE77AAEFB1}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{96CCA57B-F745-44D6-917E-4F55D9E6F235}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{3B6AB533-6AD5-435C-8056-64ECCD07B428}C:\\program files\\emule2\\emule.exe"= UDP:C:\program files\emule2\emule.exe:eMule
"UDP Query User{8972F4E0-6A6A-4003-BBAF-3A561111E7C2}C:\\program files\\emule2\\emule.exe"= TCP:C:\program files\emule2\emule.exe:eMule
"TCP Query User{88DE3989-3343-48BD-BE66-61916C3F1C58}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{2748CED2-D655-49D0-BEF0-C1F006648584}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{6C388903-B1E8-4783-832C-D4AE0051D3A7}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{683EAA40-E82F-473E-9311-DBAFDEFE9E82}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{AD5602BD-746F-4109-96E2-2B1FF545D3E4}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{06330B3D-BCD8-4AD8-9E4C-454562F32DCF}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{1712A13B-EA85-4CCA-BD41-ACB61D3FE536}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{F67CD758-2B71-429C-BA6F-BA7EA0661416}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
R3 Cam5607;Bison WebCam;C:\Windows\system32\Drivers\BisonC07.sys [2007-07-23 20:35]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 02:50]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-09-27 14:46]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 22:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad69acb-1211-11dd-9ac1-00140b3942d5}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\demarrer.html

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-04 15:30:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-05-04 15:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 17:46:53
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll
.
Temps d'accomplissement: 2008-05-04 17:49:02
ComboFix-quarantined-files.txt 2008-05-04 15:48:16

Pre-Run: 84,011,757,568 octets libres
Post-Run: 85,271,818,240 octets libres

289 --- E O F --- 2008-04-26 09:31:01

jlpjlp · Answer

ok colle un hijackhtis

et analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll

mako6 · Answer

Voila avec hijakthis , je vais scanné maintenant .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:51, on 04/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\system32	askeng.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\EasyMIC.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\helppane.exe
C:\Windows\Explorer.exe
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - c:\program files\LAB\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [EasyMIC] C:\Windows\BisonCam\EasyMIC.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll,c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

mako6 · Answer

Voila pour virus total ,

AhnLab-V3	2008.5.3.0	2008.05.02	-
AntiVir	7.8.0.11	2008.05.02	TR/Vundo.Gen
Authentium	4.93.8	2008.05.02	-
Avast	4.8.1169.0	2008.05.04	-
AVG	7.5.0.516	2008.05.03	-
BitDefender	7.2	2008.05.04	-
CAT-QuickHeal	9.50	2008.05.03	-
ClamAV	0.92.1	2008.05.04	-
DrWeb	4.44.0.09170	2008.05.04	-
eSafe	7.0.15.0	2008.04.28	-
eTrust-Vet	31.3.5755	2008.05.03	-
Ewido	4.0	2008.05.04	-
F-Prot	4.4.2.54	2008.05.04	W32/Virtumonde.N.gen!Eldorado
F-Secure	6.70.13260.0	2008.05.04	-
FileAdvisor	1	2008.05.04	-
Fortinet	3.14.0.0	2008.05.04	-
Ikarus	T3.1.1.26.0	2008.05.04	-
Kaspersky	7.0.0.125	2008.05.04	-
McAfee	5287	2008.05.02	-
Microsoft	1.3408	2008.04.22	Trojan:Win32/Vundo.gen!F
NOD32v2	3072	2008.05.03	a variant of Win32/Adware.Virtumonde
Norman	5.80.02	2008.05.02	Vundo.gen148
Panda	9.0.0.4	2008.05.04	-
Prevx1	V2	2008.05.04	-
Rising	20.42.62.00	2008.05.04	AdWare.Win32.Vundo.g
Sophos	4.29.0	2008.05.04	Troj/Virtum-Gen
Sunbelt	3.0.1097.0	2008.05.03	-
Symantec	10	2008.05.04	-
TheHacker	6.2.92.300	2008.05.03	-
VBA32	3.12.6.5	2008.05.03	-
VirusBuster	4.3.26:9	2008.05.03	Adware.Vundo.Gen!Pac.19
Webwasher-Gateway	6.6.2	2008.05.04	Trojan.Vundo.Gen
Information additionnelle
File size: 315728 bytes
MD5...: ef55f01211ea84fb3a07c285de6d79dc
SHA1..: 7acf0321c6c8730d54d735df142431fc66f6cf39
SHA256: ff058f7d9808c97595b35115becb9949d978b5b4e0fc4be59bf553a4f13f90fc
SHA512: d43428a7b6dc90881fb71954bfb9c12b91f8d58c02bd79df43a70b45f0075ce1
8b5a8ab267a4ddca77cdc61dc1b95559bad34e8a189884fa0c6c64a9bbbae4b1
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10099377
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x69000 0x39c00 8.00 decf89433d0db4439fb765dff9c71ae7
.rdata 0x6a000 0x16000 0x9200 7.99 e0b2f5cd132506ff553d671db48dab90
.data 0x80000 0x9000 0xc00 7.94 18d67ddfdb9919e4108961b4e60facee
.rsrc 0x89000 0x8000 0x2000 7.98 1e0129a37e07cbcff72a68c469600d5e
.reloc 0x91000 0x8000 0x5200 7.99 bdb0d33aeb85338ed55e514194c6b135
.aspack 0x99000 0x2000 0x14f0 5.38 034013d1dad237a030f50a699b28918f

( 3 imports )
> KERNEL32.dll: VirtualFree, ExitProcess, LoadLibraryA, VirtualAlloc, VirtualProtect, GetProcAddress
> USER32.dll: BeginDeferWindowPos, GetCursorPos
> GDI32.dll: LineTo, CreateCompatibleDC

( 0 exports )

jlpjlp · Answer

analyse aussi ce fichier sur virus total et si infécté tu le rajoute dans otmovit

C:\Windows\system32\MRT.exe

_______________

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

____________________



 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

mako6 · Answer

J'ai quoi comme virus ?

jlpjlp · Answer

désactive la protection avast puis recommence un scan en ligne:




 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
http://www.secuser.com/outils/antivirus_installation.htm

scan en ligne firefox
	
https://www.trendmicro.com/fr_fr/business.html

 
si impossible telecharge:
bit defender free, scan avec et colle un rapport

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html

jlpjlp · Answer

ok

vire les cracks dans emule  


C:\Program Files\eMule2\Incoming


______________

vire ce qui est en quarantaine dans bitdefender free

______________

scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

__________


recolle un hijackhtis et dis tes soucis actuels 
(verifie aussi que bitdefender free ne trouve plus d'infection)

mako6 · Answer

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 722

Type de recherche: Examen rapide
Eléments examinés: 33957
Temps écoulé: 5 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcb9d8e52 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8aebdce (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll (Trojan.Agent) -> No action taken.
C:\Users\Gardes\AppData\Local\Temp\braxovol.dll (Trojan.Agent) -> No action taken.
C:\Users\Gardes\AppData\Local\Temp\omhrjdyn.dll (Trojan.Agent) -> No action taken.


Voila le rapport de anti malware .

mako6 · Answer

Voila le hijakthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:52, on 06/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\system32	askeng.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\EasyMIC.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32undll32.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - c:\program files\LAB\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [EasyMIC] C:\Windows\BisonCam\EasyMIC.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll,c
O4 - HKCU\..\Run: [BMcb9d8e52] Rundll32.exe "C:\Users\Gardes\AppData\Local\Temp\braxovol.dll",s
O4 - HKCU\..\Run: [c8aebdce] rundll32.exe "C:\Users\Gardes\AppData\Local\Temp\omhrjdyn.dll",b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satelliteaysat_3dsMax2009_32server.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

jlpjlp · Answer

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\Users\Gardes\AppData\Local\Temp\efCVPfcb.dll
C:\Users\Gardes\AppData\Local\Temp\braxovol.dll
C:\Users\Gardes\AppData\Local\Temp\omhrjdyn.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

____________________

recolle ensuite un rapport combofix svp et dis tes soucis actuels

[virus] Je crois etre infecté

12 réponses

Votre réponse

Discussions similaires

Newsletters