Encore un hijackthis
krimou83
Messages postés
15
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
j'ai un probléme de fentres publicitaire qui se lancent de temps en temps en plus le pc devient de plus en plus! j'ai fais fais desscan avec spyware doctor et mcafee security center sans resultats! j'espere un petite aide de chez vous :D voila mon hijackthis si ca vous dit quelque chose : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:57, on 03-08-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
d:\Spyware Doctor\pctsAuxs.exe
d:\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
d:\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Users\k\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISTray] "d:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\k\AppData\Local\Temp\pmnNdcyY.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\k\AppData\Local\Temp\fccccYon.dll,c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BM8f9f38b6] Rundll32.exe "C:\Users\k\AppData\Local\Temp\cbjqyuiu.dll",s
O4 - HKCU\..\Run: [8cac0b2a] rundll32.exe "C:\Users\k\AppData\Local\Temp\kqilnnva.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB02C06C-2739-401A-9B1A-5ADAC2180061}: NameServer = 212.217.0.1 212.217.0.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Spyware Doctor\pctsSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
j'ai un probléme de fentres publicitaire qui se lancent de temps en temps en plus le pc devient de plus en plus! j'ai fais fais desscan avec spyware doctor et mcafee security center sans resultats! j'espere un petite aide de chez vous :D voila mon hijackthis si ca vous dit quelque chose : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:57, on 03-08-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
d:\Spyware Doctor\pctsAuxs.exe
d:\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
d:\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Users\k\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISTray] "d:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\k\AppData\Local\Temp\pmnNdcyY.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\k\AppData\Local\Temp\fccccYon.dll,c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BM8f9f38b6] Rundll32.exe "C:\Users\k\AppData\Local\Temp\cbjqyuiu.dll",s
O4 - HKCU\..\Run: [8cac0b2a] rundll32.exe "C:\Users\k\AppData\Local\Temp\kqilnnva.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB02C06C-2739-401A-9B1A-5ADAC2180061}: NameServer = 212.217.0.1 212.217.0.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Spyware Doctor\pctsSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Encore un hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Entraide Hijackthis ✓ - Forum Virus
- Analyse HiJackThis - Forum Virus
- Raport hijackthis - Forum Virus
- Demande d'aide pour un Log Hijackthis - Forum Virus
17 réponses
Salut,
Tu as une grosse infection Vundo/Virtumonde.
---> Désactive l'UAC le temps de la désinfection :
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Tu as une grosse infection Vundo/Virtumonde.
---> Désactive l'UAC le temps de la désinfection :
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Bonjour, cliquez le lien suivant:
http://www.commentcamarche.net/faq/sujet 2436 securite hijackthis et logiciels de desinfection
et vous verrez que effectivement votre système est infecté (010, 013, ...).
http://www.commentcamarche.net/faq/sujet 2436 securite hijackthis et logiciels de desinfection
et vous verrez que effectivement votre système est infecté (010, 013, ...).
Re-bonjour krimou83,
nous avons été 2 à vous répondre, or JeSen je suis, et ne sais pas si vous vous adressez à moi ou au second lequel a été le 1er à vous répondre ...Cependant je ne puis vous instruire davantage, sinon que de vous conformer à 010, 013, 017 et 018 qui attestent que votre système est infecté. Si telle était mon infection, je tenterais d'accéder depuis C\ pour neutraliser les logiciels-voyous incriminés en les détruisant manuellement. Sans risquer me tromper de beaucoup, les ayant identifiés grâce à HijackThis je les ferais disparaître en 1 click. Toutefois cette procédure manuelle reste à être confirmée par qqn d'expérimenté ...plus que je ne le suis car, en agissant de cette façon manuelle, vous ne devez surtout pas vous manquez!
nous avons été 2 à vous répondre, or JeSen je suis, et ne sais pas si vous vous adressez à moi ou au second lequel a été le 1er à vous répondre ...Cependant je ne puis vous instruire davantage, sinon que de vous conformer à 010, 013, 017 et 018 qui attestent que votre système est infecté. Si telle était mon infection, je tenterais d'accéder depuis C\ pour neutraliser les logiciels-voyous incriminés en les détruisant manuellement. Sans risquer me tromper de beaucoup, les ayant identifiés grâce à HijackThis je les ferais disparaître en 1 click. Toutefois cette procédure manuelle reste à être confirmée par qqn d'expérimenté ...plus que je ne le suis car, en agissant de cette façon manuelle, vous ne devez surtout pas vous manquez!
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila j'ai fais tous ca! a la fin du scan il m'a dit k'il ne peut pas supprimer certains fichiers! voila le rapport et merci encore.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1018
Windows 6.0.6001 Service Pack 1
11:55:23 2008-08-03
mbam-log-8-3-2008 (11-55-23).txt
Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 109950
Temps écoulé: 24 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Users\k\AppData\Local\Temp\fccccYon.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6bb319dd-d012-4472-b5b2-012b4ef56613} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6bb319dd-d012-4472-b5b2-012b4ef56613} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef783f5d-2305-4617-bd82-08aaebbe61ac} (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f9f38b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f9f38b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8cac0b2a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8cac0b2a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef783f5d-2305-4617-bd82-08aaebbe61ac} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\users\k\appdata\local\temp\fccccyon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\k\appdata\local\temp\fccccyon -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\k\AppData\Local\Temp\fccccYon.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\k\AppData\Local\Temp\noYccccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\noYccccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\cbjqyuiu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\kqilnnva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSV1FUZI\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAIC2MC6\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\aqyeueog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\jpixyfpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXPJBUL.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnmklIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyvtuTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1018
Windows 6.0.6001 Service Pack 1
11:55:23 2008-08-03
mbam-log-8-3-2008 (11-55-23).txt
Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 109950
Temps écoulé: 24 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Users\k\AppData\Local\Temp\fccccYon.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6bb319dd-d012-4472-b5b2-012b4ef56613} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6bb319dd-d012-4472-b5b2-012b4ef56613} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef783f5d-2305-4617-bd82-08aaebbe61ac} (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f9f38b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f9f38b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8cac0b2a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8cac0b2a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef783f5d-2305-4617-bd82-08aaebbe61ac} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\users\k\appdata\local\temp\fccccyon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\k\appdata\local\temp\fccccyon -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\k\AppData\Local\Temp\fccccYon.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\k\AppData\Local\Temp\noYccccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\noYccccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\cbjqyuiu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\kqilnnva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSV1FUZI\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAIC2MC6\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\aqyeueog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\k\AppData\Local\Temp\jpixyfpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXPJBUL.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnmklIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyvtuTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
windows le ferme tjs! voila les detail du probleme :signature du problème :
Nom d’événement de problème: APPCRASH
Nom de l’application: CF6329.exe
Version de l’application: 6.0.6001.18000
Horodatage de l'application: 47918bde
Nom du module par défaut: ntdll.dll
Version du module par défaut: 6.0.6001.18000
Horodateur du module par défaut: 4791a7a6
Code de l’exception: c00000fd
Décalage de l’exception: 0005a19f
Version du système: 6.0.6001.2.1.0.768.11
Identificateur de paramètres régionaux: 6145
Information supplémentaire n° 1: 0b76
Information supplémentaire n° 2: bd41c29e658711466227a0cfd61c149c
Information supplémentaire n° 3: 8b88
Information supplémentaire n° 4: 352d9171cc0806a4726d964f980d9957
Nom d’événement de problème: APPCRASH
Nom de l’application: CF6329.exe
Version de l’application: 6.0.6001.18000
Horodatage de l'application: 47918bde
Nom du module par défaut: ntdll.dll
Version du module par défaut: 6.0.6001.18000
Horodateur du module par défaut: 4791a7a6
Code de l’exception: c00000fd
Décalage de l’exception: 0005a19f
Version du système: 6.0.6001.2.1.0.768.11
Identificateur de paramètres régionaux: 6145
Information supplémentaire n° 1: 0b76
Information supplémentaire n° 2: bd41c29e658711466227a0cfd61c149c
Information supplémentaire n° 3: 8b88
Information supplémentaire n° 4: 352d9171cc0806a4726d964f980d9957
L'UAC est bien désactivé ?
Si oui, fais la manip' avec ComboFix en mode sans échec :
https://blog.sosordi.net/
Si oui, fais la manip' avec ComboFix en mode sans échec :
https://blog.sosordi.net/
C'est dommage.
On m'a dit que SuperAntispyware était performant contre Vundo. On va voir ça.
Fais un scan avec SuperAntispyware :
https://www.malekal.com/tutoriel-et-guide-superantispyware/
On m'a dit que SuperAntispyware était performant contre Vundo. On va voir ça.
Fais un scan avec SuperAntispyware :
https://www.malekal.com/tutoriel-et-guide-superantispyware/
c'est fait! voila le log:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 08/03/2008 at 01:33 PM
Application Version : 4.15.1000
Core Rules Database Version : 3524
Trace Rules Database Version: 1514
Scan type : Quick Scan
Total Scan Time : 00:20:50
Memory items scanned : 562
Memory threats detected : 2
Registry items scanned : 451
Registry threats detected : 5
File items scanned : 17299
File threats detected : 21
Adware.Vundo/Variant-Gen6
C:\WINDOWS\SYSTEM32\FXMBHHNJ.DLL
C:\WINDOWS\SYSTEM32\FXMBHHNJ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}
HKCR\CLSID\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}
HKCR\CLSID\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}\InprocServer32
HKCR\CLSID\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}\InprocServer32#ThreadingModel
Adware.Vundo Variant/Resident
C:\USERS\K\APPDATA\LOCAL\TEMP\FCCCCYON.DLL
C:\USERS\K\APPDATA\LOCAL\TEMP\FCCCCYON.DLL
Adware.Tracking Cookie
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@serving-sys[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@eas.apm.emediate[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@bs.serving-sys[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@media6degrees[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@insightexpressai[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ads.pointroll[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@adbrite[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@arabsexweb[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@xiti[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ads.widgetbucks[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@m1.webstats.motigo[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@atdmt[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@adultadworld[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ad2.doublepimp[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@tradedoubler[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ad.yieldmanager[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@revsci[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@doubleclick[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@smartadserver[2].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 08/03/2008 at 01:33 PM
Application Version : 4.15.1000
Core Rules Database Version : 3524
Trace Rules Database Version: 1514
Scan type : Quick Scan
Total Scan Time : 00:20:50
Memory items scanned : 562
Memory threats detected : 2
Registry items scanned : 451
Registry threats detected : 5
File items scanned : 17299
File threats detected : 21
Adware.Vundo/Variant-Gen6
C:\WINDOWS\SYSTEM32\FXMBHHNJ.DLL
C:\WINDOWS\SYSTEM32\FXMBHHNJ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}
HKCR\CLSID\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}
HKCR\CLSID\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}\InprocServer32
HKCR\CLSID\{1A904AFE-E359-4EC3-BFCC-1412C9C09C5A}\InprocServer32#ThreadingModel
Adware.Vundo Variant/Resident
C:\USERS\K\APPDATA\LOCAL\TEMP\FCCCCYON.DLL
C:\USERS\K\APPDATA\LOCAL\TEMP\FCCCCYON.DLL
Adware.Tracking Cookie
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@serving-sys[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@eas.apm.emediate[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@bs.serving-sys[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@media6degrees[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@insightexpressai[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ads.pointroll[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@adbrite[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@arabsexweb[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@xiti[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ads.widgetbucks[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@m1.webstats.motigo[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@atdmt[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@adultadworld[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ad2.doublepimp[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@tradedoubler[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@ad.yieldmanager[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@revsci[2].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@doubleclick[1].txt
C:\Users\k\AppData\Roaming\Microsoft\Windows\Cookies\k@smartadserver[2].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
---> Supprime ce qu'il y a dans la quarantaine puis supprime SuperAntispyware
---> Relance MBAM, va dans Quarantaine et supprime tout
---> Relance MBAM, va dans Quarantaine et supprime tout
c fait, en plus j'ai refais un scan avec MBAM dont le rapport et celui ci
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1018
Windows 6.0.6001 Service Pack 1
15:19:46 2008-08-03
mbam-log-8-3-2008 (15-19-46).txt
Type de recherche: Examen rapide
Eléments examinés: 35570
Temps écoulé: 5 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a904afe-e359-4ec3-bfcc-1412c9c09c5a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a904afe-e359-4ec3-bfcc-1412c9c09c5a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\k\AppData\Local\Temp\fccccYon.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1018
Windows 6.0.6001 Service Pack 1
15:19:46 2008-08-03
mbam-log-8-3-2008 (15-19-46).txt
Type de recherche: Examen rapide
Eléments examinés: 35570
Temps écoulé: 5 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a904afe-e359-4ec3-bfcc-1412c9c09c5a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a904afe-e359-4ec3-bfcc-1412c9c09c5a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\k\AppData\Local\Temp\fccccYon.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Deckard's System Scanner v20071014.68
Run by k on 2008-08-03 15:34:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
6: 2008-08-03 14:12:08 UTC - RP203 - Removed SUPERAntiSpyware Free Edition
5: 2008-08-03 12:08:59 UTC - RP202 - Installed SUPERAntiSpyware Free Edition
4: 2008-08-03 11:44:27 UTC - RP201 - ComboFix created restore point
3: 2008-08-03 11:13:01 UTC - RP200 - ComboFix created restore point
2: 2008-08-03 02:29:45 UTC - RP199 - ComboFix created restore point
-- First Restore Point --
1: 2008-07-30 15:02:03 UTC - RP198 - Removed Nero 8. Available with Windows Installer version 1.2 and later.
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 83% (more than 75%).[/color]
[color=red]Total Physical Memory: 1014 MiB (1024 MiB recommended).[/color]
-- HijackThis (run as k.exe) ---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36, on 2008-08-03
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\k\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Users\k\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\k.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [BM8f9f38b6] Rundll32.exe "C:\Windows\system32\fxmbhhnj.dll",s
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB02C06C-2739-401A-9B1A-5ADAC2180061}: NameServer = 212.217.0.1 212.217.0.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Spyware Doctor\pctsSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Run by k on 2008-08-03 15:34:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
6: 2008-08-03 14:12:08 UTC - RP203 - Removed SUPERAntiSpyware Free Edition
5: 2008-08-03 12:08:59 UTC - RP202 - Installed SUPERAntiSpyware Free Edition
4: 2008-08-03 11:44:27 UTC - RP201 - ComboFix created restore point
3: 2008-08-03 11:13:01 UTC - RP200 - ComboFix created restore point
2: 2008-08-03 02:29:45 UTC - RP199 - ComboFix created restore point
-- First Restore Point --
1: 2008-07-30 15:02:03 UTC - RP198 - Removed Nero 8. Available with Windows Installer version 1.2 and later.
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 83% (more than 75%).[/color]
[color=red]Total Physical Memory: 1014 MiB (1024 MiB recommended).[/color]
-- HijackThis (run as k.exe) ---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36, on 2008-08-03
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\k\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Users\k\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\k.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [BM8f9f38b6] Rundll32.exe "C:\Windows\system32\fxmbhhnj.dll",s
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB02C06C-2739-401A-9B1A-5ADAC2180061}: NameServer = 212.217.0.1 212.217.0.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Spyware Doctor\pctsSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
- Télécharge Rav d'Evosla sur ton bureau :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix
- Clique droit sur le fichier rav.zip, puis "Extraire Ici".
- Doucle-clique sur "rav.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix
- Clique droit sur le fichier rav.zip, puis "Extraire Ici".
- Doucle-clique sur "rav.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
j'ai essayé ce rav mais il se plante a chaque fois! il n a trouvé que le virus autorun sur le flash disk puis il reste comme s'il scan ms sans fin!!! est qu i l ya une incompatibilité entre le combofix et le vista! parseque la plupart des usagers ici au forum quui ont vista trouve le meme probleme! (le programme se ferme par windows)
j'ai essayé de faire ce ke tu as dis mais le probléme c est que l'antivirus ne veut pas se fermer :S meme si je termine le processus de toute l'arborisation avec le gestionnaire de taches! iil se relance dés ke j'execute combofix j'ai essayé de lancer combofix comme meme ms windows me dit k'il doit fermer le programme a chaque fois