Hijackthis TROJAN Résolu

Question

Bonjour a tous,
Pouvez Vous regarder si dans mon rapport Hijackthis il y a des trojans ( Il y a vundo/virtumonde spybot et Macaffe les detectes) et comment les enlever(spybot les supprimes et au redémarrage POUF! y réapparaissent!! et mac affe bah n'en parlons pas...^^)
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:22, on 12/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32undll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32undll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Users\Baptiste\winlogon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32undll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {20F9EC83-5F3A-469E-8B5D-D8518D7BF2B6} - (no file)
O2 - BHO: (no name) - {30B57E4F-D6A4-4B25-A90F-742645A3342A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5675B298-5E4A-4171-81A2-9BA171038185} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: {78e4a339-1227-bdf8-5654-0da5a65f147f} - {f741f56a-5ad0-4565-8fdb-7221933a4e87} - C:\Windows\system32\wpykys.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyvsTkl.dll,#1
O4 - HKLM\..\Run: [BM8761526d] Rundll32.exe "C:\Windows\system32\jvvglayw.dll",s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Baptiste\winlogon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Baptiste\AppData\Local\Temp\khfGxWpm.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [845261f1] rundll32.exe "C:\Users\Baptiste\AppData\Local\Temp\sdlyskhv.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BM8761526d] Rundll32.exe "C:\Windows\system32\jvvglayw.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} (CDownloader Object) - http://a69.g.akamai.net/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Salut,


Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

varfendell · Answer

Bonjour,

Télécharger Vundofix.exe (par Atribune) sur votre Bureau.

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton fix Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, ouvrez le et copiez le rapport
    * Refaire un rapport hijackthis,

batok · Answer

Pour vundo fix Rien du tout ... Mais je vais essayer l'autre ;D

batok · Answer

Ouuuuahhhh Purrréééééééé ca fait meme pas 1 min et deja 30 fichiers INFECTES!!!!

Georgette · Answer

Salut batok il suffit juste de telecharger le logiciel claudette va sur  http://claudettevirus.fr 
ensuite tu va dns fichier ouvrir georgette et tu fe scanner micheline et la tu trouvera la source de ton fichier moricette ki te permettra que ton ordi retrouve ta forme

batok · Answer

Combien De temps dure Lanalyse Parce que la ca fait plus D'une heure!

batok · Answer

Voici Le rapport de Malwares Bytes: Avec Les Trojans Suprimés:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 6.0.6001 Service Pack 1

20:21:45 12/08/2008
mbam-log-8-12-2008 (20-21-45).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 146816
Temps écoulé: 1 hour(s), 40 minute(s), 24 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 81

Processus mémoire infecté(s):
C:\Users\Baptiste\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Users\Baptiste\AppData\Local\Temp\sdlyskhv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Baptiste\AppData\Local\Temp
nnnMEtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\wpykys.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f741f56a-5ad0-4565-8fdb-7221933a4e87} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f741f56a-5ad0-4565-8fdb-7221933a4e87} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\845261f1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Applicationedc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8761526d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8761526d (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\wpykys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXOEvuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vuvEOXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vuvEOXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcDvWMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\CMWvDcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\CMWvDcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcAPHYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\PYHPAcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\PYHPAcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\geBrSMfG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\GfMSrBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\GfMSrBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32qRHWpPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gPpWHRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	uvTnNEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	ENnTvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUmmKAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32AKmmUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32AKmmUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\sdlyskhv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Baptiste\AppData\Local\Temp
nnnMEtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyvsTkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\opnnkige.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\pmnlmnND.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\pmnOHxYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\qwupheir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\ssqQkIYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp00008ada (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0000c3ad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0000d512 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0000e520 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0000e985 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0000f5d9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0000ff7e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0001022d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp0001148c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp00013776 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp00023166 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	mp003d6558 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	uvULeec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	uvULEuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp	uvWmLEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\urqqrRIX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\vtUmMcYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\yayxyaaX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\awtsTNeF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\ddcCUmKA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\ddcYpmnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\efcASlIB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\efcDUmkK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\fccyXrPG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\hgGyxXoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\ljJDTJBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp
axhhqdv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp
nnkLcDu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\opnlLcyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Baptiste\AppData\Local\Temp\yayyWnon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\alvxgsvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXPJYrq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ckyhkqxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifeccaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32qRLcBtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\unfwvwue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kvethuqd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kwecfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Baptiste\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\xxywxUkI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jvvglayw.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32	uvTmMge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnOGvwW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcBSLDT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXNdApn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32qRIbyAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXPFYSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXPiJdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXRijhG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGyVpol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifddaXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

batok · Answer

Voici le rapport:
ComboFix 08-08-12.01 - Baptiste 2008-08-13 9:54:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1271 [GMT 2:00]
Endroit: C:\Users\Baptiste\Desktop\Téléchargements\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\aceKkUvw.ini
C:\Windows\System32\aceKkUvw.ini2
C:\Windows\system32\akknntno.ini
C:\Windows\system32\aphosaiw.ini
C:\Windows\system32\bbefLRqr.ini
C:\Windows\System32\bbefLRqr.ini2
C:\Windows\system32\bgwalmha.ini
C:\Windows\system32\bmbhpeku.ini
C:\Windows\system32\bnxqfpan.ini
C:\Windows\system32\bqnbgvvp.dll
C:\Windows\system32\buyxehma.dll
C:\Windows\system32\bwtrofji.ini
C:\Windows\System32\bxbjwnqc.ini
C:\Windows\system32\cabkaujg.ini
C:\Windows\system32\dhrjsz.dll
C:\Windows\system32\dvjivveh.ini
C:\Windows\System32\edwjimtf.ini
C:\Windows\system32\enxcxcpi.dll
C:\Windows\system32\eypkinkq.ini
C:\Windows\system32\fjdrpkdc.ini
C:\Windows\System32\fmrymkyb.ini
C:\Windows\system32\fsekvdci.dll
C:\Windows\system32\fverhv.dll
C:\Windows\system32\hifnpxhg.dll
C:\Windows\System32\hjjSstwa.ini
C:\Windows\System32\hjjSstwa.ini2
C:\Windows\System32\hjjSvyay.ini
C:\Windows\System32\hjjSvyay.ini2
C:\Windows\System32\hPsvDcdd.ini
C:\Windows\System32\hPsvDcdd.ini2
C:\Windows\system32\htukstlm.dll
C:\Windows\system32\hvtclr.dll
C:\Windows\system32\iesguhen.dll
C:\Windows\system32\iinnsfqi.dll
C:\Windows\system32\iqkbhvvb.dll
C:\Windows\system32\iwwtdbjh.dll
C:\Windows\System32\JkkRAcfe.ini
C:\Windows\System32\JkkRAcfe.ini2
C:\Windows\system32\julhxxvc.ini
C:\Windows\system32\kjyocrmo.ini
C:\Windows\system32\knqygb.dll
C:\Windows\system32\ljiuypgk.ini
C:\Windows\System32\loUwxFii.ini
C:\Windows\System32\loUwxFii.ini2
C:\Windows\system32\mjlkhdmn.ini
C:\Windows\System32\MnVybcfe.ini
C:\Windows\System32\MnVybcfe.ini2
C:\Windows\system32\mooplagc.ini
C:\Windows\system32\MSINET.oca
C:\Windows\system32\njjtnrpp.dll
C:\Windows\system32\nptcdicr.dll
C:\Windows\system32\nysrwpfb.ini
C:\Windows\system32\pmtytl.dll
C:\Windows\System32\PYJTuutv.ini
C:\Windows\System32\PYJTuutv.ini2
C:\Windows\system32\qhcxokhi.ini
C:\Windows\system32\qphpbncu.dll
C:\Windows\system32\qvskwqjx.dll
C:\Windows\system32\raaopkev.ini
C:\Windows\system32\rqnwfqxo.ini
C:\Windows\system32\ruvqmgbf.ini
C:\Windows\System32\slheqsrg.ini
C:\Windows\system32\trbjguet.dll
C:\Windows\System32\tuttvyxx.ini
C:\Windows\System32\tuttvyxx.ini2
C:\Windows\system32\udnipfip.dll
C:\Windows\system32\ufwpleam.dll
C:\Windows\system32\unwohv.dll
C:\Windows\system32\viudscny.ini
C:\Windows\system32\vufobket.ini
C:\Windows\system32\vujscx.dll
C:\Windows\system32\vvybayxx.ini
C:\Windows\System32\vvybayxx.ini2
C:\Windows\system32\wbrpgyun.dll
C:\Windows\system32\wmrjtqmf.dll
C:\Windows\System32\xwGhRXyb.ini
C:\Windows\System32\xwGhRXyb.ini2
C:\Windows\System32\ygprxrrf.ini
C:\Windows\System32\ygprxrrf.ini2
C:\Windows\System32\ygprxrrf.tmp
C:\Windows\system32\YIOorBeg.ini
C:\Windows\System32\YIOorBeg.ini2
C:\Windows\system32\yivbtmlm.dll
C:\Windows\system32\yomuxcpb.dll
C:\Windows\system32\yowcaaef.ini
C:\Windows\system32\zyklls.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
.

2008-08-12 18:36 . 2008-08-12 18:36 <REP> d-------- C:\Users\Baptiste\AppData\Roaming\Malwarebytes
2008-08-12 18:36 . 2008-08-12 18:36 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-12 18:36 . 2008-08-12 18:36 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-12 18:36 . 2008-08-12 18:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 18:36 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-12 18:36 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-12 18:16 . 2008-08-12 18:16 77 --a------ C:\Users\Baptiste\3552.bat
2008-08-12 17:30 . 2008-08-12 17:30 <REP> d-------- C:\VundoFix Backups
2008-08-12 17:23 . 2008-08-12 17:23 <REP> d-------- C:\Program Files\Trend Micro
2008-08-12 08:21 . 2008-08-12 08:21 77 --a------ C:\Users\Baptiste\3608.bat
2008-08-11 12:44 . 2008-08-11 12:44 77 --a------ C:\Users\Baptiste\3311.bat
2008-08-11 12:11 . 2008-08-11 12:11 77 --a------ C:\Users\Baptiste\2273.bat
2008-08-11 10:35 . 2008-08-11 16:04 <REP> d-------- C:\Program Files\World of Warcraft
2008-08-11 10:35 . 2008-08-11 10:57 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-08-11 10:33 . 2008-08-11 10:33 77 --a------ C:\Users\Baptiste\8014.bat
2008-08-10 17:52 . 2008-08-10 17:52 77 --a------ C:\Users\Baptiste\7434.bat
2008-08-10 13:42 . 2008-08-10 13:42 77 --a------ C:\Users\Baptiste\4987.bat
2008-08-10 13:24 . 2008-08-10 13:24 77 --a------ C:\Users\Baptiste\8799.bat
2008-08-10 11:20 . 2008-08-10 11:20 77 --a------ C:\Users\Baptiste\9687.bat
2008-08-09 22:16 . 2008-08-09 22:16 <REP> d-------- C:\Users\Baptiste\AppData\Roaming\Micro Application
2008-08-09 22:13 . 2008-08-12 21:23 <REP> d-a------ C:\Users\All Users\TEMP
2008-08-09 22:13 . 2008-08-12 21:23 <REP> d-a------ C:\ProgramData\TEMP
2008-08-09 22:12 . 2008-08-09 22:12 <REP> d-------- C:\Program Files\Micro Application
2008-08-09 19:56 . 2008-08-09 19:56 77 --a------ C:\Users\Baptiste\8822.bat
2008-08-09 19:38 . 2008-08-09 19:38 77 --a------ C:\Users\Baptiste\9357.bat
2008-08-09 19:34 . 2008-08-09 19:34 77 --a------ C:\Users\Baptiste\3084.bat
2008-08-09 17:55 . 2008-08-09 17:55 77 --a------ C:\Users\Baptiste\4011.bat
2008-08-07 16:06 . 2008-08-07 16:06 77 --a------ C:\Users\Baptiste\3176.bat
2008-07-26 11:51 . 2008-07-26 11:51 77 --a------ C:\Users\Baptiste\2465.bat
2008-07-25 15:44 . 2008-07-25 15:44 77 --a------ C:\Users\Baptiste\1861.bat
2008-07-23 11:52 . 2008-07-23 11:52 77 --a------ C:\Users\Baptiste\5247.bat
2008-07-23 11:43 . 2008-07-23 11:43 <REP> d-------- C:\Temp\epr1
2008-07-23 11:43 . 2008-07-23 11:43 77 --a------ C:\Users\Baptiste\1328.bat
2008-07-21 21:45 . 2008-07-21 21:45 77 --a------ C:\Users\Baptiste\7187.bat
2008-07-21 21:26 . 2008-07-21 21:26 77 --a------ C:\Users\Baptiste\2823.bat
2008-07-20 19:47 . 2008-07-20 19:47 77 --a------ C:\Users\Baptiste\3138.bat
2008-07-20 10:15 . 2008-07-20 10:15 77 --a------ C:\Users\Baptiste\6140.bat
2008-07-19 19:58 . 2008-07-19 19:58 77 --a------ C:\Users\Baptiste\6949.bat
2008-07-19 13:53 . 2008-07-21 21:26 <REP> d-------- C:\Windows\System32\carH18
2008-07-19 13:53 . 2008-07-19 13:53 <REP> d-------- C:\Temp\btxv15
2008-07-19 13:53 . 2008-07-19 13:53 77 --a------ C:\Users\Baptiste\1069.bat
2008-07-18 22:10 . 2008-07-18 22:10 77 --a------ C:\Users\Baptiste\3772.bat
2008-07-17 10:38 . 2008-07-18 09:49 <REP> d-------- C:\Windows\System32\aumsDK18
2008-07-17 10:38 . 2008-07-17 10:38 <REP> d-------- C:\Temp\zpv201
2008-07-17 10:38 . 2008-07-23 11:43 <REP> d-------- C:\Temp
2008-07-14 20:42 . 2008-08-12 20:49 <REP> d-------- C:\Users\All Users\Google Updater
2008-07-14 20:42 . 2008-08-12 20:49 <REP> d-------- C:\ProgramData\Google Updater
2008-07-14 13:11 . 2008-07-14 13:11 77 --a------ C:\Windows\System32\3650.bat
2008-07-13 19:37 . 2008-07-13 19:37 77 --a------ C:\Windows\System32\1947.bat
2008-07-13 13:50 . 2008-07-13 13:50 77 --a------ C:\Windows\System32\7267.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 19:24 --------- d-----w C:\Program Files\Steam
2008-08-12 18:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-12 15:22 --------- d-----w C:\Users\Baptiste\AppData\Roaming\Skype
2008-08-12 14:00 --------- d-----w C:\Users\Baptiste\AppData\Roaming\skypePM
2008-08-10 20:19 --------- d-----w C:\Program Files\Shareaza
2008-08-10 20:14 --------- d-----w C:\Program Files\EA SPORTS
2008-08-10 20:12 --------- d-----w C:\Program Files\Windows Live
2008-08-09 16:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-25 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 19:10 --------- d-----w C:\Users\Baptiste\AppData\Roaming\temp
2008-07-18 20:04 319,984 ----a-w C:\Windows\DIFxAPI.dll
2008-07-18 10:55 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-14 18:44 --------- d-----w C:\Program Files\Google
2008-07-10 16:18 --------- d-----w C:\Users\Baptiste\AppData\Roaming\OFFICEOne7
2008-07-10 15:14 --------- d--h--r C:\Users\Baptiste\AppData\Roaming\SecuROM
2008-07-10 11:59 --------- d-----w C:\ProgramData\Apple Computer
2008-07-10 11:59 --------- d-----w C:\Program Files\iTunes
2008-07-10 11:59 --------- d-----w C:\Program Files\iPod
2008-07-10 11:58 --------- d-----w C:\Program Files\QuickTime
2008-07-10 11:49 --------- d-----w C:\Program Files\Apple Software Update
2008-07-10 09:03 --------- d-----w C:\Users\Baptiste\AppData\Roaming\teamspeak2
2008-07-06 20:00 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-06 06:18 --------- d-----w C:\Users\Baptiste\AppData\Roaming\SiteAdvisor
2008-07-06 06:18 --------- d-----w C:\Program Files\McAfee
2008-07-05 19:15 --------- d-----w C:\ProgramData\McAfee
2008-07-05 19:13 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-05 19:12 --------- d-----w C:\Program Files\McAfee.com
2008-07-05 15:15 --------- d-----w C:\Program Files\Executive Software
2008-07-03 08:58 --------- d-----w C:\ProgramData\Lavasoft
2008-07-02 16:15 --------- d-----w C:\ProgramData\Grisoft
2008-07-02 12:02 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-01 15:28 --------- d-----w C:\Users\Baptiste\AppData\Roaming\LimeWire
2008-06-30 19:56 --------- d-----w C:\Program Files\PhotoFiltre
2008-06-28 18:42 --------- d-----w C:\Users\Baptiste\AppData\Roaming\Download Manager
2008-06-24 16:44 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-20 16:07 22,328 ----a-w C:\Users\Baptiste\AppData\Roaming\PnkBstrK.sys
2008-06-13 14:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-12 07:52 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-12 07:52 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-20 17:47 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 20:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 36864 C:\Windows\System32\P0620Pin.dll]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-07-14 20:42:34 137712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
backup=C:\Windows\pss\OFFICE One Startup v7.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-01-10 11:00 18944 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B559B2DC-5496-4020-B1F0-0CD40E0B507E}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{FCCD0253-8D47-4E85-B67D-3808F6029626}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{629CEC49-1CD2-4E07-8227-446F19E75D57}C:\\program files\\msn messenger\\livecall.exe"= UDP:C:\program files\msn messenger\livecall.exe:Windows Live Call
"UDP Query User{9AA0C895-3F0F-4E73-9285-645C69D42FF7}C:\\program files\\msn messenger\\livecall.exe"= TCP:C:\program files\msn messenger\livecall.exe:Windows Live Call
"{FF141F04-E4BD-4B3F-9CD0-42AD6B2F7F8E}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{0ECF79BF-F02A-47B2-95AF-D2F8214BFBF1}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{556EDB46-2AF6-4623-B0D6-F9B577ADAAE7}C:\\program files\\msn messenger\\livecall.exe"= UDP:C:\program files\msn messenger\livecall.exe:Windows Live Call
"UDP Query User{BAA8F71F-0470-47E1-AF57-D7DF7D8B8746}C:\\program files\\msn messenger\\livecall.exe"= TCP:C:\program files\msn messenger\livecall.exe:Windows Live Call
"TCP Query User{AF8511D3-239D-44D8-8054-A01FBAFC2E5A}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{899288A2-25F9-42F7-9198-2AF12F3B2D4A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{835EF4C9-F330-4769-9032-3151107DF341}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5A8F715F-5D38-47D9-8786-49191F70F646}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{2D37D68A-D25A-47C8-B4A0-09485D7F3E27}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{5C014702-E99F-4B4E-9BA6-C0237B47C91A}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{232CD805-5ADE-4BCE-A2BA-F9F85F54A028}C:\\program files\\american conquest\\dmcr.exe"= UDP:C:\program files\american conquest\dmcr.exe:dmcr
"UDP Query User{2FD26746-CE46-4E77-A95E-54B95A3062DF}C:\\program files\\american conquest\\dmcr.exe"= TCP:C:\program files\american conquest\dmcr.exe:dmcr
"{5116EA31-970F-4439-9890-DC3298AB1A2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F74E0F6-60DA-4AA4-B8B6-15E0CD73C362}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{868FD40B-663D-4538-B4AC-2B928D7A198B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{31FD4F7A-8C0C-425D-992B-9640B5A3F2C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1947B2E8-AC60-469A-9738-BB36D5E6FEC3}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{08DF7886-04A3-4246-BBDB-C5F26B9EF5EF}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{69D421E5-46FF-4DBF-87A9-8747099C15A9}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4688AD10-F3A5-4F28-ABE6-DA7B06558B9E}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{972CD139-CDF3-4735-990C-C29850AE176D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{ABE5BF2D-930C-46F7-80DC-F750DF7173B5}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= UDP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:BattlefrontII
"UDP Query User{678B5647-39B3-46FF-80B6-5410B5F33FB1}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= TCP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:BattlefrontII
"{5CAB8A5F-E4C7-440C-A618-323A1499C64D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D7FFBC40-BEE9-4C17-8D5C-327893133CB1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{76985FAD-A405-4747-A8DF-E3E23DCE4656}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{E965B13F-70B3-49DE-9304-23099A52B327}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{D1874496-16F5-47E3-818B-D729C6A216CB}C:\\program files\\steam\\steamapps\\batok80\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\batok80\counter-strike source\hl2.exe:hl2
"UDP Query User{44EC3FD5-6C48-4875-9900-79FA6F367C6A}C:\\program files\\steam\\steamapps\\batok80\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\batok80\counter-strike source\hl2.exe:hl2
"TCP Query User{2E9254D0-4A03-4094-82C4-B83A6C810D93}C:\\program files\\steam\\steamapps\\batok80\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\batok80\counter-strike source\hl2.exe:hl2
"UDP Query User{2CDC1326-27B5-4C6F-B00A-B6C2B7C46E21}C:\\program files\\steam\\steamapps\\batok80\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\batok80\counter-strike source\hl2.exe:hl2
"TCP Query User{B793AF43-BC0B-4DF0-9EC3-62CF3C9BE0CB}C:\\program files\\steam\\steamapps\\shuby26\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\shuby26\counter-strike source\hl2.exe:hl2
"UDP Query User{A86B78E5-E5D8-4641-9C7B-E58A9B2ED152}C:\\program files\\steam\\steamapps\\shuby26\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\shuby26\counter-strike source\hl2.exe:hl2
"{863C5A17-2F61-4C37-BA72-1C686AC6D764}"= Disabled:TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F245475E-0470-42FF-B9CF-FC69FAA03D0A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BFA0BD95-6DCB-4BB7-8ABF-60E0DDF282CE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{46C67163-84EC-4885-94DB-401A5B5F15C5}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{47DB8FCA-F0CC-453B-8408-DFE605DB980F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D19E4F4F-B9BB-4C9C-87D3-4E237BC9B0BB}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{60FFB62C-C440-4C81-BAB6-78727048B1AE}C:\\program files\\steam\\steamapps\\batok80\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\batok80\day of defeat source\hl2.exe:hl2
"UDP Query User{21CC7FD8-494A-4BD8-B8A6-C2A936A0C850}C:\\program files\\steam\\steamapps\\batok80\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\batok80\day of defeat source\hl2.exe:hl2
"{A44A4A9A-A121-468D-9FB8-F04A378DF22A}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{35BB800B-30EC-456B-965E-2F03491CB324}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{BF4E5D4C-D89C-4367-A311-7F0843F5EA8A}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{37A31F27-9648-442F-8690-68185293F772}"= Disabled:UDP:C:\Program Files\Dofus\Dofus.exe:Dofus
"{F1CA2557-9308-4098-9712-5C58D4C6961D}"= Disabled:TCP:C:\Program Files\Dofus\Dofus.exe:Dofus
"TCP Query User{EEC10AE8-6494-44D0-8EA2-3F4B6F3C3391}C:\\program files\\limewire\\limewire.exe"= Disabled:UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{ECC350C7-A2A6-4382-A8D9-CBE2194A717C}C:\\program files\\limewire\\limewire.exe"= Disabled:TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{AA82ADC5-9B8A-4D94-A6F2-C7054FF9747D}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{30A6EFEC-4E12-42B6-9F0E-FA9FECC7583C}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"{E692D86E-1FDF-48B7-808A-8BDE31F48A60}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{CDC61C69-9E5E-4BB7-92A4-F216B6013C7B}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{B0C81FD9-54E4-41A0-839A-ED1BE2167720}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{15BA3DCA-487B-4F91-9353-F3CAEEC967AE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{34A53531-B30D-4FC6-9951-55C418B39E94}"= UDP:80:port
"{6E7E14EA-CC78-4144-A183-C3E74EABF31E}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.2-frFR-downloader.exe:Blizzard Downloader
"{244641CC-8B3A-409C-B67B-C95E6D44A3A7}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.2-frFR-downloader.exe:Blizzard Downloader
"{5C2554FD-B579-444E-A334-6A5DBCB8D9A7}"= UDP:3724:Blizzard Downloader: 3724

S3 CAM1210;USB Video Camera;C:\Windows\system32\Drivers\cam1210.sys [2007-01-09 12:35]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 10:40]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\Windows\system32\DRIVERS\WlanUIG.sys [2005-06-17 10:27]
S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-17 17:25]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-13 C:\Windows\Tasks\Extension de garantie.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 18:38]

2008-07-05 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-05 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-13 C:\Windows\Tasks\Recovery DVD Creator.job
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 18:34]

2008-08-13 C:\Windows\Tasks\User_Feed_Synchronization-{2B3A0B5F-ECC2-4C37-BF0F-DDFA8B2911D2}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2008-08-13 C:\Windows\Tasks\User_Feed_Synchronization-{C7B050FE-E6D2-4761-8E44-CE3B74F3945A}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BM8761526d - C:\Windows\system32\jvvglayw.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Baptiste\AppData\Roaming\Mozilla\Firefox\Profiles\x3p5d5d7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.fr
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 09:59:32
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-13 10:05:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 08:05:00

Pre-Run: 159,255,937,024 octets libres
Post-Run: 159,105,622,016 octets libres

380 --- E O F --- 2008-07-03 08:16:13

batok · Answer

Je sens deja que ma machine rame moins!!

Utilisateur anonyme · Answer

salut

refais un scan hijackthis et post le rapport stp

batok · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:06, on 13/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} (CDownloader Object) - http://a69.g.akamai.net/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Fais un clic droit sur hijackthis
choisi executer en tant qu administrateur
fais scan only
coches ces lignes :

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) 

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab 
O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} (CDownloader Object) - http://a69.g.akamai.net/ 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab 

tu les coches et tu clic sur fix checked 


ensuite fais ceci :

Démarrer > Accessoire puis executer > tape : services.msc 

- Clic droit sur le service cité - Symantec Lic NetConnect service 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

ensuite désinstal java car pas a jours et telecharge et instal cette version :

https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com&File=jre-6u7-windows-i586-p-s.exe&AuthParam=1580978146_46494a57fbc0e7c89e79cfb72e28cd3a&ext=.exe
                               
idem pour adobe reader : http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe


ensuite :


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\Temp\zpv201
C:\Temp\btxv15 
C:\Temp\epr1 


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo): 


http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/


ensuite refais un scan hijackthis et post le rapport stp

batok · Answer

voila le 1er Rapport OT MOVEIT2
File/Folder C:\Temp\zpv201 not found.
File/Folder C:\Temp\btxv15 not found.
File/Folder C:\Temp\epr1 not found.
File/Folder  not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_215611

batok · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:08, on 13/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32undll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

j ai une question est ce que tu créé des fichiers .bat ??

batok · Answer

Je sais pas se que sais...^^lol

batok · Answer

pourquoi tu me demande ca?

Utilisateur anonyme · Answer

y a rien de grave t inkiete je regarde tes rapports

Utilisateur anonyme · Answer

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\Users\Baptiste\3552.bat 
C:\VundoFix Backups 
C:\Users\Baptiste\3608.bat 
C:\Users\Baptiste\3311.bat 
C:\Users\Baptiste\2273.bat 
C:\Users\Baptiste\3608.bat 
C:\Users\Baptiste\3311.bat 
C:\Users\Baptiste\2273.bat 
C:\Users\Baptiste\8014.bat 
C:\Users\Baptiste\7434.bat 
C:\Users\Baptiste\4987.bat 
C:\Users\Baptiste\8799.bat 
C:\Users\Baptiste\9687.bat 
C:\Users\Baptiste\8822.bat 
C:\Users\Baptiste\9357.bat 
C:\Users\Baptiste\3084.bat 
C:\Users\Baptiste\4011.bat 
C:\Users\Baptiste\3176.bat 
C:\Users\Baptiste\2465.bat 
C:\Users\Baptiste\1861.bat 
C:\Users\Baptiste\5247.bat 
C:\Temp\epr1 
C:\Users\Baptiste\1328.bat 
C:\Users\Baptiste\7187.bat 
C:\Users\Baptiste\2823.bat 
C:\Users\Baptiste\3138.bat 
C:\Users\Baptiste\6140.bat 
C:\Users\Baptiste\6949.bat 
C:\Windows\System32\3650.bat 
C:\Windows\System32\1947.bat 
C:\Windows\System32\7267.bat 


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

batok · Answer

et Jai une Question moi aussi Pourquoi Il ma Mit Not Found Dans Les fichiers temporaires Que Vous M'avez donné

batok · Answer

File/Folder  not found.
C:\Users\Baptiste\3552.bat moved successfully.
C:\VundoFix Backups moved successfully.
C:\Users\Baptiste\3608.bat moved successfully.
C:\Users\Baptiste\3311.bat moved successfully.
C:\Users\Baptiste\2273.bat moved successfully.
File/Folder C:\Users\Baptiste\3608.bat not found.
File/Folder C:\Users\Baptiste\3311.bat not found.
File/Folder C:\Users\Baptiste\2273.bat not found.
C:\Users\Baptiste\8014.bat moved successfully.
C:\Users\Baptiste\7434.bat moved successfully.
C:\Users\Baptiste\4987.bat moved successfully.
C:\Users\Baptiste\8799.bat moved successfully.
C:\Users\Baptiste\9687.bat moved successfully.
C:\Users\Baptiste\8822.bat moved successfully.
C:\Users\Baptiste\9357.bat moved successfully.
C:\Users\Baptiste\3084.bat moved successfully.
C:\Users\Baptiste\4011.bat moved successfully.
C:\Users\Baptiste\3176.bat moved successfully.
C:\Users\Baptiste\2465.bat moved successfully.
C:\Users\Baptiste\1861.bat moved successfully.
C:\Users\Baptiste\5247.bat moved successfully.
File/Folder C:\Temp\epr1 not found.
C:\Users\Baptiste\1328.bat moved successfully.
C:\Users\Baptiste\7187.bat moved successfully.
C:\Users\Baptiste\2823.bat moved successfully.
C:\Users\Baptiste\3138.bat moved successfully.
C:\Users\Baptiste\6140.bat moved successfully.
C:\Users\Baptiste\6949.bat moved successfully.
C:\Windows\System32\3650.bat moved successfully.
C:\Windows\System32\1947.bat moved successfully.
C:\Windows\System32\7267.bat moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_222404

Utilisateur anonyme · Answer

* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

batok · Answer

Purée Tout ce qui faut pas Faire A cause De ces Trojans ... Merci encore de me donner de votre temps

batok · Answer

Et Toolscleaner Plante Esce normal?

Utilisateur anonyme · Answer

c est la derniere etape c est pour supprimer combofix hijackthis etc

Utilisateur anonyme · Answer

passe toolcleaner en mode sans echec dans ce cas :

Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 

-> Tuto :https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/

batok · Answer

-->- Recherche: 

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Baptiste\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\Baptiste\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\Baptiste\Desktop\OtMoveIt2.exe: trouvé !
C:\Users\Baptiste\Desktop\Téléchargements\ComboFix.exe: trouvé !
C:\Users\Baptiste\Desktop\Téléchargements\vundoFix.exe: trouvé !
C:\Users\Baptiste\Desktop\Téléchargements\HJTInstall.exe: trouvé !
C:\Users\Invité\Desktop\HijackThis.lnk: trouvé !
C:\_OTMoveIt\MovedFiles\08132008_222404\Vundofix backups: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Baptiste\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\Baptiste\Desktop\OtMoveIt2.exe: supprimé !
C:\Users\Baptiste\Desktop\Téléchargements\ComboFix.exe: supprimé !
C:\Users\Baptiste\Desktop\Téléchargements\vundoFix.exe: supprimé !
C:\Users\Baptiste\Desktop\Téléchargements\HJTInstall.exe: supprimé !
C:\Users\Invité\Desktop\HijackThis.lnk: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\Users\Baptiste\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !

batok · Answer

Euh Au Fait Au debut du démarrage ca marque LS DELETE-PROGRAMME NOT FOUND

Utilisateur anonyme · Answer

ça te le fait encore ??

batok · Answer

Ouai Mais Je pense que C'est Moi avant Jai du faire une fausse manip...Mais ca ne change rien a mon pc du moins jai rien remarqué...
Alors Sinn c'est fini?

batok · Answer

Je refais Une analyse Spybot et je me retrouve avec WIN32.GGDoor

Utilisateur anonyme · Answer

et tu peux supprimer avec spybot ?

batok · Answer

Oui c'est bon merci
ALORS c'est fini?

Utilisateur anonyme · Answer

bah oui c finit 

si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu

batok · Answer

Mais Il me detecte de temps en temps des cookies de suivi que jarrive a supprimer est ce que c'est grave sinon?

batok · Answer

MERCCCCCCCCCCCCIIIIIIII!

Utilisateur anonyme · Answer

non du tout et normal ,

Qu est ce que les cookies : https://kerio.probb.fr/t161-qu-est-ce-qu-un-cookie-tracking-cookie

pour les cookies je te conseil Ccleaner ou avg anti spyware

batok · Answer

jai CCleaner depuis lontemps MErci et Est ce que diskeeper pour la defragmetation est efficace?

Utilisateur anonyme · Answer

oui je l ai d ailleurs y a O&O defrag qu est pas mal aussi

batok · Answer

Ok Bon bah Merci Pour Votre AIde!

batok · Answer

Mais Ce trojan virtumonde est du au téléchargement ?

Utilisateur anonyme · Answer

oui en effet 

vigilance est de mises la plupart des infections viennent des telechargements

@++

Hijackthis > TROJAN

43 réponses

Votre réponse

Discussions similaires

Newsletters