Trojan:Win32/Vundo.gen!K

baggio973 Messages postés 5 Statut Membre -  
sherred Messages postés 8605 Statut Membre -
Bonjour,

Je suis victime de ce virus depuis un certain temp et j'aimerai le supprimer.... j'ai vu qu'il y avait des rapport a envoyer ect... qq'un pourrait-il s'occuper de mon cas?

Merci d'avance !
Configuration: Windows Vista
Internet Explorer 7.0

6 réponses

  1. Leahkim Messages postés 3219 Statut Membre 281
     
    utilise hijackthis et poste le rapport
    0
  2. baggio973 Messages postés 5 Statut Membre
     
    voila mon rapport HJT :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:29:13, on 13/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Users\Nico\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Nico\Desktop\HJT.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {179A1FE2-D7B2-4DDB-8FFC-5C03944725DF} - C:\Windows\system32\fcccyWoM.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGwTljK.dll,#1
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nico\AppData\Local\Temp\khfFuust.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\Nico\AppData\Local\Temp\jwtupkfj.dll",s
    O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  3. sherred Messages postés 8605 Statut Membre 351
     
    je n'ai pas vu la trace du virus mais
    essaye ca
    Télécharge combofix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    clique combofix.exe.
    touche 1 (Yes) pour démarrer le scan.
    une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve également ici : C:\Combofix.txt

    Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
    arrete les anti virus et autres protection pendand l'analyse
    Pendant la durée de l'analyse ne te sert pas de ton pc
    0
  4. baggio973 Messages postés 5 Statut Membre
     
    Merci sherred, mais pendant ce temp j'ai fait une analyse avec malware, voila le log si ca peu etre utile....

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1048
    Windows 6.0.6001 Service Pack 1

    13:00:05 13/08/2008
    mbam-log-8-13-2008 (13-00-05).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 121596
    Temps écoulé: 47 minute(s), 18 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 19
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 137

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Windows\System32\fcccyWoM.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb4402d3-01a3-4744-9593-8c82005fad96} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{cb4402d3-01a3-4744-9593-8c82005fad96} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cfe250a (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3fcd1696 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccywom -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccywom -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Windows\System32\fcccyWoM.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\MoWycccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\MoWycccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb671231[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\befi[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4XE4WY\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4XE4WY\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AIMUEZL\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AIMUEZL\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38RDCLL3\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86RO24Q0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2CEV6W8\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4WQCF0T\2oxu[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\uutbrxbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\vlxeusng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\vosnqgnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\vsoqfoiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\vvghfwhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\vxddkrbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\sevnjcue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\stubsrro.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\svteapbh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\mmcxedcc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\mnnlevax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\mrfkjcle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ycnpgwhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ynpdrxtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ysorwvfk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\yuncgqcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\agugcbsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\bfgoecpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\bgdpxbrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\biaimkfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\fyoqdqll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\idrexhjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\jcqqidtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\syipgter.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\threrfti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\tlbdxwxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ifvkrreg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ixagruus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\iylvokll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\jbiwhkwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\bjismngy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\brcpetkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\cbucbhow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ccctihps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ceeaoqcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\cyhmydlb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\dlhkyikt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\dolcsmir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\dorcvito.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\dpshektb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\wdecbowf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\wmacaeks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\xewkkatv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\xfcdccdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\xllblqvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\xmaigvuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\gaftwcib.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\gaykgvrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ghgekabu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\gtakddwt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\guniokfp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\gvtbdyov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\hjsusend.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\hmduipki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\hrjmrhjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\hrqhdyie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\hsojknru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\hvokaakv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\edxrwtpc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\eiutttsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\elbqwtth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\elqxpmjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\emwprppo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\esuhxgic.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\etxmjfcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\evbjppsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\fsleskcs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\fspohofh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\klsptyyh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ljugednl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\lqhrxgxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\lsjpanho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\mbjeyeco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\oyjxnnwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\phnoexke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\plgonqdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\pnegneuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ptkqqbhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\pvridtaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\pxucyhew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qcjjjdcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qdnjblhv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qdnrbsxy.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qemoauao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qfnovnhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qsbbgarc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qvlldiab.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\qyrpnbsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\rfikklxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\twmxlkmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\umlvkhtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\nxfhhkim.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\obtmtmwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\odkbmqwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\oeamvaol.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ofmlqefg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ogstpwco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\ohaokfwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\olgbbvtw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\oocedsue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\tedixttq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\thqhntex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\jknlshtl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\kdutxsdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\Nico\AppData\Local\Temp\jwtupkfj.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. baggio973 Messages postés 5 Statut Membre
     
    je repost un nouveau log HJT si ca peu aider:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:24:16, on 13/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Users\Nico\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Nico\Desktop\HJT.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  7. baggio973 Messages postés 5 Statut Membre
     
    que dois-je faire ensuite?
    0
    1. sherred Messages postés 8605 Statut Membre 351
       
      bon t'a pas fait ce que je t'ai demander mais je vois que MBAM a bien bossé
      donc maintenant fait ce que je te dit a la lettre
      avant toute chose si ce n'est pas deja fait
      Désactiver le Contrôle d'Accès Utilisateur
      pour cela
      clique sur Comptes d'utilisateurs et protection des utilisateurs puis sur Comptes d'utilisateur. Cliquer sur la mention Activer ou désactiver le contrôle des comptes utilisateurs. Cliquer une dernière fois sur Continuer pour confirmer. Décoche Utiliser le contrôle des comptes utilisateurs pour vous aider à protéger votre ordinateur, clique sur OK puis sur le bouton Redémarrer maintenant.

      1er étape
      on commence par VundoFix bien que MBAM en a supprimé on ne sait jammais

      Télécharge VundoFix sur ton bureau.http://www.atribune.org/ccount/click.php?id=4
      Double-clique sur VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
      Lorsque le scan est terminé, clique sur le bouton "Remove Vundo".
      Une invite te demandera si tu veux supprimer les fichiers, dit oui
      le Bureau devrait disparaîte lors de la suppression des fichiers
      tu verra ensuite une invite qui t'annoncera que ton PC va s'éteindre (shutdown en anglais) : clique sur OK.

      redémarre-le., pour la 2eme étape
      ensuite ComboFix pour nettoyer certains fichiers récalcitrants de Vundo
      Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau.
      Redémarre ton PC en mode sans échec.
      Double clique sur ComboFix.exe
      Tape sur la touche Y pour démarrer le scan.
      ComboFix redémarrera ton PC : suivre les instructions indiquées à l'écran.

      puis rePasse un coup de MalwareBytes' Anti-Malware : met-le à jour avant, puis effectue le scan (en mode sans échec) et nettoye tout ce qu'il trouve.

      0