Sujet Précédent Sujet Suivant

Trojan:Win32/Vundo.gen!K

Fermé
baggio973 Messages postés 5 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 13 août 2008 - 13 août 2008 à 16:02
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 14 août 2008 à 07:02
Bonjour,

Je suis victime de ce virus depuis un certain temp et j'aimerai le supprimer.... j'ai vu qu'il y avait des rapport a envoyer ect... qq'un pourrait-il s'occuper de mon cas?

Merci d'avance !
A voir également:

6 réponses

Réponse 1 / 6
Leahkim Messages postés 3079 Date d'inscription jeudi 15 novembre 2007 Statut Membre Dernière intervention 2 mars 2014 279
13 août 2008 à 16:03
utilise hijackthis et poste le rapport
0
Réponse 2 / 6
baggio973 Messages postés 5 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 13 août 2008
13 août 2008 à 16:30
voila mon rapport HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:13, on 13/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Users\Nico\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nico\Desktop\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {179A1FE2-D7B2-4DDB-8FFC-5C03944725DF} - C:\Windows\system32\fcccyWoM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGwTljK.dll,#1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nico\AppData\Local\Temp\khfFuust.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\Nico\AppData\Local\Temp\jwtupkfj.dll",s
O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 3 / 6
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
13 août 2008 à 17:02
je n'ai pas vu la trace du virus mais
essaye ca
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt



Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
0
Réponse 4 / 6
baggio973 Messages postés 5 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 13 août 2008
13 août 2008 à 18:03
Merci sherred, mais pendant ce temp j'ai fait une analyse avec malware, voila le log si ca peu etre utile....



Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1048
Windows 6.0.6001 Service Pack 1

13:00:05 13/08/2008
mbam-log-8-13-2008 (13-00-05).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 121596
Temps écoulé: 47 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 137

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\fcccyWoM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb4402d3-01a3-4744-9593-8c82005fad96} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cb4402d3-01a3-4744-9593-8c82005fad96} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cfe250a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3fcd1696 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccywom -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccywom -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\fcccyWoM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\MoWycccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\MoWycccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb671231[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\befi[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4XE4WY\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4XE4WY\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AIMUEZL\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AIMUEZL\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38RDCLL3\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86RO24Q0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2CEV6W8\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4WQCF0T\2oxu[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\uutbrxbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vlxeusng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vosnqgnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vsoqfoiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vvghfwhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vxddkrbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\sevnjcue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\stubsrro.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\svteapbh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mmcxedcc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mnnlevax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mrfkjcle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ycnpgwhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ynpdrxtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ysorwvfk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\yuncgqcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\agugcbsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\bfgoecpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\bgdpxbrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\biaimkfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\fyoqdqll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\idrexhjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jcqqidtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\syipgter.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\threrfti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\tlbdxwxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ifvkrreg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ixagruus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\iylvokll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jbiwhkwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\bjismngy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\brcpetkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\cbucbhow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ccctihps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ceeaoqcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\cyhmydlb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dlhkyikt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dolcsmir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dorcvito.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dpshektb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\wdecbowf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\wmacaeks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xewkkatv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xfcdccdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xllblqvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xmaigvuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gaftwcib.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gaykgvrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ghgekabu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gtakddwt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\guniokfp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gvtbdyov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hjsusend.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hmduipki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hrjmrhjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hrqhdyie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hsojknru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hvokaakv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\edxrwtpc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\eiutttsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\elbqwtth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\elqxpmjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\emwprppo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\esuhxgic.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\etxmjfcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\evbjppsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\fsleskcs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\fspohofh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\klsptyyh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ljugednl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\lqhrxgxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\lsjpanho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mbjeyeco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\oyjxnnwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\phnoexke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\plgonqdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\pnegneuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ptkqqbhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\pvridtaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\pxucyhew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qcjjjdcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qdnjblhv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qdnrbsxy.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qemoauao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qfnovnhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qsbbgarc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qvlldiab.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qyrpnbsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\rfikklxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\twmxlkmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\umlvkhtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\nxfhhkim.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\obtmtmwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\odkbmqwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\oeamvaol.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ofmlqefg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ogstpwco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ohaokfwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\olgbbvtw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\oocedsue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\tedixttq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\thqhntex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jknlshtl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\kdutxsdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jwtupkfj.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
baggio973 Messages postés 5 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 13 août 2008
13 août 2008 à 18:25
je repost un nouveau log HJT si ca peu aider:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:16, on 13/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Nico\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nico\Desktop\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 6 / 6
baggio973 Messages postés 5 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 13 août 2008
13 août 2008 à 21:17
que dois-je faire ensuite?
0
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
14 août 2008 à 07:02
bon t'a pas fait ce que je t'ai demander mais je vois que MBAM a bien bossé
donc maintenant fait ce que je te dit a la lettre
avant toute chose si ce n'est pas deja fait
Désactiver le Contrôle d'Accès Utilisateur
pour cela
clique sur Comptes d'utilisateurs et protection des utilisateurs puis sur Comptes d'utilisateur. Cliquer sur la mention Activer ou désactiver le contrôle des comptes utilisateurs. Cliquer une dernière fois sur Continuer pour confirmer. Décoche Utiliser le contrôle des comptes utilisateurs pour vous aider à protéger votre ordinateur, clique sur OK puis sur le bouton Redémarrer maintenant.

1er étape
on commence par VundoFix bien que MBAM en a supprimé on ne sait jammais

Télécharge VundoFix sur ton bureau.http://www.atribune.org/ccount/click.php?id=4
Double-clique sur VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
Lorsque le scan est terminé, clique sur le bouton "Remove Vundo".
Une invite te demandera si tu veux supprimer les fichiers, dit oui
le Bureau devrait disparaîte lors de la suppression des fichiers
tu verra ensuite une invite qui t'annoncera que ton PC va s'éteindre (shutdown en anglais) : clique sur OK.

redémarre-le., pour la 2eme étape
ensuite ComboFix pour nettoyer certains fichiers récalcitrants de Vundo
Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau.
Redémarre ton PC en mode sans échec.
Double clique sur ComboFix.exe
Tape sur la touche Y pour démarrer le scan.
ComboFix redémarrera ton PC : suivre les instructions indiquées à l'écran.

puis rePasse un coup de MalwareBytes' Anti-Malware : met-le à jour avant, puis effectue le scan (en mode sans échec) et nettoye tout ce qu'il trouve.

0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Trojan alerte
Titou43 -
gen-hackman -

23 réponses
comment supprimer csrss.exe?
Chaym -
Patrick -

12 réponses