Virus trojan virtumonde insupprimable...

RoxNroll Messages postés 22 Statut Membre -  
 chadz -
Bonjour,
Je run en windows vista familial edition... Oui et bien j'ai suivie quelques de vos conseils comme par example d\l spybot search and destroy... il retrace tout ce qui est malware et trojan aucun probleme de ce coté mais il n'est pas capable de les supprimer... aidez-moi a faire le menage de mon cpu qqun... il est nouveau il n'a meme pas encore 1 an... :S Il est trop jeune pour rendre l'âme! HELP! ahahaha... merci d'avance...
Configuration: Windows Vista
Internet Explorer 7.0

47 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Plusieurs éléments de sécurité sur Windows Vista permettent d'identifier des traces malveillantes via HijackThis et d'autres outils, mais la suppression complète des infections peut demeurer problématique. Pour résoudre ces infections, la démarche consiste à utiliser HijackThis pour sélectionner et corriger les éléments nuisibles, désinstaller Java obsolète puis réinstaller Java et Adobe Reader dans leurs versions récentes. En parallèle, CCleaner, Malwarebytes et Spybot S&D permettent de nettoyer les résidus et de sécuriser le système, tandis que ToolsCleaner supprime les outils d’analyse et que la restauration système peut être temporairement ajustée. Pour la suite, après nettoyage, il est utile de vérifier les rapports et de planifier des balayages réguliers afin de détecter rapidement toute réinfection ou modification non autorisée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. bootf12
     
    Salut,

    Antivirus xp 2008 est un rogue, une infection se faisant passer pour un antivirus.

    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_­4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici
    0
  2. Utilisateur anonyme
     
    Salut,

    Télécharge HijackThis ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
  3. RoxNroll Messages postés 22 Statut Membre
     
    Lequel des deux j'écoute? ahahaha ;)
    0
  4. Utilisateur anonyme
     
    un rapport hijackthis serait utile pour voir l etat du pc les infection etc
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. RoxNroll Messages postés 22 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:07:28, on 2008-08-14
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\RoxyBaby\Program Files\DNA\btdna.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=hy-border:8080;https=hy-border:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [\Win3F76.exe] C:\Windows\system32\Win3F76.exe
    O4 - HKLM\..\Run: [\Win416A.exe] C:\Windows\system32\Win416A.exe
    O4 - HKLM\..\Run: [\Win42D0.exe] C:\Windows\system32\Win42D0.exe
    O4 - HKLM\..\Run: [\Win461B.exe] C:\Windows\system32\Win461B.exe
    O4 - HKLM\..\Run: [\Win484C.exe] C:\Windows\system32\Win484C.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\RoxyBaby\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [\Win3F76.exe] C:\Windows\system32\Win3F76.exe
    O4 - HKCU\..\Run: [\Win416A.exe] C:\Windows\system32\Win416A.exe
    O4 - HKCU\..\Run: [\Win42D0.exe] C:\Windows\system32\Win42D0.exe
    O4 - HKCU\..\Run: [\Win461B.exe] C:\Windows\system32\Win461B.exe
    O4 - HKCU\..\Run: [\Win484C.exe] C:\Windows\system32\Win484C.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-594372205-3150921459-654368954-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5355/mcfscan.cab
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  7. RoxNroll Messages postés 22 Statut Membre
     
    Voila le rapport de hijackthis... j'ai une autre question aussi... est-ce vrai qu'il y'a des risques d'agraver le probleme en essayant de fixer un trojan? c'est tricky un trojan à ce qu'il parrait ;S
    0
  8. Utilisateur anonyme
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  9. RoxNroll Messages postés 22 Statut Membre
     
    ComboFix 08-08-13.05 - RoxyBaby 2008-08-14 15:41:43.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.893 [GMT -4:00]
    Endroit: C:\Users\RoxyBaby\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-14 15:13 . 2008-08-14 15:41 <REP> d-------- C:\327882R2FWJFW
    2008-08-14 15:06 . 2008-08-14 15:06 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-14 03:06 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 01:05 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 01:05 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 01:05 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 01:05 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-14 01:04 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 00:35 . 2008-08-14 00:35 <REP> d-------- C:\Users\All Users\WindowsSearch
    2008-08-14 00:35 . 2008-08-14 00:35 <REP> d-------- C:\ProgramData\WindowsSearch
    2008-08-13 23:00 . 2008-08-14 15:12 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-08-13 23:00 . 2008-08-14 15:12 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-08-13 23:00 . 2008-08-13 23:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-09 14:57 . 2008-08-09 14:57 <REP> d-------- C:\Program Files\bfgclient
    2008-08-09 14:57 . 2008-08-09 14:58 <REP> d-------- C:\Program Files\Bejeweled 2
    2008-08-09 14:56 . 2008-08-09 14:58 <REP> d-------- C:\BigFishGamesCache
    2008-08-06 19:16 . 2008-08-06 19:16 <REP> d-------- C:\Windows\McAfee.com
    2008-08-06 18:37 . 2008-08-06 18:37 <REP> d-------- C:\Program Files\PCCheckupOnline
    2008-08-06 15:18 . 2008-08-06 15:28 <REP> d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
    2008-08-05 18:28 . 2008-08-05 18:28 <REP> d-------- C:\Users\RoxyBaby\AppData\Roaming\Nero
    2008-08-05 18:24 . 2008-08-05 18:24 <REP> d-------- C:\Users\All Users\Nero
    2008-08-05 18:24 . 2008-08-05 18:24 <REP> d-------- C:\ProgramData\Nero
    2008-08-05 18:24 . 2008-08-05 18:24 <REP> d-------- C:\Program Files\Nero
    2008-08-05 18:24 . 2008-08-05 18:27 <REP> d-------- C:\Program Files\Common Files\Nero
    2008-08-05 17:51 . 2008-08-05 17:51 <REP> d-------- C:\Users\RoxyBaby\AppData\Roaming\Ahead
    2008-08-05 17:47 . 2008-08-05 17:47 <REP> d-------- C:\Users\All Users\Ahead
    2008-08-05 17:47 . 2008-08-05 17:47 <REP> d-------- C:\ProgramData\Ahead
    2008-08-05 17:47 . 2008-08-05 18:13 <REP> d-------- C:\Program Files\Common Files\Ahead
    2008-08-05 17:47 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
    2008-07-17 15:21 . 2008-08-09 23:36 <REP> d-a------ C:\Users\All Users\TEMP
    2008-07-17 15:21 . 2008-07-17 15:21 <REP> d-------- C:\Users\All Users\Double Trump
    2008-07-17 15:21 . 2008-07-17 15:21 <REP> d-------- C:\Users\All Users\DigitalChocolate
    2008-07-17 15:21 . 2008-08-09 23:36 <REP> d-a------ C:\ProgramData\TEMP
    2008-07-17 15:21 . 2008-07-17 15:21 <REP> d-------- C:\ProgramData\Double Trump
    2008-07-17 15:21 . 2008-07-17 15:21 <REP> d-------- C:\ProgramData\DigitalChocolate
    2008-07-17 15:17 . 2008-07-19 17:07 <REP> d-------- C:\Program Files\Digital Chocolate

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-14 19:38 --------- d-----w C:\Users\RoxyBaby\AppData\Roaming\DNA
    2008-08-14 16:38 --------- d-----w C:\ProgramData\Google Updater
    2008-08-14 07:16 1,048,576 --sha-w C:\Users\Invité\NTUSER.DAT
    2008-08-14 07:16 1,048,576 --sha-w C:\Users\Invité\NTUSER.DAT
    2008-08-14 07:13 --------- d-----w C:\Program Files\Windows Mail
    2008-08-14 03:38 --------- d-----w C:\Program Files\Norton Security Scan
    2008-08-14 03:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-14 00:00 --------- d-----w C:\ProgramData\SiteAdvisor
    2008-08-06 22:38 --------- d-----w C:\Program Files\Dell
    2008-08-06 19:30 --------- d-----w C:\Users\RoxyBaby\AppData\Roaming\uTorrent
    2008-08-05 23:25 --------- d-----w C:\Users\RoxyBaby\AppData\Roaming\Roxio
    2008-08-05 21:32 --------- d-----w C:\Users\RoxyBaby\AppData\Roaming\mIRC
    2008-07-31 09:35 --------- d-----w C:\ProgramData\Dell
    2008-07-10 17:48 --------- d-----w C:\ProgramData\PopCap Games
    2008-07-10 17:48 --------- d-----w C:\Program Files\PopCap Games
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-24 20:06 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
    2008-06-24 00:55 --------- d-----w C:\Users\Invité\AppData\Roaming\Macromedia
    2008-06-24 00:55 --------- d-----w C:\Users\Invité\AppData\Roaming\Google
    2008-06-24 00:52 --------- d-----w C:\Users\Invité\AppData\Roaming\mIRC
    2008-06-24 00:41 --------- d-----w C:\Users\Invité\AppData\Roaming\Adobe
    2008-06-24 00:40 --------- d-s---w C:\Users\Invité\AppData\Roaming\Microsoft
    2008-06-24 00:27 --------- d-----w C:\Users\Invité\AppData\Roaming\SiteAdvisor
    2008-06-24 00:27 --------- d-----w C:\Users\Invité\AppData\Roaming\Logitech
    2008-06-24 00:27 --------- d-----w C:\Users\Invité\AppData\Roaming\Identities
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-06-07 16:25 174 --sha-w C:\Program Files\desktop.ini
    2008-06-07 15:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-07 15:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-06 18:54 972,072 ----a-w C:\Windows\UNRecode.exe
    2008-06-06 18:54 95,600 ----a-w C:\Windows\System32\NeroCo.dll
    2008-04-08 19:22 3,224 ----a-w C:\Users\RoxyBaby\AppData\Roaming\wklnhst.dat
    2008-03-04 06:52 76 --sh--r C:\Windows\CT4CET.bin
    2008-03-17 03:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-17 03:56 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-17 03:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-14_15.19.10.97 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-14 19:14:44 6,262,784 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
    + 2008-08-14 19:41:29 6,262,784 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 13:34 5724184]
    "BitTorrent DNA"="C:\Users\RoxyBaby\Program Files\DNA\btdna.exe" [2008-05-08 18:02 289088]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 15:10 68856]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 03:36 2153472 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 02:49 159744]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 01:51 36864]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-12-14 23:54 137752]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-12-14 23:53 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-12-14 23:53 133656]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 15:00 174872]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 17:39 189736]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 20:12 582992]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 17:57 36640]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-29 00:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 13:34 5724184]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-24 22:07:02 50688]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-28 00:45:38 789008]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-31 15:10:36 124400]
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 18:27:08 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C4693657-9605-4A18-BE56-578DA0F84145}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{0644D9CF-7DF4-44AA-A78C-F8D107A650E2}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
    "{67881940-9A10-4CF4-8631-0B2B3E30AD46}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
    "{6107EE9A-D03C-459A-8C65-02EE718A75DB}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{8A3E0C84-DE0F-4D13-A570-1E9F9C6FD7B2}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{0896CF2A-B768-468B-B349-7DF7E283EF21}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{EFD9DBE4-CE8D-4BF6-A7BD-053F722DAF87}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{200FD2E2-6162-464A-A121-3A1E6A27E917}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{9F8BBC5C-278D-4E27-BD89-14D499699454}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{74EA8A0F-23DC-4558-A26E-34473BF56D91}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{ACE90812-20B2-49AD-85CE-8246AE9F90C5}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{E87C53C5-7FED-4D04-A870-C2F043F9152E}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{3E543F18-B68B-4435-B0F9-BAF4FBCF6635}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{C67EF31E-9129-4ACB-AE44-64421E12A525}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{8621D1BC-0073-46A8-9F8F-9E45132ED76F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{A8CF8FFA-E18B-4C43-971F-41B293C9F98D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{7A294D93-8945-4A40-A251-D29982C612A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 07:07]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-14 23:54]
    R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 01:51]
    R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 01:51]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 01:31]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-06-15 C:\Windows\Tasks\McDefragTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

    2008-07-01 C:\Windows\Tasks\McQcTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

    2008-08-14 C:\Windows\Tasks\Norton Security Scan.job
    - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]

    2008-08-14 C:\Windows\Tasks\User_Feed_Synchronization-{868A0EA5-4582-46CE-8ECA-41A0483035DB}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]

    2008-03-05 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\RoxyBaby\AppData\Roaming\Mozilla\Firefox\Profiles\f97aa8br.default\

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-14 15:43:30
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\SiteAdvisor\6261\saHook.dll
    .
    Temps d'accomplissement: 2008-08-14 15:44:36
    ComboFix-quarantined-files.txt 2008-08-14 19:44:26
    ComboFix2.txt 2008-08-14 19:19:42

    Pre-Run: 136,154,439,680 octets libres
    Post-Run: 136,121,520,128 octets libres

    215 --- E O F --- 2008-08-14 07:07:56
    0
  10. Utilisateur anonyme
     
    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  11. RoxNroll Messages postés 22 Statut Membre
     
    J'ai fait le scan avec malawarebyte's anti-ware puis je retrouve pas le log dans mes trucs mais jai laissé la fenetre ouverte je vois toute la liste des nuisibles... rrrr aidez-moi :S
    0
  12. RoxNroll Messages postés 22 Statut Membre
     
    Oh désolée de mon innattention ;P voici les logs: Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1053
    Windows 6.0.6001 Service Pack 1

    21:02:26 2008-08-14
    mbam-log-8-14-2008 (21-02-26).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 135976
    Temps écoulé: 1 hour(s), 56 minute(s), 37 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 14
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\7.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\RoxyBaby\Documents\Mes fichiers reçus\Nero6.MultiKeygen.exe.pasexe (Trojan.Agent) -> Quarantined and deleted successfully.

    J'espere que ca fonctionnera réellement... merci de continuer a m'appuyer dans mes démarches pour me débarasser des intrus...
    0
  13. RoxNroll Messages postés 22 Statut Membre
     
    et maintenant au reboot ca me dit: script../../../../sscommon/inc/ss_snapin.js Failed to load ARG vais-je m'en sortir qqun encouragez-moi! :S
    0
  14. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut RoxNroll,

    Sois un peu patient.
    Certains helpers dorment la nuit. ;)

    Je vois que tu avais déjà utilisé ComboFix antérieurement.

    Donne-nous des précisions sur "ARG" ==> Alternate Reality Game ? Un crack de plus ?

    Merci
    Al.
    0
  15. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    ensuite refai sun scan hijackthis et post le rapport stp

    PS : salut Al
    0
  16. RoxNroll Messages postés 22 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:07:28, on 2008-08-14
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\RoxyBaby\Program Files\DNA\btdna.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=hy-border:8080;https=hy-border:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [\Win3F76.exe] C:\Windows\system32\Win3F76.exe
    O4 - HKLM\..\Run: [\Win416A.exe] C:\Windows\system32\Win416A.exe
    O4 - HKLM\..\Run: [\Win42D0.exe] C:\Windows\system32\Win42D0.exe
    O4 - HKLM\..\Run: [\Win461B.exe] C:\Windows\system32\Win461B.exe
    O4 - HKLM\..\Run: [\Win484C.exe] C:\Windows\system32\Win484C.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\RoxyBaby\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [\Win3F76.exe] C:\Windows\system32\Win3F76.exe
    O4 - HKCU\..\Run: [\Win416A.exe] C:\Windows\system32\Win416A.exe
    O4 - HKCU\..\Run: [\Win42D0.exe] C:\Windows\system32\Win42D0.exe
    O4 - HKCU\..\Run: [\Win461B.exe] C:\Windows\system32\Win461B.exe
    O4 - HKCU\..\Run: [\Win484C.exe] C:\Windows\system32\Win484C.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-594372205-3150921459-654368954-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5355/mcfscan.cab
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  17. RoxNroll Messages postés 22 Statut Membre
     
    désolé pour le ARG ahahhah cétait pour exprimer un sentiment ;P
    0
  18. Utilisateur anonyme
     
    Scan saved at 15:07:28, on 2008-08-14

    le raport n est pas bon

    ferme hijackthis
    fais un clic droit sur hijackthis
    choisi executer en tant qu administrateur
    choisi do a system scan and save a logfile

    post le rapport stp
    0
  19. RoxNroll Messages postés 22 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:16:23, on 2008-08-15
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\RoxyBaby\Program Files\DNA\btdna.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=hy-border:8080;https=hy-border:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\RoxyBaby\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-594372205-3150921459-654368954-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5355/mcfscan.cab
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  20. Utilisateur anonyme
     
    fais un clic droit sur hijackthis
    choisi executer en tant qu administrateur
    fais scan only
    coches ces lignes :

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5355/mcfscan.cab

    tu les coches et tu clic sur fix checked

    ensuite désinstal java car pas a jours et telechrage et instal cette version :

    https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com&File=jre-6u7-windows-i586-p-s.exe&AuthParam=1580978146_46494a57fbc0e7c89e79cfb72e28cd3a&ext=.exe

    idem pour adobe reader :

    http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe

    ensuite :

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://download.piriform.com/ccsetup210.exe

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    -> Tuto : https://www.malekal.com/tutoriel-ccleaner/

    ensuite ;
    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    http://pc-system.fr/

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    et fais ceci :

    Désactive et réactive ta restauration system

    tuto vista : http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Vista/restauration-systeme-vista-sujet_348545_1.htm

    0
  21. RoxNroll Messages postés 22 Statut Membre
     
    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\RoxyBaby\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Users\RoxyBaby\Desktop\HijackThis.lnk: trouvé !
    C:\Users\RoxyBaby\Desktop\ComboFix.exe: trouvé !
    C:\Users\RoxyBaby\Desktop\HJTInstall.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: Erreur de suppression !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: Erreur de suppression !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: Erreur de suppression !
    C:\Users\RoxyBaby\Desktop\HijackThis.lnk: supprimé !
    C:\Users\RoxyBaby\Desktop\ComboFix.exe: Erreur de suppression !
    C:\Users\RoxyBaby\Desktop\HJTInstall.exe: supprimé !
    C:\Qoobox: Erreur de suppression !
    C:\Program Files\Trend Micro\HijackThis: Erreur de suppression !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: Erreur de suppression !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: Erreur de suppression !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: Erreur de suppression !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: Erreur de suppression !
    C:\Users\RoxyBaby\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
    0
  • 1
  • 2
  • 3