Bonjour je suis infecté par des trojans help!

loshake Messages postés 12 Date d'inscription   Statut Membre -  
loshake Messages postés 12 Date d'inscription   Statut Membre -
Bonjour,

j ai windows vista pack 1 et je suis infecté par des trojans comme me l indique avast qui a chaque démarrage me trouve un nouveau trojan , j ai des erreurs de registre , de dll , voici le rapport hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:06:23, on 29/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\laurent\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccBSMGY.dll,#1
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\laurent\AppData\Local\Temp\nnnkJdAR.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\laurent\AppData\Local\Temp\geBtqNFY.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [6687be56] rundll32.exe "C:\Users\laurent\AppData\Local\Temp\hhinrqvi.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Video using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_video.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsry.exe (file missing)

--
End of file - 13014 bytes

merci pour votre aide les amis!!
au revoir
Configuration: Windows Vista
Internet Explorer 7.0

16 réponses

  1. Utilisateur anonyme
     
    lu,
    tu sais que l'on n'est au SP3 !? un système ca ce met à jour ^^
    ne t'étonne pas d'être infecté ...

    1/
    Télécharger CCleaner (installe pas la barre de Yahoo ) :
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    lance le, dans nettoyeur clique sur lancer le nettoyage puis dans Registre fait chercher et répare les erreurs autant de fois qu'il y en n'a.

    2/
    On enlève le plus gros :

    fait un scan en ligne avec internet explore, si tu as firefox fait:
    démarrer -> executer -> tape : iexplore (puis valide)

    BRANCHE TA OU TES CLE USB / LECTEUR EXTERNE ...

    (coche toutes les cases à chaque fois) :
    https://www.eset.com/

    à la fin colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

    si ta besoin d'aide tu as un tutoriel ici : http://bibou0007.com/tutos-et-lexique-f45/tutorial-nod32-online-scanner-t128.htm

    3/ Fait un scan avec malwarebyte :
    telechargement et aide ici :
    http://www.pcinfo-web.com/...
    une fois fini le rapport s'ouvre copie le et supprime toute la selection.

    4/
    Ensuite une fois fini fait un rapport hijackthis :
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    tu le télécharges, tu le lances et tu cliquera sur le premier bouton en haut "Do a system scan and save a logfile"
    tu colleras le fichier texte ici ;).

    PS : Ne fermes pas le programme
    0
  2. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    je peux pas avoir le pack 3 j ai windows vista o-p.
    ok je fais ce ke tu me dis!!merci pour tout
    0
  3. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    voici le rapport eset :

    # version=4
    # OnlineScanner.ocx=1.0.0.56
    # OnlineScannerDLLA.dll=1, 0, 0, 51
    # OnlineScannerDLLW.dll=1, 0, 0, 51
    # OnlineScannerUninstaller.exe=1, 0, 0, 49
    # vers_standard_module=3565 (20081029)
    # vers_arch_module=1.064 (20080214)
    # vers_adv_heur_module=1.064 (20070717)
    # EOSSerial=08a226a0d5bc2b4d85984dfbebe046d6
    # end=finished
    # remove_checked=true
    # unwanted_checked=true
    # utc_time=2008-10-29 12:11:28
    # local_time=2008-10-29 01:11:28 (+0100, Paris, Madrid)
    # country="France"
    # osver=6.0.6001 NT Service Pack 1
    # scanned=552409
    # found=24
    # scan_time=11827
    C:\Program Files\Alwil Software\Avast4\DATA\moved\keygen.exe.vir Win32/TrojanDownloader.Small.OCS trojan (unable to clean - deleted) 00000000000000000000000000000000
    C:\Program Files\Mozilla Firefox\readme.bat probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
    C:\resycled\boot.com a variant of Win32/Kryptik.BB trojan (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\efcAqnOG.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\kHAPhgdb.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\pmnllKBu.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\tmp00010903 Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\tmp00010cdc Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\tmp00012b02 Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\tmp000139e7 Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\tmp00a03a9d Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\urqQGXQh.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\urqQkhGV.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Users\laurent\AppData\Local\Temp\wvUoMcbX.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Windows\System32\jKASmMcA.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Windows\System32\mlJBSmME.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    C:\Windows\System32\rqRLfeEx.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
    D:\resycled\boot.com a variant of Win32/Kryptik.BB trojan (unable to clean - deleted) 00000000000000000000000000000000
    G:\resycled\boot.com a variant of Win32/Kryptik.BB trojan (unable to clean - deleted) 00000000000000000000000000000000
    H:\autorun.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
    H:\jeux\Trackmania sunrise\Serial&crack\Trackmania_Sunrise_Keygen-DEViANCE.exe multiple infiltrations (deleted) 00000000000000000000000000000000
    H:\jeux\Trackmania sunrise\Serial&crack\Trackmania_Sunrise_Keygen-DEViANCE.exe »RAR »setup.bat IRC/Zapchast.G trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
    H:\jeux\Trackmania sunrise\Serial&crack\Trackmania_Sunrise_Keygen-DEViANCE.exe »RAR »services.exe Win32/Iroffer.1402 trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
    K:\autorun.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
    0
  4. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    log malwaebytes :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1335
    Windows 6.0.6001 Service Pack 1

    29/10/2008 14:56:53
    mbam-log-2008-10-29 (14-56-53).txt

    Type de recherche: Examen complet (C:\|D:\|G:\|H:\|K:\|)
    Eléments examinés: 193429
    Temps écoulé: 1 hour(s), 35 minute(s), 28 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Users\laurent\AppData\Local\Temp\hhinrqvi.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{10c08715-ad85-4fb5-bb96-a7f700ab2964} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6687be56 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6687be56 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10c08715-ad85-4fb5-bb96-a7f700ab2964} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Users\laurent\Local Settings\Application Data\ommsgey_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\laurent\Local Settings\Application Data\ommsgey_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\laurent\Local Settings\Application Data\ommsgey.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Local\Temp\hhinrqvi.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\fccBSMGY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Alwil Software\Avast4\DATA\moved\is164061.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Alwil Software\Avast4\DATA\moved\serial.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Local\Temp\eocnutsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Local\Temp\qtixtqph.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Local\Temp\rfgvauov.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Local\Temp\riaaosks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Local\Temp\srwsjxcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sexvid\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Users\laurent\AppData\Roaming\REX Shared Library.dll (Trojan.Lop.H) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    rapport hijack de fin :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:08:07, on 29/10/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\POP Peeper\POPPeeper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\Program Files\GigaTribe\gigatribe.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\utils 2\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
    O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
    O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
    O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
    O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
    O8 - Extra context menu item: Download Video using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_video.htm
    O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
    O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
    O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsry.exe (file missing)
    0
  7. Utilisateur anonyme
     
    ok tu fait un elevage toi ^^
    fix checked :
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
    O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
    O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
    O9 - Extra button: (no name) - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
    O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsry.exe (file missing)

    ENSUITE

    telecharge OT MoveIT
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    et colle ca dans la fenetre jaune (voir image ici : http://www.hijackthis-forum.de/attachment.php?attachmentid=3782&d=1207341348 ) :

    C:\Program Files\AskBarDis\

    et ensuite clique sur : MOVEIT, il est possible qu'il demande de redemarrer si c'est le cas accepte !
    tu aura le rapport dans : C:\_OTMoveIt\MovedFiles\
    0
  8. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    voici le log final c bon?

    Folder move failed. C:\Program Files\AskBarDis\bar\Settings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\AskBarDis\bar\bin scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\AskBarDis\bar scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\AskBarDis scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10292008_163130
    0
  9. Utilisateur anonyme
     
    redemarre et remet le rapport
    0
  10. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    meme rapport

    Folder move failed. C:\Program Files\AskBarDis\bar\Settings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\AskBarDis\bar\bin scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\AskBarDis\bar scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\AskBarDis scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10292008_163130

    g encore la barre ask dans mon navigateur
    merci bcp de ton aide!
    0
  11. Utilisateur anonyme
     
    Télécharge Toolbar-S&D d'Eric71 ( https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 ), AngelDark, Sham_Rock et XmichouX sur ton Bureau,

    Double-clique sur Toolbar-S&D afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
    Double-clique dessus pour démarrer l'outil; choisis la langue.
    Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
    Tape 1 puis sur la touche [Entrée] afin de lancer la recherche.
    Patiente jusqu'à la fin de la recherche.
    À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
    Poste ce rapport, par copier/coller, dans ta prochaine réponse.
    Le rapport se trouve également sous : C:\TB.txt
    Aide en image : https://sites.google.com/site/toolbarsd/aideenimages
    0
  12. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    voila le rapport:

    -----------\\ ToolBar S&D 1.2.4 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
    BIOS : BIOS Date: 01/08/07 10:54:47 Ver: 08.00.12
    USER : laurent ( Not Administrator ! )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081028-1] 4.8.1229 (Activated)
    Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:125 Go (Free:80 Go)
    D:\ (Local Disk) - NTFS - Total:58 Go (Free:12 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (Local Disk) - NTFS - Total:48 Go (Free:48 Go)

    "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
    Option : [1] ( 29/10/2008|18:04 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskBarDis
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\unins000.dat
    C:\Program Files\AskBarDis\unins000.exe
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SmartShopper
    C:\Users\laurent\AppData\Roaming\MICROS~1\Windows\Cookies\laurent@cs.lp.smartshopper[1].txt
    C:\Program Files\SmartShopper
    C:\Program Files\SmartShopper\Bin
    C:\Windows\iun6002.exe

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="http://start.icq.com/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\laurent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IKZDTI4\Crack%20recycle%202.1.2.v3197[1].exe
    C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Recent\Propellerheads.ReCycle.v2.1.2.Incl.Keygen-AiR.lnk
    C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Recent\Reason 3.0 + Keygen.lnk
    C:\Users\laurent\AppData\Roaming\uTorrent\Propellerheads.ReCycle.v2.1.2.Incl.Keygen-AiR.rar.torrent

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 29/10/2008|18:04 - Option : [1]

    -----------\\ Fin du rapport a 18:04:34,02
    0
  13. Utilisateur anonyme
     
    ok relance et lmaintenant suppression
    0
  14. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    c bon la lol?
    t un pro toi! lol :

    -----------\\ ToolBar S&D 1.2.4 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
    BIOS : BIOS Date: 01/08/07 10:54:47 Ver: 08.00.12
    USER : laurent ( Not Administrator ! )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081028-1] 4.8.1229 (Activated)
    Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:125 Go (Free:80 Go)
    D:\ (Local Disk) - NTFS - Total:58 Go (Free:12 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (Local Disk) - NTFS - Total:48 Go (Free:48 Go)

    "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
    Option : [2] ( 29/10/2008|18:14 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskBarDis\bar
    Supprime! - C:\Program Files\AskBarDis\unins000.dat
    Supprime! - C:\Program Files\AskBarDis\unins000.exe
    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SmartShopper
    Supprime! - C:\Users\laurent\AppData\Roaming\MICROS~1\Windows\Cookies\laurent@cs.lp.smartshopper[1].txt
    Supprime! - C:\Program Files\SmartShopper\Bin
    Supprime! - C:\Windows\iun6002.exe
    Supprime! - C:\Program Files\AskBarDis
    Supprime! - C:\Program Files\SmartShopper

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="http://start.icq.com/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    --------------------\\ Recherche d'autres infections
    0
  15. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    g mal posté :

    il mankait la fin :

    Disk) - NTFS - Total:48 Go (Free:48 Go)

    "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
    Option : [2] ( 29/10/2008|18:14 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskBarDis\bar
    Supprime! - C:\Program Files\AskBarDis\unins000.dat
    Supprime! - C:\Program Files\AskBarDis\unins000.exe
    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SmartShopper
    Supprime! - C:\Users\laurent\AppData\Roaming\MICROS~1\Windows\Cookies\laurent@cs.lp.smartshopper[1].txt
    Supprime! - C:\Program Files\SmartShopper\Bin
    Supprime! - C:\Windows\iun6002.exe
    Supprime! - C:\Program Files\AskBarDis
    Supprime! - C:\Program Files\SmartShopper

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="http://start.icq.com/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\laurent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IKZDTI4\Crack%20recycle%202.1.2.v3197[1].exe
    C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Recent\Propellerheads.ReCycle.v2.1.2.Incl.Keygen-AiR.lnk
    C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Recent\Reason 3.0 + Keygen.lnk
    C:\Users\laurent\AppData\Roaming\uTorrent\Propellerheads.ReCycle.v2.1.2.Incl.Keygen-AiR.rar.torrent

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 29/10/2008|18:04 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 29/10/2008|18:16 - Option : [2]

    -----------\\ Fin du rapport a 18:16:06,34
    0
  16. Utilisateur anonyme
     
    ok redemarre comment va ton pc?
    0
  17. loshake Messages postés 12 Date d'inscription   Statut Membre
     
    bien mieux je te remercie il est moins lent!!g plus d alerte d avast et je touche du bois!!
    merci!!!a +
    0