Flux rss
Ils ont besoin de votre aide
Collection CommentCaMarche.net
Rechercher : dans
Par : Pertinence Date Nom d'utilisateur
Statut : Non résolu

Trojan:Win32/Vundo.gen!K

baggio973, le mercredi 13 août 2008 à 16:02:11
Bonjour,

Je suis victime de ce virus depuis un certain temp et j'aimerai le supprimer.... j'ai vu qu'il y avait des rapport a envoyer ect... qq'un pourrait-il s'occuper de mon cas?

Merci d'avance !
Configuration: Windows Vista
Internet Explorer 7.0
Répondre à baggio973  Signaler ce message aux modérateurs Aller au dernier message

1


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Leahkim, le mercredi 13 août 2008 à 16:03:56
utilise hijackthis et poste le rapport
   
Répondre à Leahkim

2


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
baggio973, le mercredi 13 août 2008 à 16:30:56
voila mon rapport HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:13, on 13/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Users\Nico\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nico\Desktop\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://f­r.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://f­r.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {179A1FE2-D7B2-4DDB-8FFC-5C03944725DF} - C:\Windows\system32\fcccyWoM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGwTljK.dll,#1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nico\AppData\Local\Temp\khfFuust.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\Nico\AppData\Local\Temp\jwtupkfj.dll",s
O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 10741 bytes
   
Répondre à baggio973

3


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
sherred, le mercredi 13 août 2008 à 17:02:16
je n'ai pas vu la trace du virus mais
essaye ca
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt



Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
   
Répondre à sherred

4


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
baggio973, le mercredi 13 août 2008 à 18:03:10
Merci sherred, mais pendant ce temp j'ai fait une analyse avec malware, voila le log si ca peu etre utile....



Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1048
Windows 6.0.6001 Service Pack 1

13:00:05 13/08/2008
mbam-log-8-13-2008 (13-00-05).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 121596
Temps écoulé: 47 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 137

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\fcccyWoM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb4402d3-01a3-4744-9593-8c82005fad96} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cb4402d3-01a3-4744-9593-8c82005fad96} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cfe250a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3fcd1696 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccywom -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccywom -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\fcccyWoM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\MoWycccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\MoWycccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\tyhamupp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb456456[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb671231[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\kb767887[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V6W98UR\befi[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4XE4WY\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K4XE4WY\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AIMUEZL\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AIMUEZL\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38RDCLL3\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86RO24Q0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb456456[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9E7RD56\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2CEV6W8\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4WQCF0T\2oxu[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\uutbrxbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vlxeusng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vosnqgnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vsoqfoiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vvghfwhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\vxddkrbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\sevnjcue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\stubsrro.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\svteapbh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mmcxedcc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mnnlevax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mrfkjcle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ycnpgwhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ynpdrxtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ysorwvfk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\yuncgqcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\agugcbsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\bfgoecpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\bgdpxbrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\biaimkfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\fyoqdqll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\idrexhjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jcqqidtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\syipgter.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\threrfti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\tlbdxwxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ifvkrreg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ixagruus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\iylvokll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jbiwhkwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\bjismngy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\brcpetkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\cbucbhow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ccctihps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ceeaoqcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\cyhmydlb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dlhkyikt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dolcsmir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dorcvito.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\dpshektb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\wdecbowf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\wmacaeks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xewkkatv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xfcdccdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xllblqvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\xmaigvuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gaftwcib.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gaykgvrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ghgekabu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gtakddwt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\guniokfp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\gvtbdyov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hjsusend.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hmduipki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hrjmrhjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hrqhdyie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hsojknru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\hvokaakv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\edxrwtpc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\eiutttsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\elbqwtth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\elqxpmjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\emwprppo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\esuhxgic.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\etxmjfcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\evbjppsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\fsleskcs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\fspohofh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\klsptyyh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ljugednl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\lqhrxgxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\lsjpanho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\mbjeyeco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\oyjxnnwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\phnoexke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\plgonqdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\pnegneuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ptkqqbhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\pvridtaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\pxucyhew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qcjjjdcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qdnjblhv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qdnrbsxy.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qemoauao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qfnovnhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qsbbgarc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qvlldiab.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\qyrpnbsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\rfikklxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\twmxlkmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\umlvkhtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\nxfhhkim.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\obtmtmwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\odkbmqwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\oeamvaol.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ofmlqefg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ogstpwco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\ohaokfwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\olgbbvtw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\oocedsue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\tedixttq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\thqhntex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jknlshtl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\kdutxsdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nico\AppData\Local\Temp\jwtupkfj.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
   
Répondre à baggio973

5


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
baggio973, le mercredi 13 août 2008 à 18:25:37
je repost un nouveau log HJT si ca peu aider:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:16, on 13/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Nico\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nico\Desktop\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://f­r.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://f­r.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 9948 bytes
   
Répondre à baggio973

6


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
baggio973, le mercredi 13 août 2008 à 21:17:18
que dois-je faire ensuite?
   
Répondre à baggio973

7


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
 sherred, le jeudi 14 août 2008 à 07:02:28
bon t'a pas fait ce que je t'ai demander mais je vois que MBAM a bien bossé
donc maintenant fait ce que je te dit a la lettre
avant toute chose si ce n'est pas deja fait
Désactiver le Contrôle d'Accès Utilisateur
pour cela
clique sur Comptes d'utilisateurs et protection des utilisateurs puis sur Comptes d'utilisateur. Cliquer sur la mention Activer ou désactiver le contrôle des comptes utilisateurs. Cliquer une dernière fois sur Continuer pour confirmer. Décoche Utiliser le contrôle des comptes utilisateurs pour vous aider à protéger votre ordinateur, clique sur OK puis sur le bouton Redémarrer maintenant.

1er étape
on commence par VundoFix bien que MBAM en a supprimé on ne sait jammais

Télécharge VundoFix sur ton bureau.http://www.atribune.org/ccount/click.php?id=4
Double-clique sur VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
Lorsque le scan est terminé, clique sur le bouton "Remove Vundo".
Une invite te demandera si tu veux supprimer les fichiers, dit oui
le Bureau devrait disparaîte lors de la suppression des fichiers
tu verra ensuite une invite qui t'annoncera que ton PC va s'éteindre (shutdown en anglais) : clique sur OK.

redémarre-le., pour la 2eme étape
ensuite ComboFix pour nettoyer certains fichiers récalcitrants de Vundo
Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau.
Redémarre ton PC en mode sans échec.
Double clique sur ComboFix.exe
Tape sur la touche Y pour démarrer le scan.
ComboFix redémarrera ton PC : suivre les instructions indiquées à l'écran.

puis rePasse un coup de MalwareBytes' Anti-Malware : met-le à jour avant, puis effectue le scan (en mode sans échec) et nettoye tout ce qu'il trouve.

toutes règles absolues est vrai , jusqu'à son contraire ...(sherred)
   
Répondre à sherred
Posez votre question Répondre

Résultats pour Trojan:Win32/Vundo.gen!K

Trojan Downloader : win 32/zlob (Résolu) Bonjour, Une question plus qu'un problème. L'autre jour, au démarrage, une icône est apparue avec ce message "Outil de suppression des logiciels malveillants - Trojan Downloader : win 32/zlob supprimé". Après un scan avec Spybot, Avast et... www.commentcamarche.net/forum/affich-6481735-trojan-downloader-win-32-zlob
Win 32 Rootkit; Gen et VBS MALWARE GEN Help!! (Résolu) Bonjour, j'ai recemment ete infecté par plusieur cochonnerie, en effet Avast detecte WIN 32 rootkit-gen [Rtk] WIN 32 adware-gen [Rtk] Win 32 PureMorph [Cryp] VBS Malware-gen JS: Redirector-b [Trj] WIN32 Trojan-gen {Other} j'ai windows Vista,... www.commentcamarche.net/forum/affich-8439099-win-32-rootkit-gen-et-vbs-malware-gen-help
PC infecté par TROJAN-DOWNLOADER.WIN 32.SMALL (Résolu) Bonjour, Mon Pc est actuellement infecté par 2 trojan-downloader.win 32.small.tnt. J'ai découvert celà en effectuant un scan en ligne via mon fournisseur d'accès Orange. Les 2 fichiers infectés sont: C:\Documents and Setting\ROCHETTE\Local... www.commentcamarche.net/forum/affich-5806230-pc-infecte-par-trojan-downloader-win-32-small

Résultats pour Trojan:Win32/Vundo.gen!K

Infecte par small jmh, jtg ,win 32 adware.gen (Résolu)Bonjour, qui peux m'aider a retiter ces parasites small JMH smallJTG Win 32 adware.gen d"avance merci www.commentcamarche.net/forum/affich-5763077-infecte-par-small-jmh-jtg-win-32-adware-gen
Trojan Dropper Win 32 (Résolu)Bonjour RAV antivirus me trouve dans : C\Windows\Downloaded Programes Files\Live Service.inf-Trojan Dropper:Win 32/Slaif .A Comment faire pour le virer sachant que j'ai passé deux anti trojan emisoft et un autre sans résultat. Merci de me... www.commentcamarche.net/forum/affich-1109201-trojan-dropper-win-32
VIRUS WIN 32 TROJANO 2201 (Résolu)BONJOUR A TOUS , depuis 1 semaine, a chaque ouverture de net avast detecte un virus trojan intitule WIN 32 TROJANO 2201 impossible de le faire disparaitre il revient à chaque mise en quarantaine. une analyse sous avast le detecte je le mets en... www.commentcamarche.net/forum/affich-1853306-virus-win-32-trojano-2201
1 2 3 Suivant