Bonjour,g un probleme avec un trojan proxy win 32 sef g tenter pas mal de truc en vain si quelqu1 pouvait m aider sa m aidrer bien(spy bot,adward,scan avast,a2 qui les a detecter mais ne peut pas les enlever ni mettre en quarentaine,malwrbyte,rien n y fait.help!!!!

Trojan

Réponse 1 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt colle le rapport a suqared et malwarebyte
pour voir les fichiers infectés

puis

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

povredemoi

bs merci de ton aide g virer a2,et si tu m explique coment je pe t envoyer le rapport malwarbyte je suis super nul en informatique si t ai patient je finirer par y arriver.

povredemoi

Version - a-squared Free 4.5
Dernière mise à jour : 15/08/2009 23:54:03

Paramètres des balayages :

Type de numérisation : Scan Rapide
Éléments : Mémoire, Traces, Cookies
Balaye dans les archives : Marche
Analyse heuristique : Arrêt
Balaye dans les ADS : Marche

Début du balayage : 16/08/2009 02:33:54

[5868] C:\Windows\Temp\kripibsvwa.exe Objets détectés : Trojan-Proxy.Win32.Sefbov!IK
[4896] C:\Windows\Temp\kripibsvwa.exe Objets détectés : Trojan-Proxy.Win32.Sefbov!IK

Analysé

Fichiers : 2197
Traces : 535725
Cookies : 41
Processus : 49

Objets trouvés

Fichiers : 0
Traces : 0
Cookies : 0
Processus : 2
Clés de Registre : 0

Fin du balayage : 16/08/2009 02:36:36
Temps du balayage : 0:02:42

[5868] C:\Windows\Temp\kripibsvwa.exe En quarantaine Trojan-Proxy.Win32.Sefbov!IK
[4896] C:\Windows\Temp\kripibsvwa.exe En quarantaine Trojan-Proxy.Win32.Sefbov!IK

En quarantaine

Fichiers : 0
Traces : 0
Cookies : 0

povredemoi

vinfo.txt logfile of random's system information tool 1.06 2009-08-16 23:29:22

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Glary Utilities 2.13.0.686-->"C:\Program Files\Glary Utilities\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC Health Optimizer Free Edition-->"C:\Program Files\PC Health Optimizer Free Edition\unins000.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

=====HijackThis Backups=====

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-16]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

povredemoi

info.txt logfile of random's system information tool 1.06 2009-08-16 23:29:22

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Glary Utilities 2.13.0.686-->"C:\Program Files\Glary Utilities\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC Health Optimizer Free Edition-->"C:\Program Files\PC Health Optimizer Free Edition\unins000.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

=====HijackThis Backups=====

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-16]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

povredemoi

Logfile of random's system information tool 1.06 (written by random/random)
Run by bob at 2009-08-16 23:29:05
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 51 GB (71%) free of 71 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:21, on 16/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bob\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service a2freeAcerMemUsageCheckService (a2freeAcerMemUsageCheckService) - Unknown owner - C:\Windows\TEMP\kripibsvwa.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Réponse 2 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

oui fais tool cleaner qui virera ce qui a été utilisé et non utile pour toi!

Réponse 3 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

povredemoi

ComboFix 09-08-10.06 - bob 17/08/2009 13:58.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1361 [GMT 1:00]
Running from: c:\users\bob\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\2943f6.msi
c:\windows\Installer\29441b.msi
c:\windows\Installer\30447d.msi
c:\windows\system32\kungsffybritxy.dat
c:\windows\TEMP\kripibsvwa.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kungsfxslbmqwm
-------\Legacy_ovfsthbtpvrrctlhcnjifitsmeiwctxncetxxb
-------\Service_kungsfxslbmqwm
-------\Service_ovfsthbtpvrrctlhcnjifitsmeiwctxncetxxb
-------\Service_a2freeAcerMemUsageCheckService

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 11:31 . 2009-08-17 12:36 117760 ----a-w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-16 22:32 -------- d-----w- C:\rsit
2009-08-15 00:35 . 2009-08-15 00:35 91 ----a-w- c:\windows\system32\kbiwkmsetqkfes.dat
2009-08-15 00:25 . 2009-08-15 00:25 19968 ----a-w- c:\windows\system32\kbiwkmbydknnmm.dll
2009-08-15 00:24 . 2009-08-15 01:26 68608 ------w- c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
2009-08-15 00:24 . 2009-08-15 00:40 1528 ----a-w- c:\windows\system32\kbiwkmbocinvxa.dat
2009-08-15 00:24 . 2009-08-15 00:24 42496 ----a-w- c:\windows\system32\kbiwkmfnevqbvm.dll
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-13 09:42 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:23 . 2009-08-10 09:23 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 18:12 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 15:08 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Lavasoft
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 11:16 . 2009-06-02 10:38 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-21 09:00 . 2009-06-17 16:16 -------- d-----w- c:\program files\Paint.NET
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:43 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-06-02 10:38 . 2009-03-13 15:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-20 22:52 . 2009-08-12 15:24 108032 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstcoreelements.dll
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/04/2009 13:02 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 14:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:0038580b
"CheckPort25DateTime"=dword:00384ff4
"CheckPort25Result"=dword:00000001
"CheckNATDateTime"=dword:004dad31
"CheckNATResult"=dword:00000003
"RA"=dword:1e686b59
"RP"=dword:0000f00a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 14:05
ComboFix-quarantined-files.txt 2009-08-17 13:05

Pre-Run: 51 338 739 712 octets libres
Post-Run: 51 140 894 720 octets libres

234 --- E O F --- 2009-08-17 10:44

povredemoi

bj voila c fait.merci jlpjlp

povredemoi

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier kbiwkmbydknnmm.dll_ reçu le 2009.08.18 12:46:55 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 1/41 (2.44%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.1 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2011 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 Trojan:Win32/Alureon.gen!U
NOD32 4344 2009.08.18 -
Norman 6.01.09 2009.08.17 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.13.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 -
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.17 -
Information additionnelle
File size: 19968 bytes
MD5...: 2fcc7e7f612937f775cef0318ced7ae7
SHA1..: e568511387afabff264876065ae5ee289c4e8bea
SHA256: 1f78c6ab9a79d5dc5079e60861842afe7df7b7b6a1f02165ce7b9748dfbf24f3
ssdeep: 384:x8CJXPeX5wwQeBmEzAHa6HECBnr+HzE9ZW2kCvLSrl:x8CJX2pRQgcffv9ZW
+LSr

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1481
timedatestamp.....: 0x4a85adf2 (Fri Aug 14 18:33:22 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x181c 0x1a00 6.52 a2f48af149da681a9aa4ba1f9de7a2e4
.rdata 0x3000 0xffb 0x1000 7.08 fee94a68f82f4110a917fffca8d1f0be
.data 0x4000 0xac1 0xc00 6.77 bb599d73bf43e06beade97bad2cb311c
.rsrc 0x5000 0x116f 0x1200 6.47 c2bae2506023fd6393b7d66785c9e741
.reloc 0x7000 0x34 0x200 0.80 5faf858ca19d1fdb7ddabd41abe43418

( 4 imports )
> kernel32.dll: GetTempPathA, OpenFile, CreateFileW, CallNamedPipeA, GetFileSize, OpenEventW, WriteFileEx, VirtualAllocEx, PostQueuedCompletionStatus, GetVersion, GetSystemDefaultLangID, ResetEvent, VirtualFree, GetProfileSectionA, GetCurrencyFormatW, GetProcAddress, GetEnvironmentVariableA, GetFileInformationByHandle, GetCurrentProcess, CreateDirectoryA, InterlockedExchangeAdd, EndUpdateResourceA, GetComputerNameA, GetLastError, FindResourceA, VirtualAlloc, DosPathToSessionPathA, EraseTape, FreeLibrary, CreateMutexA, TlsSetValue, GetProcessWorkingSetSize
> msvcrt.dll: rand, _filelengthi64, _initterm, _putenv, _CIsqrt, _futime, _fullpath, _strerror, memcpy
> winmm.dll: waveOutGetErrorTextA, mmioSeek, midiOutMessage, mciGetCreatorTask, waveInGetDevCapsW, DriverCallback, waveInGetDevCapsA, mmioSetBuffer, midiOutSetVolume, WOWAppExit
> opengl32.dll: glClipPlane, glColor4f, glGetLightiv, glVertex3sv, glTexSubImage1D, glTexCoord1iv, glVertex3fv, glDebugEntry, glIndexubv, glTexCoordPointer, glClear

( 3 exports )
OxGzqhpXcx, VriQjzhSjmeehEsxumvDp, GzxzSfhfsknRigqyxOb

PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Réponse 4 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

analyse 3 de ces fichiers sur virus total et colle les rapports https://www.virustotal.com/gui/

c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll

povredemoi

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier kbiwkmsetqkfes.dat_ reçu le 2009.08.18 12:42:29 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/41 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.1 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2011 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 -
NOD32 4344 2009.08.18 -
Norman 6.01.09 2009.08.17 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.13.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 -
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.17 -
Information additionnelle
File size: 91 bytes
MD5...: 2b20b570f4b669d69e9bfe9c5c9b755b
SHA1..: 232b5bf3012ee85cf57f1e48b122a7424a08ca6b
SHA256: 0f1aebc9751a9eba643424240b45adedecbc5a9ce75540a103e63ea986fa36fb
ssdeep: 3:am7CQaAjh9B6EGbmgm/edACeB3tl2HnlBXqVwd:aDQhjV6EGseCdB/GlBJd

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Réponse 5 / 31

povredemoi

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier kbiwkmbocinvxa.dat_ reçu le 2009.08.18 12:42:57 (UTC)
Situation actuelle: terminé

Résultat: 1/41 (2.44%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.1 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2005 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 -
NOD32 4344 2009.08.18 -
Norman 2009.08.17 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.13.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 Mal/TDSSConf-A
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.17 -
Information additionnelle
File size: 1528 bytes
MD5 : de06e1ca8629d0178c0a311e946210c8
SHA1 : 2595976464eb98c0b1c373cb99dd48e3413d8754
SHA256: 01a7ac183465f4b345fc0087e9712440f19bb73139142fec3bbf27971cf81fdd
TrID : File type identification
Unknown!
ssdeep: 24:efxxt1hDh//14F0Co2SJI9moAoaPFBLGWbqyFqRRAkXt+wJaHXyUnQZzGll9WA:mxZh/4F0C999moCdtGxRR3BJa3rQZ2WA
PEiD : -
RDS : NSRL Reference Data Set
-

ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Réponse 6 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Collect::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
Driver::
kbiwkmqlsuxwcm
File::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

povredemoi

je doit aussi desactiver les securiter?

povredemoi

ComboFix 09-08-10.06 - bob 17/08/2009 19:28.5.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1295 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\Desktop\cfscript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 18:32 . 2009-08-17 18:32 -------- d-----w- c:\users\bob\AppData\Local\temp
2009-08-17 18:32 . 2009-08-17 18:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-17 18:32 . 2009-08-17 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-17 11:31 . 2009-08-17 18:13 117760 ----a-w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-16 22:32 -------- d-----w- C:\rsit
2009-08-15 00:35 . 2009-08-15 00:35 91 ----a-w- c:\windows\system32\kbiwkmsetqkfes.dat
2009-08-15 00:25 . 2009-08-17 18:25 19968 ----a-w- c:\windows\system32\kbiwkmbydknnmm.dll
2009-08-15 00:24 . 2009-08-17 18:25 42496 ----a-w- c:\windows\system32\kbiwkmfnevqbvm.dll
2009-08-15 00:24 . 2009-08-15 01:26 68608 ------w- c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
2009-08-15 00:24 . 2009-08-15 00:40 1528 ----a-w- c:\windows\system32\kbiwkmbocinvxa.dat
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-13 09:42 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:23 . 2009-08-10 09:23 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 14:27 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 15:08 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Lavasoft
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 11:16 . 2009-06-02 10:38 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-21 09:00 . 2009-06-17 16:16 -------- d-----w- c:\program files\Paint.NET
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:43 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-06-02 10:38 . 2009-03-13 15:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-20 22:52 . 2009-08-12 15:24 108032 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstcoreelements.dll
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/04/2009 13:02 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 19:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:0038580b
"CheckPort25DateTime"=dword:00384ff4
"CheckPort25Result"=dword:00000001
"CheckNATDateTime"=dword:004dad31
"CheckNATResult"=dword:00000003
"RA"=dword:1e686b59
"RP"=dword:0000f00a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 19:35
ComboFix-quarantined-files.txt 2009-08-17 18:35
ComboFix2.txt 2009-08-17 13:05

Pre-Run: 50 488 295 424 octets libres
Post-Run: 50 287 394 816 octets libres

219 --- E O F --- 2009-08-17 10:44

Réponse 7 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

tu as mal fais la procédure du glisser du CFscript (attention aux majuscules) sur combofix

recommence

povredemoi

bs j ai fait comme ecrit,mais quand je le superpose sur combo il demar un scan il ne propose pas de choix (1,2)g fait attention au maj,et g tout desactiver.(g coller toute les lignes en meme temps que tu a envoyer sur le mail)

Réponse 8 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

Collect::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
Driver::
kbiwkmqlsuxwcm
File::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll

--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.

2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt

Réponse 9 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
(de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.

:processes
explorer.exe
:services
kbiwkmqlsuxwcm
:files
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

povredemoi

All processes killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Service\Driver kbiwkmqlsuxwcm not found.

========== FILES ==========
c:\windows\system32\kbiwkmsetqkfes.dat moved successfully.
LoadLibrary failed for c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\kbiwkmbydknnmm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmbydknnmm.dll scheduled to be moved on reboot.
File/Folder c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys not found.
File move failed. c:\windows\system32\kbiwkmbocinvxa.dat scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\kbiwkmfnevqbvm.dll
c:\windows\system32\kbiwkmfnevqbvm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmfnevqbvm.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bob
->Temp folder emptied: 31832 bytes
File delete failed. C:\Users\bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(14)\Content.IE5\EIJRT42X\4;var2=1;var3=58000;var4=;var21=5;var22=1;var23=0;var24=1;var25=0;var26=58194;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=6709349925191124[1] scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1713576 bytes
->FireFox cache emptied: 4972475 bytes

User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,41 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08182009_114937

Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\kbiwkmbydknnmm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmbydknnmm.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\kbiwkmbocinvxa.dat scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\kbiwkmfnevqbvm.dll
c:\windows\system32\kbiwkmfnevqbvm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmfnevqbvm.dll scheduled to be moved on reboot.
File C:\Users\bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(14)\Content.IE5\EIJRT42X\4;var2=1;var3=58000;var4=;var21=5;var22=1;var23=0;var24=1;var25=0;var26=58194;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=6709349925191124[1] not found!
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Réponse 10 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

retente la procédure avec combofix

povredemoi

ComboFix 09-08-18.03 - bob 18/08/2009 14:21.11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1351 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys"
"c:\windows\system32\kbiwkmbocinvxa.dat"
"c:\windows\system32\kbiwkmbydknnmm.dll"
"c:\windows\system32\kbiwkmfnevqbvm.dll"
"c:\windows\system32\kbiwkmsetqkfes.dat"

file zipped: c:\windows\system32\kbiwkmbocinvxa.dat
file zipped: c:\windows\system32\kbiwkmbydknnmm.dll
file zipped: c:\windows\system32\kbiwkmfnevqbvm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\kbiwkmfnevqbvm.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 12:51 . 2009-08-18 12:54 -------- d-----w- c:\users\bob\AppData\Roaming\Lavasoft
2009-08-18 10:41 . 2009-08-18 10:41 -------- d-----w- C:\_OTM
2009-08-17 23:11 . 2009-08-17 23:11 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-17 23:11 . 2009-08-17 23:11 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-17 11:31 . 2009-08-17 22:00 117760 ----a-w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-18 10:08 -------- d-----w- C:\rsit
2009-08-15 00:24 . 2009-08-15 01:26 68608 ------w- c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-13 09:42 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:23 . 2009-08-10 09:23 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 13:11 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Lavasoft
2009-08-18 13:11 . 2009-01-24 12:07 -------- d-----w- c:\program files\Lavasoft
2009-08-17 14:27 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-21 09:00 . 2009-06-17 16:16 -------- d-----w- c:\program files\Paint.NET
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:43 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-05-20 22:52 . 2009-08-12 15:24 108032 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstcoreelements.dll
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 14:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\bob\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP00000059058E27B75F1C8636 524288 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:0038580b
"CheckPort25DateTime"=dword:00384ff4
"CheckPort25Result"=dword:00000001
"CheckNATDateTime"=dword:004dad31
"CheckNATResult"=dword:00000003
"RA"=dword:1e686b59
"RP"=dword:0000f00a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-18 14:28
ComboFix-quarantined-files.txt 2009-08-18 13:28
ComboFix2.txt 2009-08-18 10:18
ComboFix3.txt 2009-08-17 23:06
ComboFix4.txt 2009-08-17 18:35
ComboFix5.txt 2009-08-18 10:23

Pre-Run: 49 812 688 896 octets libres
Post-Run: 49 612 939 264 octets libres

223 --- E O F --- 2009-08-17 10:44
Upload was successful
merci de me donner un peu de temp c sympas

Réponse 11 / 31

Utilisateur anonyme

salut jlpjlp tu veux essayer de lui faire passer mon tool ?

povredemoi

Kill'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30

Microsoft Windows [version 6.0.6001]

19/08/2009 10:01:47,72

Fichiers analysés :
=================

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Windows\iun6002.exe"
C:\Windows\system32\Drivers\kbiwkmqlsuxwcm.sys
C:\Windows\system32\kbiwkmbocinvxa.dat
C:\Windows\system32\kbiwkmsetqkfes.dat
C:\Windows\system32\kbiwkmbydknnmm.dll
C:\Windows\system32\kbiwkmfnevqbvm.dll
C:\Windows\system32\kungsffybritxy.dat
C:\Windows\Temp\_avast4_\unp12133185.tmp
C:\Windows\Temp\_avast4_\unp124767560.tmp
C:\Windows\Temp\_avast4_\unp24849588.tmp

¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

iun6002.exe.Kill'em
kbiwkmbocinvxa.dat.Kill'em
kbiwkmbydknnmm.dll.Kill'em
kbiwkmfnevqbvm.dll.Kill'em
kbiwkmqlsuxwcm.sys.Kill'em
kbiwkmsetqkfes.dat.Kill'em
kungsffybritxy.dat.Kill'em
unp12133185.tmp.Kill'em
unp124767560.tmp.Kill'em
unp24849588.tmp.Kill'em

¤¤¤¤¤¤¤¤¤¤ Verification :

List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30

Microsoft Windows [version 6.0.6001]

19/08/2009 10:02:28,65

Infections :
========

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgGlUAD_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 12 / 31

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

oui bien sûr tu peux le faire passer car je ne suis pas chez moi et donc je ne j'ai pas sous la main

Réponse 13 / 31

Utilisateur anonyme

ok povredemoi :

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

Redemarre en mode sans echec

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse

povredemoi

bs gene hackman et merci de me filler un coup de main.comme tu a pu le lire je ne suis pas douer en informatique demarer en mode sans echec je fait comment.merci

povredemoi

alors g fait comme tu a dit sa a bien fait le scan mais ne ma donner aucun raport a la fin du scan plus rien

povredemoi

List'em by g3n-h@ckm@n 1.0.2.6

updated on 19.08.2009 ::::: 13.00

Microsoft Windows [version 6.0.6001]

18/08/2009 23:52:01,61

Infections :
========

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Windows\iun6002.exe"
C:\Windows\system32\Drivers\kbiwkmqlsuxwcm.sys

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

povredemoi Messages postés 2 Statut Membre

je vous remercie bocoup de m avoire aider et d avoir ete patient.

Réponse 14 / 31

Utilisateur anonyme

oui je vens de corriger un beug dessus

supprime le , retelecharge-le et repasse l'opyion1 stp

povredemoi

g retrouver le raport je les coller.sinon pour le retelecharger il me fodrait le lien

Réponse 15 / 31

Utilisateur anonyme

https://forums.commentcamarche.net/forum/affich-13930636-trojan#27

povredemoi

List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30

Microsoft Windows [version 6.0.6001]

19/08/2009 1:38:40,81

Infections :
========

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Windows\iun6002.exe"
C:\Windows\system32\Drivers\kbiwkmqlsuxwcm.sys
C:\Windows\system32\kbiwkmbocinvxa.dat
C:\Windows\system32\kbiwkmsetqkfes.dat
C:\Windows\system32\kbiwkmbydknnmm.dll
C:\Windows\system32\kbiwkmfnevqbvm.dll
C:\Windows\system32\kungsffybritxy.dat
C:\Windows\Temp\_avast4_\unp12133185.tmp
C:\Windows\Temp\_avast4_\unp124767560.tmp
C:\Windows\Temp\_avast4_\unp24849588.tmp

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

A2FREE.EXE-86BF1460.pf
AAWDRIVERTOOL.EXE-76B8E527.pf
AAWSERVICE.EXE-FA222F6E.pf
AAWTRAY.EXE-75D4AE19.pf
ACER.EMPOWERING.FRAMEWORK.SUP-54963495.pf
AD-AWARE.EXE-BA4C6C7E.pf
AD-AWAREADMIN.EXE-6DA58883.pf
AD-AWAREAE.EXE-172563EC.pf
AD-AWAREAE[1].EXE-D96628A1.pf
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgGlUAD_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgRobust.db
ASHLOGV.EXE-25C12DE9.pf
ATBROKER.EXE-2E15A492.pf
AU_.EXE-C269544C.pf
AVAST.SETUP-499863F4.pf
CACLS.EXE-D332D70E.pf
CCC.EXE-AE792174.pf
CCLEANER.EXE-D4D76A60.pf
CDMKR32.EXE-3BB1E0CC.pf
CLEANMGR.EXE-E3C5E89D.pf
CONIME.EXE-9781FD5F.pf
CONSENT.EXE-531BD9EA.pf
CONTROL.EXE-817F8F1D.pf
CSC.EXE-A3B8D95D.pf
CVTRES.EXE-069169FB.pf
DEFRAG.EXE-588F90AD.pf
DFRGNTFS.EXE-7E4077FE.pf
DISKANALYSIS.EXE-E154FC70.pf
DISKCARE.EXE-C9D28D6E.pf
DISKDEFRAG.EXE-9C5F4FC0.pf
DLLHOST.EXE-4F28A26F.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-7FAA2E4C.pf
DLLHOST.EXE-B2EB1806.pf
DOCMEMOPT.EXE-CD96EE00.pf
DOCTORSPYWARECLEANER.EXE-AEF4EFDD.pf
DOCUNINS.EXE-7423DCB7.pf
DRVINST.EXE-4CB4314A.pf
DUPEFINDER.EXE-E89C3C33.pf
DWM.EXE-6FFD3DA8.pf
EFF.EXE-BF8C0EDA.pf
EXPLORER.EXE-A80E4F97.pf
FIREFOX.EXE-A606B53C.pf
FLASHUTIL10B.EXE-06DAF439.pf
GSD.EXE-A2AD81DE.pf
GSD.EXE-C1AF7853.pf
HELPPANE.EXE-FEDC965B.pf
HIJACKTHIS.EXE-9FD56571.pf
IEHELPER.EXE-FD88BD93.pf
IEUSER.EXE-7C0FE221.pf
IEXPLORE.EXE-908C99F8.pf
INITIALIZE.EXE-7DCDC37F.pf
INTEGRATOR.EXE-84638148.pf
JAVA.EXE-E27B75C2.pf
JUNKCLEANER.EXE-492EE8BA.pf
JUNKCLEANER.EXE-54221B5F.pf
Layout.ini
LOGON.SCR-30601369.pf
LOGONUI.EXE-09140401.pf
MAININTEGRATOR.EXE-8749C974.pf
MBAM.EXE-305FF92C.pf
MFPMP.EXE-26F35380.pf
MOBSYNC.EXE-C5E2284F.pf
MPCMDRUN.EXE-F401FBB4.pf
MRT.EXE-851529F7.pf
MRTSTUB.EXE-D8E14132.pf
MSIEXEC.EXE-A2D55CB6.pf
MSPAINT.EXE-76E10B24.pf
NOTEPAD.EXE-D8414F97.pf
NOTEPAD.EXE-EA1C5CFA.pf
NTOSBOOT-B00DFAAD.pf
OLRSTATECHECK.EXE-98B029F3.pf
PCMSERVICE.EXE-5CE85DE2.pf
PfSvPerfStats.bin
POQEXEC.EXE-B329ADB0.pf
PREVHOST.EXE-4F1C4E0F.pf
PRIVACYCLEANER.EXE-0DEFDEF0.pf
PRODUCER.EXE-E03599CA.pf
ReadyBoot
REGCLEAN.EXE-09F65215.pf
REGEDIT.EXE-90FEEA06.pf
REGREPAIR.EXE-772FD0CA.pf
RUNDLL32.EXE-01E7BA70.pf
RUNDLL32.EXE-1487BC97.pf
RUNDLL32.EXE-15EF7AA5.pf
RUNDLL32.EXE-1ECC2819.pf
RUNDLL32.EXE-230FC512.pf
RUNDLL32.EXE-33BDAF18.pf
RUNDLL32.EXE-41CD37D2.pf
RUNDLL32.EXE-4EE10C7D.pf
RUNDLL32.EXE-61BAABC9.pf
RUNDLL32.EXE-6D2968F1.pf
RUNDLL32.EXE-AAB1BBB5.pf
RUNDLL32.EXE-AC3538E7.pf
RUNDLL32.EXE-B7141989.pf
RUNDLL32.EXE-C77C2362.pf
SEARCHFILTERHOST.EXE-4928796B.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHINDEXER.EXE-4A6353B9.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SETUP.OVR-34368674.pf
SHREDDER.EXE-9A847692.pf
SHREDDER.EXE-BBF79D85.pf
SNDVOL.EXE-5D4CC7D6.pf
SPYBOTSD.EXE-DC433942.pf
SSUPDATE.EXE-9F728B8D.pf
SSVAGENT.EXE-42E515EF.pf
SSVAGENT.EXE-D0A26E22.pf
STARTUP.EXE-C7BA14FC.pf
SVCHOST.EXE-7CFEDEA3.pf
TASKENG.EXE-48D4E289.pf
TRACKSERASER.EXE-88174AF7.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UNINSTALL.EXE-AEDCFE07.pf
UNSECAPP.EXE-A02905A6.pf
USERINIT.EXE-2257A3E7.pf
VERCLSID.EXE-7C52E31C.pf
VISTHAUX.EXE-5E9328A9.pf
VLC-0.9.9-WIN32[1].EXE-D2E3A9F8.pf
VLC.EXE-A11F73EE.pf
VSSVC.EXE-B8AFC319.pf
WERCON.EXE-E36BD04E.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WINCAL.EXE-0681BC65.pf
WINDOWS-KB890830-V2.9-DELTA.E-FDEE779C.pf
WINSTD.EXE-344A5252.pf
WISEREGISTRYCLEANER.EXE-814F73AC.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WSQMCONS.EXE-118B52B7.pf
WUAUCLT.EXE-70318591.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 16 / 31

Utilisateur anonyme

Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse

povredemoi

List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30

Microsoft Windows [version 6.0.6001]

19/08/2009 10:02:28,65

Infections :
========

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgGlUAD_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 17 / 31

Utilisateur anonyme

Télécharge OTL de OLDTimer

▶ enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".

povredemoi

apparament le lien que tu ma donner et en maintenance je te le poste ici?

Réponse 18 / 31

Utilisateur anonyme

oui tant pis , alors dans ce cas , coupe OTL.txt en deux

povredemoi

OTL Extras logfile created on: 19/08/2009 15:59:48 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\bob\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 44,10 Gb Free Space | 63,21% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BOB
Current User Name: bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (All) ==========/color

[color=#E56717]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = ] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========/color

[color=#E56717]========== Vista Active Open Ports Exception List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10FD5BE3-26E5-4361-BABC-4A86A9CB101D}" = rport=445 | protocol=6 | dir=out | app=system |
"{48E642FF-5D65-44C1-AD69-A56DA6C8CF1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{56BE724B-1303-4A93-B330-825A62D1F79B}" = rport=139 | protocol=6 | dir=out | app=system |
"{66ACC543-07BE-4A87-8E03-A53E53AE9F0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B645F69-DA42-470A-BC39-3D48558D90DC}" = rport=138 | protocol=17 | dir=out | app=system |
"{97B9E778-D9C0-4D0C-B51B-71D05D3D43A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC743461-8C98-4267-9991-0461FECB26CA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC1D970B-8AF7-4405-86BE-3937D42494AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0300A96-AC29-4EBF-A56B-84724C4A7D9B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F26B621E-1173-4300-A566-F074A4B0F837}" = lport=138 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6EF69F-0E72-4A95-8AB9-59908FA02D3F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47BB3072-54CA-4E3B-898A-011845FBA19D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{489E6873-0E43-4490-97CD-55189E86BC02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}" = protocol=6 | dir=in | app=c:\program files\moovida\moovida.exe |
"{ACAA56E4-FE6D-4843-B638-906E3533320E}" = protocol=17 | dir=in | app=c:\program files\moovida\moovida.exe |
"{C3ED31E4-5457-4D0C-8714-8A831D5F8AA7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"UDP Query User{F36003EB-EA09-4F4F-8E39-4C8E14870C07}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00381AD3-CD59-D060-1863-E1931CF7EFA8}" = CCC Help Finnish
"{0D8753BC-F497-5ACF-44AF-AD67E5D00A9C}" = CCC Help English
"{1407F8A7-5BCE-C139-4EFD-93277F280F48}" = ccc-utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management
"{2EB715C1-786B-8B37-FDF9-0B4844AB5642}" = Catalyst Control Center Localization Spanish
"{3281291B-7AE8-6550-0AE9-7383919A1880}" = CCC Help Italian
"{35198E46-B990-F8A3-EAC6-7E079F040224}" = Catalyst Control Center Localization German
"{3D91E4E6-E653-5418-C2DE-697392F0E901}" = Catalyst Control Center Graphics Full Existing
"{4A5E2D64-C7CF-D0FC-9527-67D2510B9839}" = CCC Help Norwegian
"{4CCCB69A-E62C-D5C9-D2F4-BCDD66D5370A}" = CCC Help Japanese
"{5D20A864-DFE2-1A19-DB14-6F12399EE879}" = Catalyst Control Center Localization Danish
"{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6FA7DE6D-6569-3400-CEA2-09478C891C5E}" = Catalyst Control Center Localization Norwegian
"{6FF1E62C-7FC2-DCAD-6016-5CE6528AF325}" = CCC Help Swedish
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{76BD2250-898A-40C0-385D-8FB02741CF75}" = Catalyst Control Center Localization Finnish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{818B4951-8169-9613-C354-2398FC2839E6}" = Catalyst Control Center Graphics Full New
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}" = Paint.NET v3.08
"{879D0F0E-A889-ADDD-2CBE-223E75D9B0A1}" = CCC Help Danish
"{8F52BC87-2029-464D-C1C1-7BCFB16482D3}" = Catalyst Control Center Localization French
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{953A6D3D-1CA6-3C0F-CC45-9E62B87A5751}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2235F18-B173-B573-8CFB-D02EAFDD89C0}" = CCC Help Spanish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{C4EAEA25-443B-B846-2A62-A4C584277FB6}" = ccc-core-static
"{C9CBBBA9-7A9E-0F39-5085-B541EACC52D7}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF82DD9-B49B-1474-8A85-C3AE5CCD5602}" = Catalyst Control Center Localization Japanese
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DFCC820E-4A31-3B88-C3FC-1CE6E93A313F}" = CCC Help Dutch
"{E647747F-6933-AF55-F413-F6C3B719A0D2}" = CCC Help French
"{E82DA8EA-4451-D48B-B212-64723027EB5E}" = Catalyst Control Center Localization Italian
"{ED935A3D-C413-8455-27E4-5799376E7F11}" = Catalyst Control Center Localization Dutch
"{F03CC256-7D39-3043-5D81-40E7636DBC1A}" = Catalyst Control Center Graphics Previews Vista
"{F2FCE785-C9E7-2F06-964A-C66F5B49BA97}" = Skins
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F964B470-B0CE-4264-150A-910BBD0AAC4E}" = Catalyst Control Center Core Implementation
"{FBA01CB8-BDE5-2CF8-D9B2-1FFEEB3803A4}" = Catalyst Control Center Localization Swedish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Glary Utilities_is1" = Glary Utilities 2.13.0.686
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"PC Health Optimizer Free Edition_is1" = PC Health Optimizer Free Edition
"Revo Uninstaller" = Revo Uninstaller 1.83

[color=#E56717]========== HKEY_USERS Uninstall List ==========/color

[HKEY_USERS\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search

[color=#E56717]========== Last 10 Event Log Errors ==========/color

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Réponse 19 / 31

Utilisateur anonyme

oui je voulais dire mets les en plusieurs parties mais entiers au final !!

povredemoi

vous l avez reçue entierement?

povredemoi

je suis entrain de refaire un scan avec a2 g 4 virus suplementaire du cout sa m en fait 6 .2trojan win 32 alureon ik et 4 trojan downloader win32 bredolabik

Réponse 20 / 31

Utilisateur anonyme

oui ok ca c'est "extras" fais pareil avec OTL.txt stp

povredemoi

[color=#E56717]========== Win32 Services (All) ==========[/color]

SRV - [2007/04/16 17:48:12 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2006/11/02 10:46:02 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc [Auto | Running])
SRV - [2008/01/19 08:33:01 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\alg.exe -- (ALG [On_Demand | Stopped])
SRV - [2008/01/19 08:33:43 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appinfo.dll -- (Appinfo [On_Demand | Running])
SRV - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/08/13 22:53:32 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2008/01/19 08:33:45 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Audiosrv.dll -- (AudioEndpointBuilder [Auto | Running])
SRV - [2008/01/19 08:33:45 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Audiosrv.dll -- (Audiosrv [Auto | Running])
SRV - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/05/28 04:17:25 | 00,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bfe.dll -- (BFE [Auto | Running])
SRV - [2008/01/19 08:36:13 | 00,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll -- (BITS [Auto | Running])
SRV - [2008/01/19 08:33:49 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browser.dll -- (Browser [Auto | Running])
SRV - [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll -- (CertPropSvc [Unknown | Stopped])
SRV - [2007/01/12 20:25:28 | 00,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/12 20:25:28 | 00,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2006/11/02 10:45:02 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
SRV - [2008/01/19 08:34:00 | 00,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc [Auto | Running])
SRV - [2009/03/03 05:39:32 | 00,551,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (DcomLaunch [Unknown | Running])
SRV - [2008/01/19 08:34:03 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running])
SRV - [2008/01/19 08:34:05 | 00,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache [Auto | Running])
SRV - [2008/01/19 08:34:05 | 00,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll -- (dot3svc [On_Demand | Stopped])
SRV - [2008/01/19 08:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
SRV - [2008/01/19 08:34:08 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eapsvc.dll -- (EapHost [On_Demand | Stopped])
SRV - [2007/04/25 15:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service [Auto | Stopped])
SRV - [2008/06/26 04:29:02 | 00,565,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt [Auto | Running])
SRV - [2007/07/03 10:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Disabled | Stopped])
SRV - [2008/04/18 06:48:39 | 00,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll -- (EventSystem [Auto | Running])
SRV - [2008/01/19 08:34:21 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdPHost.dll -- (fdPHost [On_Demand | Stopped])
SRV - [2006/11/02 10:46:04 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdrespub.dll -- (FDResPub [On_Demand | Stopped])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/01/19 08:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
SRV - [2006/11/02 10:46:05 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll -- (hidserv [Auto | Running])
SRV - [2008/01/19 08:34:36 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmsvc.dll -- (hkmsvc [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/05/28 04:19:32 | 00,438,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ikeext.dll -- (IKEEXT [On_Demand | Stopped])
SRV - [2008/01/19 08:34:34 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipbusenum.dll -- (IPBusEnum [On_Demand | Stopped])
SRV - [2008/01/19 08:34:34 | 00,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc [Auto | Running])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (KeyIso [On_Demand | Stopped])
SRV - [2008/01/19 08:34:56 | 00,344,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtckrm.dll -- (KtmRm [Auto | Running])
SRV - [2008/01/19 08:36:36 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll -- (LanmanServer [Auto | Running])
SRV - [2009/06/10 13:12:29 | 00,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation [Auto | Running])
SRV - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/19 08:34:42 | 00,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc [On_Demand | Stopped])
SRV - [2006/11/02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lmhsvc.dll -- (lmhosts [Auto | Running])
SRV - [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmcss.dll -- (MMCSS [Auto | Running])
SRV - [2008/01/19 08:34:53 | 00,393,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpssvc.dll -- (MpsSvc [Auto | Running])
SRV - [2008/01/19 08:33:16 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtc.exe -- (MSDTC [Unknown | Stopped])
SRV - [2008/01/19 08:34:35 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI [On_Demand | Stopped])
SRV - [2008/01/19 08:33:16 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe -- (msiserver [On_Demand | Stopped])
SRV - [2008/01/19 08:36:12 | 00,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qagentRT.dll -- (napagent [On_Demand | Stopped])
SRV - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2008/01/19 08:35:36 | 00,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netman.dll -- (Netman [On_Demand | Running])
SRV - [2008/01/19 08:35:36 | 00,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll -- (netprofm [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/01/19 08:35:38 | 00,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlasvc.dll -- (NlaSvc [Auto | Running])
SRV - [2008/01/19 08:35:57 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsisvc.dll -- (nsi [Auto | Running])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (p2psvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:03 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcasvc.dll -- (PcaSvc [Auto | Running])
SRV - [2008/01/19 08:36:06 | 01,502,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pla.dll -- (pla [On_Demand | Stopped])
SRV - [2008/01/19 08:36:45 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay [Auto | Running])
SRV - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg [On_Demand | Stopped])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc [On_Demand | Stopped])
SRV - [2008/06/19 04:31:48 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipsecsvc.dll -- (PolicyAgent [On_Demand | Stopped])
SRV - [2008/01/19 08:36:11 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll -- (ProfSvc [Auto | Running])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (ProtectedStorage [On_Demand | Running])
SRV - [2008/01/19 08:36:14 | 00,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qwave.dll -- (QWAVE [On_Demand | Stopped])
SRV - [2008/01/19 08:36:15 | 00,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasauto.dll -- (RasAuto [On_Demand | Stopped])
SRV - [2008/01/19 08:36:15 | 00,260,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll -- (RasMan [On_Demand | Stopped])
SRV - [2008/01/19 08:34:53 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mprdim.dll -- (RemoteAccess [Disabled | Stopped])
SRV - [2008/01/19 08:36:16 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry [Disabled | Stopped])
SRV - [2007/01/12 14:26:10 | 00,262,247 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/11/02 10:45:21 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\locator.exe -- (RpcLocator [On_Demand | Stopped])
SRV - [2009/03/03 05:39:32 | 00,551,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (SamSs [Auto | Running])
SRV - [2008/08/14 13:39:56 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/01/19 08:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
SRV - [2008/01/19 08:36:19 | 00,596,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll -- (Schedule [Unknown | Stopped])
SRV - [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll -- (SCPolicySvc [Unknown | Stopped])
SRV - [2008/01/19 08:36:20 | 00,104,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SDRSVC.dll -- (SDRSVC [On_Demand | Stopped])
SRV - [2008/01/19 08:36:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\seclogon.dll -- (seclogon [On_Demand | Stopped])
SRV - [2008/01/19 08:36:21 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sens.dll -- (SENS [Auto | Running])
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/01/19 08:36:21 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sessenv.dll -- (SessionEnv [On_Demand | Stopped])
SRV - [2008/01/19 08:34:34 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess [Disabled | Stopped])
SRV - [2008/01/19 08:36:30 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection [Auto | Running])
SRV - [2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
SRV - [2008/01/19 08:36:30 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify [On_Demand | Stopped])
SRV - [2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
SRV - [2008/01/19 08:33:32 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe -- (Spooler [Auto | Running])
SRV - [2008/01/19 08:36:36 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV [On_Demand | Running])
SRV - [2008/01/19 08:36:36 | 00,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:53 | 00,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll -- (stisvc [Auto | Running])
SRV - [2008/01/19 08:36:37 | 00,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll -- (swprv [On_Demand | Stopped])
SRV - [2008/01/19 08:36:38 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll -- (SysMain [Auto | Running])
SRV - [2006/11/02 13:34:40 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TabSvc.dll -- (TabletInputService [Auto | Running])
SRV - [2008/01/19 08:36:39 | 00,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll -- (TapiSrv [On_Demand | Running])
SRV - [2008/01/19 08:36:39 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tbssvc.dll -- (TBS [Auto | Stopped])
SRV - [2008/01/19 08:36:39 | 00,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll -- (TermService [Auto | Running])
SRV - [2008/01/19 08:36:30 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll -- (Themes [Auto | Running])
SRV - [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmcss.dll -- (THREADORDER [On_Demand | Stopped])
SRV - [2008/01/19 08:36:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\trkwks.dll -- (TrkWks [Auto | Running])
SRV - [2008/01/19 08:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
SRV - [2008/01/19 08:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
SRV - [2008/01/19 08:36:46 | 00,259,072 | ---- | M (Microsoft Corporation) -- C:\Windows\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
SRV - [2008/01/19 08:36:47 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll -- (UxSms [Auto | Running])
SRV - [2008/01/19 08:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
SRV - [2008/01/19 08:33:34 | 01,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [2008/01/19 08:36:48 | 00,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll -- (W32Time [Auto | Running])
SRV - [2008/01/19 08:36:49 | 00,412,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc [On_Demand | Stopped])
SRV - [2006/11/02 10:46:13 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService [On_Demand | Stopped])
SRV - [2008/01/19 08:36:50 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll -- (WdiServiceHost [Unknown | Stopped])
SRV - [2008/01/19 08:36:50 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll -- (WdiSystemHost [Unknown | Running])
SRV - [2008/01/19 08:36:52 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webclnt.dll -- (WebClient [On_Demand | Stopped])
SRV - [2008/01/19 08:36:52 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecsvc.dll -- (Wecsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:52 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport [On_Demand | Stopped])
SRV - [2008/09/18 05:56:07 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerSvc.dll -- (WerSvc [Auto | Running])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/12/06 05:42:11 | 00,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:59 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt [Auto | Running])
SRV - [2008/01/19 08:37:11 | 00,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll -- (WinRM [On_Demand | Stopped])
SRV - [2008/01/19 08:36:57 | 00,513,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll -- (Wlansvc [On_Demand | Stopped])
SRV - [2008/01/19 08:33:39 | 00,137,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv [On_Demand | Stopped])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/01/19 08:37:08 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc [On_Demand | Stopped])
SRV - [2008/01/19 08:37:08 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum [Auto | Running])
SRV - [2008/01/19 08:37:10 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll -- (wscsvc [Auto | Running])
SRV - [2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
SRV - [2008/10/16 22:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll -- (wuauserv [Auto | Running])
SRV - [2008/01/19 08:37:12 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc [Auto | Running])
SRV - [2009/07/26 10:50:20 | 01,864,824 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])

Trojan

31 réponses

Votre réponse

Discussions similaires

Newsletters