Help! cheval de troie

[Fermé]
Signaler
-
 mattouexpat -
Tout d'abord bonjour à tous et à toutes! :hello:

Malgré tous mes essais je n'arrive pas à supprimer ce satané cheval de troie!
il s'appelle TR/ alureon.19456U.3
et le dll infecté: dans system32 kbiwkmutrxmxur.dll

antivir me le détecte sans arrêt cette bestiole et n'arrive à rien avec! :argh:

J'ai donc besoin de vous!
merci du temps que vous prendrez à m'aider :(

ah oui je tourne sous vista sp1.

55 réponses

Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Salut à toi.

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis .
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.



/!\ Désactive tous tes logiciels de protection /!\


• Télécharge (de sUBs) ComboFix sur ton Bureau.
• Fais un clic-droit sur ComboFix.exe ( pour vista : choisis "Exécuter en temps qu'administrateur".
Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix

Voici le rapport! merci

ComboFix 09-09-16.02 - mattou 17/09/2009 13:27.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1336 [GMT 2:00]
Lancé depuis: c:\users\mattou\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif

.

Overlay interrompu ... Veuillez exécuter ComboFix une nouvelle fois
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-519730844-246697686-1518095664-1001
c:\users\mattou\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\jestertb.dll
c:\windows\system32\drivers\kbiwkmwhoxxltc.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmccyjgqbf


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-17 au 2009-09-17 ))))))))))))))))))))))))))))))))))))
.

2009-09-16 19:45 . 2009-09-16 19:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 12:24 . 2009-09-17 11:35 5951 ----a-w- c:\windows\bthservsdp.dat
2009-09-12 13:59 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-12 13:59 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-12 13:59 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-12 13:59 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-12 13:59 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-12 13:59 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-12 13:59 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-12 13:59 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-12 13:59 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-12 13:59 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-12 13:59 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-12 13:55 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-12 13:11 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-12 13:11 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-12 13:11 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-12 13:11 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-12 13:11 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-12 12:53 . 2009-09-12 12:53 33792 ----a-w- c:\windows\system32\tadnaktptm.exe
2009-09-02 19:19 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 19:19 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:48 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-09-02 17:48 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-09-01 11:34 . 2009-09-01 11:48 -------- d-----w- c:\program files\Trapcode
2009-08-31 16:10 . 2009-08-31 16:10 -------- d-----w- c:\program files\Pedagoguery Software
2009-08-31 16:09 . 1997-01-18 09:40 299520 ----a-w- c:\windows\uninst.exe
2009-08-31 15:31 . 2009-08-31 15:32 -------- d-----w- c:\users\mattou\AppData\Roaming\XnView
2009-08-31 15:31 . 2009-08-31 15:31 -------- d-----w- c:\program files\XnView
2009-08-31 13:17 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2009-08-31 12:44 . 2009-08-31 12:44 -------- d-----w- c:\program files\Lionhead Studios
2009-08-31 08:07 . 2009-09-16 16:21 43 ----a-w- c:\windows\system32\kbiwkmnhoswkap.dat
2009-08-29 13:50 . 2009-08-29 13:50 -------- d-----w- c:\programdata\ALM
2009-08-29 13:33 . 2009-08-29 13:33 -------- d-----w- c:\program files\Adobe Media Player
2009-08-29 13:32 . 2009-08-29 13:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-29 12:08 . 2009-08-29 12:08 19968 ----a-w- c:\windows\system32\kbiwkmhqtiynol.dll
2009-08-29 12:08 . 2009-09-17 11:32 49819 ----a-w- c:\windows\system32\kbiwkmmxorqeoo.dat
2009-08-29 12:08 . 2009-08-29 12:08 44544 ----a-w- c:\windows\system32\kbiwkmrmxfputs.dll
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\users\mattou\AppData\Local\PC_Drivers_Headquarters
2009-08-29 12:02 . 2009-08-29 12:02 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-08-29 12:02 . 2009-08-29 12:02 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-08-27 15:30 . 2009-09-02 14:45 -------- d-----w- c:\programdata\DVD Shrink
2009-08-27 15:30 . 2009-08-27 15:30 -------- d-----w- c:\program files\DVD Shrink
2009-08-27 08:11 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 21:28 . 2009-08-21 21:28 -------- d-----w- c:\program files\Alcohol Soft
2009-08-21 15:09 . 2009-08-21 15:09 -------- d-----w- c:\users\mattou\AppData\Roaming\DMV Technologies
2009-08-21 15:09 . 2009-08-21 15:09 -------- d-----w- c:\users\mattou\AppData\Local\DMV Technologies
2009-08-21 15:07 . 2009-08-21 15:07 -------- d-----w- c:\windows\MaxTV
2009-08-21 15:07 . 2009-08-21 15:07 -------- d-----w- c:\program files\DMV
2009-08-18 12:19 . 2009-08-18 12:19 -------- d-----w- c:\users\mattou\AppData\Roaming\InfraRecorder
2009-08-18 12:19 . 2009-08-18 12:19 -------- d-----w- c:\program files\InfraRecorder

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 11:39 . 2009-02-25 19:07 9 ----a-w- c:\windows\mvraidver.dat
2009-09-17 11:30 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-17 11:30 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-16 20:08 . 2009-07-14 22:10 -------- d-----w- c:\program files\AskTBar
2009-09-16 19:48 . 2009-04-14 16:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-12 15:36 . 2009-02-27 12:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 14:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 14:43 . 2009-03-06 12:10 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 17:48 . 2009-02-26 12:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-02 14:44 . 2009-03-04 17:05 -------- d-----w- c:\users\mattou\AppData\Roaming\dvdcss
2009-09-01 10:36 . 2009-02-25 14:29 102600 ----a-w- c:\users\mattou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-31 12:44 . 2009-02-25 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-31 07:58 . 2009-02-26 12:18 -------- d-----w- c:\programdata\NOS
2009-08-31 07:58 . 2009-02-26 12:18 -------- d-----w- c:\program files\NOS
2009-08-29 13:46 . 2009-02-26 09:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-25 13:54 . 2009-02-25 20:44 -------- d-----w- c:\users\mattou\AppData\Roaming\vlc
2009-08-21 21:12 . 2009-07-14 22:00 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 21:11 . 2009-07-14 22:00 -------- d-----w- c:\program files\Nero
2009-08-21 21:06 . 2009-07-14 22:00 -------- d-----w- c:\programdata\Nero
2009-08-21 20:06 . 2009-02-26 09:10 -------- d-----w- c:\program files\Google
2009-08-18 10:34 . 2009-07-31 15:52 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-17 13:07 . 2009-03-06 12:16 -------- d-----w- c:\program files\Microsoft.NET
2009-07-31 15:52 . 2009-07-31 15:52 -------- d-----w- c:\programdata\Avira
2009-07-31 15:52 . 2009-07-31 15:52 -------- d-----w- c:\program files\Avira
2009-07-22 09:39 . 2009-07-22 09:39 -------- d-----w- c:\program files\MSXML 4.0
2009-07-21 21:52 . 2009-07-30 08:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-17 10:15 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-17 10:15 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-17 10:15 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-17 10:15 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-17 10:15 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-07-14 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-03-16 1822720]

c:\users\mattou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MarvellTrayStartup.lnk - c:\program files\Marvell\61xx\tray\RaidTray.bat [2009-2-25 143]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,b9,e5,ea,b9,ed,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F6F3B3B0-E615-47D7-AF0D-5376B81D0A84}c:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= UDP:c:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{F37E29A9-EDF6-4346-BE64-8F97F27E9BB5}c:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= TCP:c:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{4733CA0A-D032-4878-93E2-09088F652612}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E3804F37-47ED-4BC3-9E12-732F176BCE5D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{05FCFC89-E5C4-4CE2-9CBC-605FE88E67B7}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{21F4A556-9B68-4BE3-B648-FF5E9DBE70AF}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{BA3B3A47-AEC2-4CA6-B624-CB26C6AB6B77}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{51DC9DA7-105C-420C-89BC-ECE6D3E7AF10}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{2B660D17-35B9-41F7-ACB3-9A1F2AD51A97}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E96F6A9E-C9AB-412C-9E96-FDCAB2CD7729}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A1BF0C00-DC69-4E0C-957C-9AAED2E726B3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6D377189-4FCA-441A-B83F-46C4DA77A73C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{72076233-2137-460E-B7D1-69B18D73D602}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7C762881-668A-491D-A745-FD11A9574E85}"= UDP:5353:Adobe CSI CS4
"{BAB34123-3C98-4A4D-A1C3-A3429BE3C4FB}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3B66047F-8A50-492E-B98E-4046F28D0BFF}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A5A64DC7-EF36-497D-B4B5-5B619451592A}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{D9118ECE-B6CF-4CA7-9B67-5B42816C28E9}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{EF003D6E-0332-4A15-AA50-5AC5E71454DD}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{66276677-5D25-4C65-93BC-BFD6AE914117}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{209D7221-9CFD-4F1C-BC6D-80D527BC84D9}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{FF34CB5A-AEB7-4D24-9DAD-67055887B5BE}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{CD4BF0B1-DAF8-4BE6-8655-AB6A830852A0}c:\\program files\\dmv\\maxtv4\\maxtv.exe"= UDP:c:\program files\dmv\maxtv4\maxtv.exe:maxtv
"UDP Query User{4AB29F23-7CC3-4E45-9608-4D414CE06091}c:\\program files\\dmv\\maxtv4\\maxtv.exe"= TCP:c:\program files\dmv\maxtv4\maxtv.exe:maxtv
"{55C5A072-A52C-4F19-B741-A73D5C434A48}"= UDP:3703:Adobe Version Cue CS4 Server
"{AFC65D69-08B0-4ACF-8858-A5152B6F1343}"= UDP:3704:Adobe Version Cue CS4 Server
"{627415C3-90BB-44DE-93E2-4A83C3803949}"= UDP:51000:Adobe Version Cue CS4 Server
"{5161E5F0-AE1D-42CD-8C87-F923EC21FFE6}"= UDP:51001:Adobe Version Cue CS4 Server
"{76C29ABE-096B-42E5-B4AD-3ADE60A1763A}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{7DF51FD4-7551-4202-850F-7B9BFC3E0DB4}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [15/06/2007 09:52 143256]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/07/2009 17:52 108289]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [12/06/2007 20:54 61440]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [23/05/2007 02:17 20539]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI8B39.tmp [02/04/2009 22:35 189688]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [15/06/2009 13:23 604416]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [12/11/2008 15:42 46592]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\System32\drivers\WMP54Gv41x86.sys [12/03/2007 11:00 286208]
S2 AdobeAeLookupSvc;Adobe Version Cue CS4 AdobeAeLookupSvc;c:\windows\system32\tadnaktptm.exe service --> c:\windows\system32\tadnaktptm.exe service [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

2009-09-17 c:\windows\Tasks\User_Feed_Synchronization-{A777FF6F-26E4-4B31-B6A4-F6481FBE4C3B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.tropal.net/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {3C1DEB5E-D0B9-4F6E-99AD-569219189F3C} = 192.168.1.1
TCP: {751CC741-4E91-491C-B225-8672FF3C6999} = 192.168.1.1
FF - ProfilePath - c:\users\mattou\AppData\Roaming\Mozilla\Firefox\Profiles\te9sbtx7.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI8B39.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmccyjgqbf]
"imagepath"="\systemroot\system32\drivers\kbiwkmwhoxxltc.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmccyjgqbf]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\kbiwkmwhoxxltc.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\lxczcoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
.
**************************************************************************
.
Heure de fin: 2009-09-17 13:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-17 11:46

Avant-CF: 58 932 146 176 octets libres
Après-CF: 58 641 166 336 octets libres

289 --- E O F --- 2009-09-15 12:16
ok je recommence!
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Arffffffffffffffffffffffffffffff.

Supprime combofix.exe.

Retélécharge le et au moment ou tu vas l'enregistrer.Tu fais "enregistrer sous" et tu l'enregistre sous : Moi.exe
ComboFix 09-09-16.05 - mattou 17/09/2009 14:16.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1179 [GMT 2:00]
Lancé depuis: c:\users\mattou\Desktop\moi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbiwkmhqtiynol.dll
c:\windows\system32\kbiwkmmxorqeoo.dat
c:\windows\system32\kbiwkmnhoswkap.dat
c:\windows\system32\kbiwkmrmxfputs.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmccyjgqbf
-------\Service_kbiwkmccyjgqbf


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-17 au 2009-09-17 ))))))))))))))))))))))))))))))))))))
.

2009-09-17 12:23 . 2009-09-17 12:26 -------- d-----w- c:\users\mattou\AppData\Local\temp
2009-09-17 12:23 . 2009-09-17 12:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-17 12:23 . 2009-09-17 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-16 19:45 . 2009-09-16 19:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 12:24 . 2009-09-17 12:24 5951 ----a-w- c:\windows\bthservsdp.dat
2009-09-12 13:59 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-12 13:59 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-12 13:59 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-12 13:59 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-12 13:59 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-12 13:59 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-12 13:59 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-12 13:59 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-12 13:59 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-12 13:59 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-12 13:59 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-12 13:55 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-12 13:11 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-12 13:11 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-12 13:11 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-12 13:11 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-12 13:11 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-12 12:53 . 2009-09-12 12:53 33792 ----a-w- c:\windows\system32\tadnaktptm.exe
2009-09-02 19:19 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 19:19 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:48 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-09-02 17:48 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-09-01 11:34 . 2009-09-01 11:48 -------- d-----w- c:\program files\Trapcode
2009-08-31 16:10 . 2009-08-31 16:10 -------- d-----w- c:\program files\Pedagoguery Software
2009-08-31 16:09 . 1997-01-18 09:40 299520 ----a-w- c:\windows\uninst.exe
2009-08-31 15:31 . 2009-08-31 15:32 -------- d-----w- c:\users\mattou\AppData\Roaming\XnView
2009-08-31 15:31 . 2009-08-31 15:31 -------- d-----w- c:\program files\XnView
2009-08-31 13:17 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2009-08-31 12:44 . 2009-08-31 12:44 -------- d-----w- c:\program files\Lionhead Studios
2009-08-29 13:50 . 2009-08-29 13:50 -------- d-----w- c:\programdata\ALM
2009-08-29 13:33 . 2009-08-29 13:33 -------- d-----w- c:\program files\Adobe Media Player
2009-08-29 13:32 . 2009-08-29 13:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\users\mattou\AppData\Local\PC_Drivers_Headquarters
2009-08-29 12:02 . 2009-08-29 12:02 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-08-29 12:02 . 2009-08-29 12:02 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-08-27 15:30 . 2009-09-02 14:45 -------- d-----w- c:\programdata\DVD Shrink
2009-08-27 15:30 . 2009-08-27 15:30 -------- d-----w- c:\program files\DVD Shrink
2009-08-27 08:11 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 21:28 . 2009-08-21 21:28 -------- d-----w- c:\program files\Alcohol Soft
2009-08-21 15:09 . 2009-08-21 15:09 -------- d-----w- c:\users\mattou\AppData\Roaming\DMV Technologies
2009-08-21 15:09 . 2009-08-21 15:09 -------- d-----w- c:\users\mattou\AppData\Local\DMV Technologies
2009-08-21 15:07 . 2009-08-21 15:07 -------- d-----w- c:\windows\MaxTV
2009-08-21 15:07 . 2009-08-21 15:07 -------- d-----w- c:\program files\DMV

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 12:25 . 2009-02-25 19:07 9 ----a-w- c:\windows\mvraidver.dat
2009-09-17 11:30 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-17 11:30 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-16 20:08 . 2009-07-14 22:10 -------- d-----w- c:\program files\AskTBar
2009-09-16 19:48 . 2009-04-14 16:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-12 15:36 . 2009-02-27 12:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 14:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 14:43 . 2009-03-06 12:10 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 17:48 . 2009-02-26 12:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-02 14:44 . 2009-03-04 17:05 -------- d-----w- c:\users\mattou\AppData\Roaming\dvdcss
2009-09-01 10:36 . 2009-02-25 14:29 102600 ----a-w- c:\users\mattou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-31 12:44 . 2009-02-25 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-31 07:58 . 2009-02-26 12:18 -------- d-----w- c:\programdata\NOS
2009-08-31 07:58 . 2009-02-26 12:18 -------- d-----w- c:\program files\NOS
2009-08-29 13:46 . 2009-02-26 09:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-25 13:54 . 2009-02-25 20:44 -------- d-----w- c:\users\mattou\AppData\Roaming\vlc
2009-08-21 21:12 . 2009-07-14 22:00 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 21:11 . 2009-07-14 22:00 -------- d-----w- c:\program files\Nero
2009-08-21 21:06 . 2009-07-14 22:00 -------- d-----w- c:\programdata\Nero
2009-08-21 20:06 . 2009-02-26 09:10 -------- d-----w- c:\program files\Google
2009-08-18 12:19 . 2009-08-18 12:19 -------- d-----w- c:\users\mattou\AppData\Roaming\InfraRecorder
2009-08-18 12:19 . 2009-08-18 12:19 -------- d-----w- c:\program files\InfraRecorder
2009-08-18 10:34 . 2009-07-31 15:52 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-17 13:07 . 2009-03-06 12:16 -------- d-----w- c:\program files\Microsoft.NET
2009-07-31 15:52 . 2009-07-31 15:52 -------- d-----w- c:\programdata\Avira
2009-07-31 15:52 . 2009-07-31 15:52 -------- d-----w- c:\program files\Avira
2009-07-22 09:39 . 2009-07-22 09:39 -------- d-----w- c:\program files\MSXML 4.0
2009-07-21 21:52 . 2009-07-30 08:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-17 10:15 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-17 10:15 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-17 10:15 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-17 10:15 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-17 10:15 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-17_11.42.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-17 12:16 66502 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-17 12:16 87376 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-25 14:31 . 2009-09-17 12:16 10028 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2104872448-43145936-3973383921-1000_UserData.bin
+ 2009-02-25 14:28 . 2009-09-17 12:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-25 14:28 . 2009-09-17 11:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-25 14:28 . 2009-09-17 11:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 14:28 . 2009-09-17 12:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 14:28 . 2009-09-17 12:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-25 14:28 . 2009-09-17 11:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-30 12:57 . 2009-09-17 12:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-30 12:57 . 2009-09-17 11:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-07-14 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]

c:\users\mattou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MarvellTrayStartup.lnk - c:\program files\Marvell\61xx\tray\RaidTray.bat [2009-2-25 143]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,b9,e5,ea,b9,ed,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F6F3B3B0-E615-47D7-AF0D-5376B81D0A84}c:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= UDP:c:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{F37E29A9-EDF6-4346-BE64-8F97F27E9BB5}c:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= TCP:c:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{4733CA0A-D032-4878-93E2-09088F652612}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E3804F37-47ED-4BC3-9E12-732F176BCE5D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{05FCFC89-E5C4-4CE2-9CBC-605FE88E67B7}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{21F4A556-9B68-4BE3-B648-FF5E9DBE70AF}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{BA3B3A47-AEC2-4CA6-B624-CB26C6AB6B77}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{51DC9DA7-105C-420C-89BC-ECE6D3E7AF10}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{2B660D17-35B9-41F7-ACB3-9A1F2AD51A97}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E96F6A9E-C9AB-412C-9E96-FDCAB2CD7729}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A1BF0C00-DC69-4E0C-957C-9AAED2E726B3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6D377189-4FCA-441A-B83F-46C4DA77A73C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{72076233-2137-460E-B7D1-69B18D73D602}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7C762881-668A-491D-A745-FD11A9574E85}"= UDP:5353:Adobe CSI CS4
"{BAB34123-3C98-4A4D-A1C3-A3429BE3C4FB}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3B66047F-8A50-492E-B98E-4046F28D0BFF}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A5A64DC7-EF36-497D-B4B5-5B619451592A}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{D9118ECE-B6CF-4CA7-9B67-5B42816C28E9}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{EF003D6E-0332-4A15-AA50-5AC5E71454DD}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{66276677-5D25-4C65-93BC-BFD6AE914117}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{209D7221-9CFD-4F1C-BC6D-80D527BC84D9}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{FF34CB5A-AEB7-4D24-9DAD-67055887B5BE}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{CD4BF0B1-DAF8-4BE6-8655-AB6A830852A0}c:\\program files\\dmv\\maxtv4\\maxtv.exe"= UDP:c:\program files\dmv\maxtv4\maxtv.exe:maxtv
"UDP Query User{4AB29F23-7CC3-4E45-9608-4D414CE06091}c:\\program files\\dmv\\maxtv4\\maxtv.exe"= TCP:c:\program files\dmv\maxtv4\maxtv.exe:maxtv
"{55C5A072-A52C-4F19-B741-A73D5C434A48}"= UDP:3703:Adobe Version Cue CS4 Server
"{AFC65D69-08B0-4ACF-8858-A5152B6F1343}"= UDP:3704:Adobe Version Cue CS4 Server
"{627415C3-90BB-44DE-93E2-4A83C3803949}"= UDP:51000:Adobe Version Cue CS4 Server
"{5161E5F0-AE1D-42CD-8C87-F923EC21FFE6}"= UDP:51001:Adobe Version Cue CS4 Server
"{76C29ABE-096B-42E5-B4AD-3ADE60A1763A}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{7DF51FD4-7551-4202-850F-7B9BFC3E0DB4}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [15/06/2007 09:52 143256]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/07/2009 17:52 108289]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [12/06/2007 20:54 61440]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [23/05/2007 02:17 20539]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI8B39.tmp [02/04/2009 22:35 189688]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [15/06/2009 13:23 604416]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [12/11/2008 15:42 46592]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\System32\drivers\WMP54Gv41x86.sys [12/03/2007 11:00 286208]
S2 AdobeAeLookupSvc;Adobe Version Cue CS4 AdobeAeLookupSvc;c:\windows\system32\tadnaktptm.exe service --> c:\windows\system32\tadnaktptm.exe service [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

2009-09-17 c:\windows\Tasks\User_Feed_Synchronization-{A777FF6F-26E4-4B31-B6A4-F6481FBE4C3B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.tropal.net/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {751CC741-4E91-491C-B225-8672FF3C6999} = 192.168.1.1
FF - ProfilePath - c:\users\mattou\AppData\Roaming\Mozilla\Firefox\Profiles\te9sbtx7.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 14:25
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI8B39.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5188)
c:\users\mattou\AppData\Local\Temp\catchme.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Lexmark 1200 Series\LXCZbmon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\lxczcoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
.
**************************************************************************
.
Heure de fin: 2009-09-17 14:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-17 12:30
ComboFix2.txt 2009-09-17 11:46

Avant-CF: 58 453 409 792 octets libres
Après-CF: 57 980 272 640 octets libres

299 --- E O F --- 2009-09-15 12:16
un petit up?!
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Bien...


? Télécharge Toolbar-S&D ( Merci à Eric_71, Angel Dark, Sham_Rock et XmichouX ) sur ton Bureau

? Lance l'installation du programme en exécutant le fichier téléchargé.

? Double-clique maintenant sur le raccourci de Toolbar-S&D.

? Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

? Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

? Poste le rapport généré. (C:\TB.txt)

Tuto
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz )
BIOS : BIOS Date: 03/14/08 11:20:57 Ver: 08.00.12
USER : mattou ( Administrator )
BOOT : Normal boot
A:\ (Local Disk) - NTFS - Total:445 Go (Free:105 Go)
B:\ (Local Disk) - NTFS - Total:19 Go (Free:9 Go)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:52 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 17/09/2009|19:12 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\DAEMON Tools Toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.tropal.net/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\mattou\Desktop\BLACK.AND.WHITE.2.KEYGEN-DEViANCE.ShadowCast.rar
C:\Users\mattou\Desktop\Cerise\Adobe CS4 Master Collection Keygen.exe
C:\Users\mattou\Desktop\cl‚\Statsoft Statistica v7.0.61.0 EN\STATISTICA7_CRACK.exe
C:\Users\mattou\Downloads\Burnout.Paradise.The.Ultimate.Box.GENERIC_KEYGEN-FFF.zip
C:\Users\mattou\Downloads\Picture.Album_Master_Collection_Keygen.rar
C:\Users\mattou\Downloads\Windows_7_Ultimate_Keygen_New.rar
C:\Users\mattou\Music\Kanye West Late Registration\08. Kanye West - Crack Music (ft.The Game) .mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 17/09/2009|19:13 - Option : [1]

-----------\\ Fin du rapport a 19:13:56,56
up? kévin05 t'es toujours là? merci en tout cas
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Vire ça :


C:\Users\mattou\Desktop\BLACK.AND.WHITE.2.KEYGEN-DEViANCE.ShadowCast.rar
C:\Users\mattou\Desktop\Cerise\Adobe CS4 Master Collection Keygen.exe
C:\Users\mattou\Desktop\cl‚\Statsoft Statistica v7.0.61.0 EN\STATISTICA7_CRACK.exe
C:\Users\mattou\Downloads\Burnout.Paradise.The.Ultimate.Box.GENERIC_KEYGEN-FFF.zip
C:\Users\mattou\Downloads\Picture.Album_Master_Collection_Keygen.rar
C:\Users\mattou\Downloads\Windows_7_Ultimate_Keygen_New.rar
C:\Users\mattou\Music\Kanye West Late Registration\08. Kanye West - Crack Music (ft.The Game) .mp3


? Relance Toolbar-S&D en double-cliquant sur le raccourci.
? Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression !
? Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
voilà!!
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz )
BIOS : BIOS Date: 03/14/08 11:20:57 Ver: 08.00.12
USER : mattou ( Administrator )
BOOT : Normal boot
A:\ (Local Disk) - NTFS - Total:445 Go (Free:105 Go)
B:\ (Local Disk) - NTFS - Total:19 Go (Free:9 Go)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:52 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 17/09/2009|19:51 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\DAEMON Tools Toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.tropal.net/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 17/09/2009|19:13 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/09/2009|19:51 - Option : [1]

-----------\\ Fin du rapport a 19:51:51,63
après suppression:


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz )
BIOS : BIOS Date: 03/14/08 11:20:57 Ver: 08.00.12
USER : mattou ( Administrator )
BOOT : Normal boot
A:\ (Local Disk) - NTFS - Total:445 Go (Free:105 Go)
B:\ (Local Disk) - NTFS - Total:19 Go (Free:9 Go)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:52 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 17/09/2009|19:53 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Echec ! - C:\Program Files\AskTBar\SrchAstt
Echec ! - C:\Program Files\AskTBar\SrchAstt\1.bin
Echec ! - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
Echec ! - C:\Program Files\AskTBar
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\AskTBar\SrchAstt
Echec ! - C:\Program Files\AskTBar\SrchAstt\1.bin
Echec ! - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
Echec ! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 17/09/2009|19:13 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/09/2009|19:51 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 17/09/2009|19:56 - Option : [2]

-----------\\ Fin du rapport a 19:56:06,88
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Arf.


* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau

(c est le numéro 7 en bas de la page) :

* Double-clique sur OTMoveIt.exe pour le lancer.

* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


:processes
explorer.exe
Firefox.exe
teatimer.exe


:files
C:\Program Files\AskTBar

:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]


# clique sur MoveIt! pour lancer la suppression.

# Le résultat apparaitra dans le cadre "Results".

# Clique sur Exit pour fermer.

# Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

# Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named Firefox.exe was found!
No active process named teatimer.exe was found!
========== FILES ==========
Folder move failed. C:\Program Files\AskTBar\SrchAstt\1.bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar\SrchAstt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes

User: mattou
->Temp folder emptied: 1075496 bytes
->Temporary Internet Files folder emptied: 5844347 bytes
->FireFox cache emptied: 40974658 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 37552345 bytes

Total Files Cleaned = 81,49 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09172009_210035
voilà!
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- A l'écran Disclaimer Choisis "1 months" dans le menu déroulant puis clique sur <continue>.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
Logfile of random's system information tool 1.06 (written by random/random)
Run by mattou at 2009-09-17 21:35:48
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 53 GB (11%) free of 477 GB
Total RAM: 2046 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:21, on 17/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\mattou\AppData\Local\Temp\Rar$EX00.135\u95.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mattou\Desktop\RSIT.exe
C:\Program Files\trend micro\mattou.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: MarvellTrayStartup.lnk = C:\Program Files\Marvell\61xx\tray\RaidTray.bat
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C1DEB5E-D0B9-4F6E-99AD-569219189F3C}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{751CC741-4E91-491C-B225-8672FF3C6999}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Version Cue CS4 AdobeAeLookupSvc (AdobeAeLookupSvc) - Unknown owner - C:\Windows\system32\tadnaktptm.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI8B39.tmp
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
y'a tant de virus que ça?!
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Bien...

Encore 1 ou 2 crasses à virer ;)


--> Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci UsbFix et choisir Exécuter en tant qu'administrateur)

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

voilà kévin merci!
############################## | UsbFix V6.034 |

User : mattou (Administrateurs) # GUIZMO
Update on 17/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 22:38:18 | 17/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled

A:\ -> Disque fixe local # 445,76 Go (105,87 Go free) [Données] # NTFS
B:\ -> Disque fixe local # 20 Go (9,15 Go free) [Nouveau nom] # NTFS
C:\ -> Disque fixe local # 465,76 Go (52,2 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 39,66 Mo (0 Mo free) [IVT2.7.0.13] # CDFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque amovible # 15,12 Go (6,49 Go free) [MATTOU] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
C:\Windows\system32\tadnaktptm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\Installer\MSI8B39.tmp
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\mattou\AppData\Local\Temp\Rar$EX00.135\u95.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\tadnaktptm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

F:\autorun.inf
I:\8dtyjjf.exe
I:\autorun.inf

################## | Registre # Clés Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{8b0553ae-0eaa-11de-bb6a-0022154bc9fa}
shell\AutoRun\command =I:\8dtyjjf.exe
shell\open\Command =I:\8dtyjjf.exe

################## | ! Fin du rapport # UsbFix V6.034 ! |
Messages postés
3636
Date d'inscription
samedi 29 novembre 2008
Statut
Contributeur sécurité
Dernière intervention
13 mai 2010
148
Euh.

Pas de rapport ?

Si tu la posté et qu'elle est pas passé

Fait une alerte à la conciergerie avec ça /!\


Je vais me coucher

A demain

@+
à demain kévin merci beaucoup!!!
salut kévin me revoilà!, bien dormi?