Sujet Précédent Sujet Suivant

Win32:Malware-gen

Fermé
kLxKo - 2 nov. 2009 à 23:29
 Utilisateur anonyme - 5 nov. 2009 à 12:51
Bonjour,

Voila mon problème ,Avast détecte environ toute les 10minute se virus.

Win32:Malware-gen

J'ai essayer de le supprimé,mettre en quarantaine il revient a chaque fois.
J'ai scanner avec Malwarebytes Anti-Malware il m'a trouvé 3 fichier infecté et j'ai refait un scan après les avoir supprimé il a trouvé 0 fichier détecté.

Rapport de HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:22, on 02/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Steam\Steam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\klxko\Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WSD] "C:\ProgramData\895c5a6\WS895c.exe" /s
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1ca492da07c7378) (gupdate1ca492da07c7378) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

5 réponses

Réponse 1 / 5
Utilisateur anonyme
3 nov. 2009 à 01:04
mmmhhh!!!! ca sent le virtumonde
0
Réponse 2 / 5
kLxKo
3 nov. 2009 à 11:44
...
0
Réponse 3 / 5
Utilisateur anonyme
3 nov. 2009 à 17:40
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse
0
kLxKo
4 nov. 2009 à 19:03
Bon enfaite il es revenu se virus.Jessaye se que tu ma di et je te dit
0
Réponse 4 / 5
Utilisateur anonyme
4 nov. 2009 à 19:09
ok ;)
0
kLxKo
4 nov. 2009 à 19:41
List'em by g3n-h@ckm@n 1.0.4.8

Thx to Chiquitine29.....

User : klxko (Administrateurs) # PC-DE-KLXKO
Update on 29/10/2009 by g3n-h@ckm@n ::::: 18.30
Start at: 19:29:49 | 04/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1229 [VPS 090103-1] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local | 293,33 Go (151,38 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 293,08 Go (292,98 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 647,8 Mo (0 Mo free) [CZERO] | CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

Nom de l'image PID Nom de la sessio Num‚ro de s Utilisation
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 Ko
System 4 Services 0 15ÿ468 Ko
smss.exe 460 Services 0 832 Ko
csrss.exe 528 Services 0 6ÿ220 Ko
wininit.exe 576 Services 0 5ÿ636 Ko
csrss.exe 584 Console 1 10ÿ508 Ko
services.exe 624 Services 0 8ÿ520 Ko
lsass.exe 636 Services 0 10ÿ332 Ko
lsm.exe 644 Services 0 5ÿ756 Ko
winlogon.exe 672 Console 1 7ÿ056 Ko
svchost.exe 836 Services 0 12ÿ580 Ko
nvvsvc.exe 892 Services 0 4ÿ340 Ko
svchost.exe 920 Services 0 8ÿ264 Ko
svchost.exe 988 Services 0 42ÿ308 Ko
svchost.exe 1060 Services 0 14ÿ776 Ko
svchost.exe 1132 Services 0 75ÿ356 Ko
svchost.exe 1164 Services 0 59ÿ704 Ko
audiodg.exe 1216 Services 0 20ÿ660 Ko
svchost.exe 1280 Services 0 6ÿ240 Ko
SLsvc.exe 1356 Services 0 12ÿ904 Ko
rundll32.exe 1412 Console 1 7ÿ436 Ko
svchost.exe 1432 Services 0 13ÿ732 Ko
svchost.exe 1532 Services 0 17ÿ400 Ko
aswUpdSv.exe 1768 Services 0 664 Ko
ashServ.exe 1784 Services 0 30ÿ228 Ko
dwm.exe 1880 Console 1 86ÿ528 Ko
explorer.exe 1912 Console 1 63ÿ676 Ko
spoolsv.exe 1204 Services 0 11ÿ896 Ko
taskeng.exe 1208 Console 1 11ÿ320 Ko
MSASCui.exe 1460 Console 1 10ÿ060 Ko
RtHDVCpl.exe 1488 Console 1 8ÿ504 Ko
SysMonitor.exe 1504 Console 1 5ÿ740 Ko
svchost.exe 1656 Services 0 21ÿ436 Ko
eDSLoader.exe 1840 Console 1 15ÿ032 Ko
rundll32.exe 2056 Console 1 6ÿ104 Ko
taskeng.exe 2072 Services 0 6ÿ416 Ko
nvraidservice.exe 2172 Console 1 6ÿ732 Ko
razerhid.exe 2220 Console 1 8ÿ592 Ko
OpWareSE4.exe 2284 Console 1 4ÿ200 Ko
realsched.exe 2304 Console 1 276 Ko
ashDisp.exe 2316 Console 1 8ÿ692 Ko
iTunesHelper.exe 2392 Console 1 10ÿ324 Ko
jusched.exe 2408 Console 1 4ÿ276 Ko
ehtray.exe 2472 Console 1 1ÿ616 Ko
GoogleToolbarNotifier.exe 2576 Console 1 2ÿ436 Ko
soffice.exe 2760 Console 1 3ÿ928 Ko
ehmsas.exe 2876 Console 1 5ÿ400 Ko
soffice.bin 2936 Console 1 23ÿ828 Ko
razertra.exe 3164 Console 1 5ÿ996 Ko
eRAgent.exe 3292 Console 1 6ÿ676 Ko
razerofa.exe 3304 Console 1 4ÿ512 Ko
MemCheck.exe 3528 Services 0 6ÿ380 Ko
AppleMobileDeviceService. 3608 Services 0 5ÿ348 Ko
mDNSResponder.exe 3620 Services 0 5ÿ688 Ko
eDSService.exe 3648 Services 0 5ÿ256 Ko
ijplmsvc.exe 3852 Services 0 4ÿ584 Ko
LSSrvc.exe 3892 Services 0 4ÿ508 Ko
PnkBstrA.exe 3952 Services 0 4ÿ888 Ko
svchost.exe 4024 Services 0 6ÿ644 Ko
svchost.exe 4052 Services 0 7ÿ260 Ko
TeamViewer_Service.exe 4080 Services 0 4ÿ288 Ko
svchost.exe 1100 Services 0 3ÿ972 Ko
SearchIndexer.exe 2368 Services 0 14ÿ712 Ko
eRecoveryService.exe 468 Services 0 12ÿ448 Ko
capuserv.exe 2344 Services 0 23ÿ140 Ko
ashMaiSv.exe 2952 Services 0 1ÿ612 Ko
ashWebSv.exe 1800 Services 0 27ÿ044 Ko
iPodService.exe 1376 Services 0 6ÿ592 Ko
WmiPrvSE.exe 480 Services 0 7ÿ796 Ko
WmiPrvSE.exe 4384 Services 0 13ÿ092 Ko
unsecapp.exe 4784 Console 1 6ÿ136 Ko
chrome.exe 6016 Console 1 83ÿ068 Ko
Steam.exe 4292 Console 1 30ÿ924 Ko
chrome.exe 4688 Console 1 69ÿ208 Ko
SteamService.exe 4916 Services 0 5ÿ956 Ko
chrome.exe 5788 Console 1 19ÿ236 Ko
wuauclt.exe 5792 Console 1 8ÿ888 Ko
usnsvc.exe 876 Services 0 4ÿ816 Ko
conime.exe 2888 Console 1 4ÿ768 Ko
msnmsgr.exe 3260 Console 1 58ÿ708 Ko
chrome.exe 4236 Console 1 10ÿ884 Ko
chrome.exe 5592 Console 1 12ÿ544 Ko
iexplore.exe 3428 Console 1 24ÿ928 Ko
iexplore.exe 3944 Console 1 86ÿ604 Ko
GoogleToolbarUser_32.exe 4232 Console 1 10ÿ584 Ko
FlashUtil10b.exe 4392 Console 1 5ÿ584 Ko
iexplore.exe 164 Console 1 32ÿ128 Ko
List_Killem[1].exe 6088 Console 1 7ÿ088 Ko
cmd.exe 4016 Console 1 4ÿ324 Ko
tasklist.exe 5084 Console 1 5ÿ916 Ko
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
"AdobeBridge"=""
"WSD"="\"C:\\ProgramData\\895c5a6\\WS895c.exe\" /s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"RtHDVCpl"="RtHDVCpl.exe"
"Acer Empowering Technology Monitor"="C:\\Acer\\Empowering Technology\\SysMonitor.exe"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSloader.exe"
"PCMMediaSharing"="C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"eRecoveryService"=""
"NVRaidService"="C:\\Windows\\system32\\nvraidservice.exe"
"Acer Tour Reminder"="C:\\Acer\\AcerTour\\Reminder.exe"
"Apanel"="C:\\ACERSW\\config\\NewSetApanel.cmd"
"DeathAdder"="C:\\Program Files\\Razer\\DeathAdder\\razerhid.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

===============
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
@="Google Dictionary Compression sdch"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

==========================

contenu des autoruns presents
-----------------------------

E:\Autorun.inf :
----------------
[autorun]
OPEN=AUTORUN.EXE
ICON=CZERO.ICO

===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_S1_S-1-5-21-528031385-266641500-1563399957-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-528031385-266641500-1563399957-1000.db
AgGlUAD_S-1-5-21-528031385-266641500-1563399957-1000.db
AgRobust.db
CHROME.EXE-5A1054AF.pf
CONSENT.EXE-531BD9EA.pf
DLLHOST.EXE-4F28A26F.pf
FLASHUTIL10B.EXE-06DAF439.pf
GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf
IEXPLORE.EXE-908C99F8.pf
Layout.ini
MSNMSGR.EXE-9974F251.pf
NOTEPAD.EXE-D8414F97.pf
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
REG.EXE-E7E8BD26.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SSVAGENT.EXE-42E515EF.pf
YTBB.EXE-4CA53A97.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Utilisateur anonyme
5 nov. 2009 à 12:51
REDEMARRE EN MODE SANS ECHEC , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal

il se trouve ici :

C:\Kill'em.txt
0

Discussions similaires

Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses