TR/Crypt.XPACK.Gen C:\WINDOWS\SYSTEM32\nmdfgd

Freatox -  
 Utilisateur anonyme -
Bonjour,

Je m'adresse à Goeffrey5 ou à Le sioux ou à une personne/un helper confirmé à la sympathie et aux compétences équivalentes que je remercierais ensuite sincèrement s'il me venait en aide.
Effectivement, j'ai besoin d'aide :
J'ai un Cheval de Troie dans mon PC (qui date de y a 3-4 ans) qui fait tout ramer et qui m'empêche d'aller sur internet. Mon ordinateur était HAUTEMENT infecté avant que j'ai Avira antivir (control center), Ccleaner et Defraggler. Une fois Avira installé, il m'a sorti une quantité astronomique de chevaux de Troie et autres virus... (vous savez quand il couine, il fait un petit bruit l'ordi) et une fois tout "supprimé" (ça a pris pas mal de temps vu qu'il ramait bien bien...) tous les jours, il me signale gentilment qu'un cheval de Troie est encore et toujours dans le système et m'empêche très certainement d'aller sur internet et de profiter de la rapidité normale de mon ordi (J'ai Windows XP au fait). Donc, voilà ce que me dit Avira antivir :

Un cheval de Troie TR/Crypt.XPACK.Gen (et y a un truc avec Win32) est sur votre ordinateur !

le chemin pour accéder au Trojan est celui-ci :

C:\WINDOWS\system32\nmdFgds0.dll

Voilà. J'ai vu sur le post de ric38 nommé "C:\WINDOWS\SYSTEM32\nmdfgds0.dll" qu'il avait certainement le même problème que moi et j'ai vu aussi à travers les réponses de Le sioux que je ne devais surtout pas suivre les conseils qu'il lui a donné par la suite (à part le Hijackthis j'imagine) car ils sont très certainement personnifiés, correspondant strictement à un seul ordinateur, je présume.

Donc je part ainsi faire mon rapport HijackThis et je vous le reposte ensuite.

MERCI ! ! !

ps : je suis désolé mais je fais ça en espérant arriver à résoudre ce problème avant Lundi soir, car je m'absente (de chez moi donc aussi de mon PC fixe qui est en l'occurrence infecté) dès Mardi très tôt pour 3 semaines (du 8 au 30 déc. 2009) donc si jamais je n'ai pas eu de réponses avant, je pourrais reprendre une activité et suivre vos conseils après la date du 30 décembre. D'avance désolé pour les réponses qui viendront après le 8 ou avant le 30.
A voir également:

60 réponses

Précédent
Réponse 21 / 60
Sodium
 
Salut,

J'ai suivi toutes tes instructions. Gmer a tourné "jusqu'au bout" et après environ 2h d'analyse, il m'affiche une fenêtre avec marqué "Gmer did not find any problem in your system" (ou un truc comme ça), en clair : Gmer n'a trouvé aucun problème/dysfonctionnement dans le système."

Peut-être qu'il faudra laisser coché d'autres cases avant de lancer l'analyse?
0
Réponse 22 / 60
Utilisateur anonyme
 
Bonjour
on va faire un peu de ménage dans le PC, et on va recommencer

* Télécharge ToolsCleaner2 sur ton Bureau
https://www.commentcamarche.net/telecharger/
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

supprime toolscleaner2 manuellement
0
Sodium
 
Salut,

Merci de ton aide. Voici le rapport :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HijackThis: trouvé !
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HijackThis\HijackThis.lnk: trouvé !
C:\Dokumente und Einstellungen\your\Desktop\ComboFix.exe: trouvé !
C:\Dokumente und Einstellungen\your\Desktop\Computer Medicine\HijackThis.lnk: trouvé !
C:\Programme\ZHPDiag: trouvé !
C:\Programme\Trend Micro\HijackThis: trouvé !
C:\Programme\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Programme\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Programme\ZHPDiag\ZHPdiag.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !


Fichiers temporaires nettoyés !
Restauration annulée !
Corbeille vidée!
0
Réponse 23 / 60
Utilisateur anonyme
 
Télécharge OTL, de OLDTimer
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

* Enregistre le sur ton Bureau.
* Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
* Coche les 2 cases Lop et Purity
* Coche la case devant tous les utilisateurs
* Règle âge du fichier sur 60 jours
* Dans la moitié gauche , mets tout sur tous

Ne modifie pas ceci :

fichiers créés et fichiers Modifiés
* Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

Héberge le rapport ICI
* Clique sur Parcourir et cherche le fichier ci-dessus.
* Clique sur Ouvrir.
* Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.
* Copie ce lien dans ta réponse.
* Tu feras la même chose avec le Extra.txt qui doit être sur
ton bureau.
0
Sodium
 
Salut Nathandre,

Voici les liens pour le rapport OTL et le rapport Extras.


http://www.cijoint.fr/cjlink.php?file=cj201005/cijsH9pjUE.txt


http://www.cijoint.fr/cjlink.php?file=cj201005/cijxqz0oZu.txt

Je te laisse me dire ce qu'il reste à faire
0
Réponse 24 / 60
Utilisateur anonyme
 
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

? Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Une fois terminée , clic sur "terminer" et le programme se lancera seul

Choisis l'option Search

Une icône blanche et noire va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
Une autre rouge et noir te servira a désinstaller le prog a la fin de la désinfection.

? laisse travailler l'outil

A l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 60
Sodium
 
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : your (Administratoren)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 18:39:03 | 24.05.2010

Intel(R) Pentium(R) D CPU 3.40GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]

A:\ -> 3,5 Zoll-Diskettenlaufwerk
C:\ -> Lokale Festplatte | 232,88 Go (84,3 Go free) | NTFS
D:\ -> CD
E:\ -> CD
F:\ -> CD
G:\ -> CD
H:\ -> Lokale Festplatte | 465,7 Go (81,18 Go free) | FAT32

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DAEMON Tools Pro Agent REG_SZ "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" -autorun
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
cdoosoft REG_SZ C:\DOKUME~1\your\LOKALE~1\Temp\herss.exe
nod32 REG_SZ C:\DOKUME~1\your\LOKALE~1\Temp\nodqq.exe
dso32 REG_SZ C:\DOKUME~1\your\LOKALE~1\Temp\dsoqq.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Adobe Version Cue CS2 REG_SZ C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
SunJavaUpdateSched REG_SZ "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
TkBellExe REG_SZ "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoLogOff REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ ALEX-27A2A99469
DefaultUserName REG_SZ your
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ your
AltDefaultDomainName REG_SZ ALEX-27A2A99469
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe REG_SZ C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe:*:Enabled:LVComSer

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8ad9c840-044e-11d1-b3e9-00805f499d93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{cafeefac-0016-0000-0007-abcdeffedcba}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{cafeefac-ffff-ffff-ffff-abcdeffedcba}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08b0e5c0-4fcb-11cf-aaa5-00401c608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73A12EEC-1222-4075-B9E9-4CB20725C060}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D2032B37-74DF-C235-87FC-9BC08E28E7C2}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDEA1DFB-745F-B764-4704-1CE19572A1B1}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{712F4D9B-A805-41A8-91C1-6C339E099F46}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{712F4D9B-A805-41A8-91C1-6C339E099F46}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C1100D1D-C56C-495F-98B7-C54617F1D59B}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{712F4D9B-A805-41A8-91C1-6C339E099F46}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ERDNT\cache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\dllcache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

Windows-Defragmentierung
Copyright (c) 2001 Microsoft Corp. und Executive Software International, Inc.

sberpr fungsbericht
233 GB Gesamt, 84,30 GB (36%) Verf gbar, 0% Fragmentiert (1% Dateifragmentierung)

Das Volume muss nicht defragmentiert werden.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Programme\WindowsUpdate
Present !! : C:\WINDOWS\002775_.tmp
Present !! : C:\WINDOWS\SET25.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\SET112.tmp
Present !! : C:\WINDOWS\System32\SET114.tmp
Present !! : C:\WINDOWS\System32\SET118.tmp
Present !! : C:\WINDOWS\System32\SET120.tmp
Present !! : C:\WINDOWS\System32\SET167.tmp
Present !! : C:\WINDOWS\System32\TDSSosvd.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : cdoosoft"
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : nod32
Present !! : HKU\S-1-5-21-515967899-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run : cdoosoft"
Present !! : HKU\S-1-5-21-515967899-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run : nod32
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-515967899-688789844-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-515967899-688789844-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKLM\SYSTEM\ControlSet002\Services\tdssserv.sys
Present !! : HKLM\SYSTEM\ControlSet004\Services\tdssserv.sys

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 19:43:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

? [41080]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spwc.sys hal.dll >>UNKNOWN [0x87388938]<<
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 19:43:34,90
0
Réponse 26 / 60
Sodium
 
Voilà le rapport, désolé, j'ai mis un certain temps...
0
Réponse 27 / 60
Utilisateur anonyme
 
Bonsoir
Present !! : HKLM\SYSTEM\ControlSet002\Services\tdssserv.sys
Present !! : HKLM\SYSTEM\ControlSet004\Services\tdssserv.sys

Ces 2 lignes>>>>Rootkit TDSS, une vraie crasse

? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

? choisis l'Option Clean

Ton PC va redemarrer,

Laisse travailler l'outil.

En fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

? Colle le contenu dans ta réponse
0
Réponse 28 / 60
Sodium
 
Salut,

Merci. J'ai cliqué sur clean et voici le rapport :

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : your (Administratoren)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 22:24:07 | 26.05.2010

Intel(R) Pentium(R) D CPU 3.40GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]

A:\ -> 3,5 Zoll-Diskettenlaufwerk
C:\ -> Lokale Festplatte | 232,88 Go (84,34 Go free) | NTFS
D:\ -> CD
E:\ -> CD
F:\ -> CD
G:\ -> CD
J:\ -> Lokale Festplatte | 465,7 Go (81,18 Go free) | FAT32


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\List_Kill'em\ERUNT.EXE
C:\Programme\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Programme\WindowsUpdate
Quarantined & Deleted !! : C:\WINDOWS\002775_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET25.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET112.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET114.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET118.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET120.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET167.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\TDSSosvd.dat
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc18.pdf
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc19.mp3
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc20.wav
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc21.exe
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc22.lnk
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc23.DS_Store
Deleted !! : C:\RECYCLER\S-1-5-21-515967899-688789844-725345543-1004\Dc25.zip

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : cdoosoft"
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : nod32
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKLM\SYSTEM\ControlSet002\Services\tdssserv.sys
Deleted : HKLM\SYSTEM\ControlSet004\Services\tdssserv.sys
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
UpdatesDisableNotify REG_DWORD 0 (0x0)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spnj.sys hal.dll >>UNKNOWN [0x87388938]<<
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 29 / 60
Utilisateur anonyme
 
Télécharge Load_tdsskiller (de Loup Blanc) sur ton Bureau
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe
* Lance load_tdsskiller
* L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
* A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
0
sodium
 
Salut,
J'ai suivi tes indications. Une fois l'analyse terminée, le rapport s'affiche et il est vide.
0
Réponse 30 / 60
Utilisateur anonyme
 
Bonsoir
TDSSKiller détecte pas grand chose
Il y a un processus caché, on va refaire ComboFix


Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

tutoriel pour bien utiliser l'outil
http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

/!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
Surtout, accepte d'installer la console de récupération
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 31 / 60
Sodium
 
Salut,

J'avais déjà antérieurement installé combofix sur mon PC mais je l'ai tout de même supprimé et retéléchargé la version que tu m'a proposé pour être sûr que ce soit la dernière version, cependant, à l'ouverture, combofix ne m'a pas demandé en quelle langue je voulais le rapport, donc il l'a automatiquement fait en allemand (puisque j'ai acheté mon PC en Allemagne). Désolé. Si tu connais un moyen de le remettre en français, je peux te refaire le scan en français. En attendant, tu l'as en allemand ici :

ComboFix 10-06-07.04 - your 08.06.2010 12:56:44.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.594 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\your\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1thes92p.exe
C:\33r.exe
C:\3dcs9.exe
C:\affi8l.exe
C:\bbjl2g.exe
C:\ca.exe
C:\cobn8w3.exe
c:\dokume~1\your\LOKALE~1\Temp\cvasds0.dll
c:\dokume~1\your\LOKALE~1\Temp\herss.exe
C:\dqm.exe
C:\f662sjd.exe
C:\ggpw.exe
C:\hc3hvi0.exe
C:\i8ikdjwt.exe
C:\p6xebrnt.exe
C:\qhbfqx.exe
C:\r3fhr.exe
C:\rhwhin.exe
C:\rpw.exe
C:\utcddeq.exe
C:\vgyn6ewc.exe
C:\wa.exe
c:\windows\system32\VB40032.DLL
C:\wkimt.exe
C:\wyskq6lt.exe
C:\yqq8eqil.exe
J:\1thes92p.exe
J:\33r.exe
J:\3dcs9.exe
J:\affi8l.exe
J:\Autorun.inf
J:\bbjl2g.exe
J:\ca.exe
J:\cobn8w3.exe
J:\ey.exe
J:\f662sjd.exe
J:\fk.exe
J:\ggpw.exe
J:\hc3hvi0.exe
J:\i8ikdjwt.exe
J:\ji83j.exe
J:\qhbfqx.exe
J:\qkm.exe
J:\r3fhr.exe
J:\rhwhin.exe
J:\rpw.exe
J:\wkimt.exe
J:\yqq8eqil.exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-05-08 bis 2010-06-08 ))))))))))))))))))))))))))))))
.

2010-06-04 12:27 . 2010-06-04 12:26 116736 -csh--r- C:\awb3ryk.exe
2010-06-02 20:25 . 2010-06-02 20:25 115200 -csh--r- C:\iuvvl9f3.exe
2010-05-31 13:24 . 2010-06-01 20:23 115200 -csh--r- C:\cgaqyi.exe
2010-05-24 16:39 . 2010-05-26 20:24 -------- dc----w- C:\Kill'em
2010-05-24 16:38 . 2010-05-29 20:43 -------- d-----w- c:\programme\List_Kill'em

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 10:38 . 2006-02-28 12:00 49198 ----a-w- c:\windows\system32\perfc007.dat
2010-06-08 10:38 . 2006-02-28 12:00 319828 ----a-w- c:\windows\system32\perfh007.dat
2010-06-02 21:15 . 2007-04-21 22:18 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-05-29 21:15 . 2009-09-29 11:07 1 ----a-w- c:\dokumente und einstellungen\your\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-28 16:36 . 2008-11-08 21:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NCH Software
2010-04-18 13:20 . 2010-04-18 13:20 127488 -csh--r- C:\lhhr8.exe
2010-04-03 12:48 . 2010-04-03 12:48 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-03 12:48 . 2010-04-03 12:48 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-03 12:48 . 2010-04-03 12:48 49152 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-03 12:48 . 2010-04-03 12:48 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-03 12:48 . 2010-04-03 12:48 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-03 12:48 . 2010-04-03 12:48 40960 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-03 12:48 . 2010-04-03 12:48 308808 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-03 12:48 . 2010-04-03 12:48 14848 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-03 12:48 . 2010-04-03 12:48 341600 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-03 12:48 . 2007-01-20 09:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-26 08:33 . 2010-04-29 08:51 1496064 ----a-w- c:\dokumente und einstellungen\your\Anwendungsdaten\Mozilla\Firefox\Profiles\ll7d0gfg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-04-29 08:51 43008 ----a-w- c:\dokumente und einstellungen\your\Anwendungsdaten\Mozilla\Firefox\Profiles\ll7d0gfg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-04-29 08:51 339456 ----a-w- c:\dokumente und einstellungen\your\Anwendungsdaten\Mozilla\Firefox\Profiles\ll7d0gfg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:32 . 2010-04-29 08:51 346112 ----a-w- c:\dokumente und einstellungen\your\Anwendungsdaten\Mozilla\Firefox\Profiles\ll7d0gfg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-23 22:21 . 2007-01-25 15:07 237648 ----a-w- c:\dokumente und einstellungen\your\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-15 15:45 . 2010-03-15 15:45 119808 -csh--r- C:\y6cqb2is.exe
2007-06-09 12:21 . 2007-06-09 12:21 1806232 ----a-w- c:\programme\daemon4091-x86.exe
2008-02-13 16:49 . 2008-02-13 16:46 24 -csh--w- c:\windows\S6E8C5DEE.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-04-01_21.15.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-28 12:00 . 2010-04-01 20:48 40972 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-06-08 10:38 40972 c:\windows\system32\perfc009.dat
+ 2010-04-03 12:48 . 2010-04-03 12:48 20480 c:\windows\Installer\72727.msi
+ 2007-02-08 22:47 . 2010-04-03 12:48 5632 c:\windows\system32\pndx5032.dll
- 2007-02-08 22:47 . 2007-03-31 18:06 5632 c:\windows\system32\pndx5032.dll
+ 2007-02-08 22:47 . 2010-04-03 12:48 6656 c:\windows\system32\pndx5016.dll
- 2007-02-08 22:47 . 2007-03-31 18:06 6656 c:\windows\system32\pndx5016.dll
+ 2007-02-08 22:47 . 2010-04-03 12:48 185920 c:\windows\system32\rmoc3260.dll
+ 2007-02-08 22:47 . 2010-04-03 12:48 278528 c:\windows\system32\pncrt.dll
- 2007-02-08 22:47 . 2007-03-31 18:06 278528 c:\windows\system32\pncrt.dll
- 2006-02-28 12:00 . 2010-04-01 20:48 314644 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-06-08 10:38 314644 c:\windows\system32\perfh009.dat
+ 2010-06-02 21:15 . 2010-06-02 21:15 295606 c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A82000000003}\SC_Reader.exe
+ 2010-06-02 21:15 . 2010-06-02 21:15 4323840 c:\windows\Installer\2da683.msi
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\programme\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Version Cue CS2"="c:\programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-04-03 202256]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\dokumente und einstellungen\your\Startmen \Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\dokumente und einstellungen\All Users\Startmen \Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\LogiShrd\\LVCOMSER\\LVComSer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 antivirschedulerservice;Avira AntiVir Planificateur;c:\programme\Avira\AntiVir Desktop\sched.exe [06.06.2009 12:31 108289]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11.06.2007 23:31 33792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.05.2007 02:45 691696]
S1 ecb15476;ecb15476;c:\windows\system32\drivers\ecb15476.sys [07.05.2009 01:07 0]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 ICScsiSV;Image Converter SCSI Service;c:\programme\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [27.10.2007 14:22 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\programme\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [27.10.2007 14:22 67760]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.04.2007 16:15 9344]
.
Inhalt des "geplante Tasks" Ordners

2010-06-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-688789844-725345543-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-688789844-725345543-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: mit image converter 3 übertragen - c:\programme\Sony\IMAGE CONVERTER 3\menu.htm
FF - ProfilePath - c:\dokumente und einstellungen\your\Anwendungsdaten\Mozilla\Firefox\Profiles\ll7d0gfg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\dokumente und einstellungen\your\Anwendungsdaten\Mozilla\Firefox\Profiles\ll7d0gfg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-515967899-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECBB0CE0-F062-60AD-8245-C22B7EC8910D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2010-06-08 13:02:26
ComboFix-quarantined-files.txt 2010-06-08 11:02
ComboFix2.txt 2010-04-01 21:17

Vor Suchlauf: 18 Verzeichnis(se), 88.112.541.696 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 88.278.179.840 Bytes frei

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - FDCD2023233C1DD77A08A1F2FA34CA03
0
Réponse 32 / 60
Utilisateur anonyme
 
Bonjour Sodium
Tout ce que je sais ComboFix a trouvé pas mal de cochonneries
Tu as dû réinfecter ton PC, c'est pas possible
Je ne comprends pas l'allemand, ça ne va pas m'aider
Je vais aller demander
0
Réponse 33 / 60
Utilisateur anonyme
 
On va mettre ton PC en français
Ouvre le bloc-notes, et copie/colle dedans ceci:


Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\NLS\Language]
"Default"="040C"


Ensuite, nomme le fichier français.reg,
et enregistre le sur le bureau
Double clique sur le fichier, et clique sur fusionner, puis valide
Redémarre le PC


Télécharge USBFix (de El Desaparecido, C_XX) sur ton bureau
https://www.ionos.fr/?affiliate_id=77097

# Double clic sur UsbFix présent sur ton bureau, et clique sur
exécuter pour lancer l'installation qui se fera automatiquement

# Clique sur Suppression

# Branche toutes tes sources et données externes (clé USB, disque dur
externe...) sans les ouvrir sur ton PC, et clique sur OK

# La suppression est lancée. Le bureau va disparaitre, c'est normal

# Une fois le nettoyage terminé, le bureau va réapparaitre, et il se
pourrai que ton navigateur s'ouvre à la page d'upload de l'outil te
demandant d'envoyer le fichier UsbFix_Upload_Me

# Clique sur Parcourir pour aller chercher le fichier
compressé qui se trouve à la racine du disque

# Dans le menu déroulant, sélectionne UsbFix, et clique sur Envoyer
le fichier

# Ensuite poste le rapport UsbFix.txt qui est apparu avec le bureau .

# Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 34 / 60
Sodium
 
Salut,

Effectivement, j'ai du rechoper autre chose, je dois pas assez me méfier de certains sites; mais je vois pas lesquels; ce que je télécharge avant tout, c'est du son, 'sur zshare etc...)

voici le rapport

############################## | UsbFix 7.008 | [Deletion]

User: your (Administrator) # ALEX-27A2A99469 [ ]
Updated 10/06/10 by El Desaparecido / C_XX
Started at 00:08:41 | 11/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) D CPU 3.40GHz
CPU 2: Intel(R) Pentium(R) D CPU 3.40GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.11

Windows Firewall: Enabled
Antivirus: AntiVir Desktop 9.0.1.26 [Enabled | (!) Outdated]

RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (80 Mb free - 34%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Removable drive # 2 Gb (1 Mb free - 65%) [FREATOX] # FAT32
I:\ -> Removable drive # 4 Gb (3 Mb free - 81%) [] # FAT32
J:\ -> Fixed drive # 466 Gb (76 Mb free - 16%) [] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\DOKUME~1\your\LOKALE~1\Temp\dsoqq.exe
Deleted ! C:\DOKUME~1\your\LOKALE~1\Temp\dsoqq0.dll
Deleted ! C:\DOKUME~1\your\LOKALE~1\Temp\dsoqq1.dll
Deleted ! I:\rfg.exe
Deleted ! I:\Autorun.inf
Deleted ! J:\Autorun.inf
Deleted ! C:\Recycler\S-1-5-21-515967899-688789844-725345543-1004
Deleted ! C:\awb3ryk.exe
Deleted ! C:\cgaqyi.exe
Deleted ! C:\iuvvl9f3.exe
Deleted ! C:\lhhr8.exe
Deleted ! C:\y6cqb2is.exe
Deleted ! H:\2u923g01.exe
Deleted ! H:\33r.exe
Deleted ! H:\affi8l.exe
Deleted ! H:\bbjl2g.exe
Deleted ! H:\cgaqyi.exe
Deleted ! H:\dqm.exe
Deleted ! H:\fk.exe
Deleted ! H:\i8ikdjwt.exe
Deleted ! H:\qhbfqx.exe
Deleted ! H:\rhwhin.exe
Deleted ! H:\utcddeq.exe
Deleted ! H:\wyskq6lt.exe
Deleted ! I:\r3fhr.exe
Deleted ! I:\wa.exe
Deleted ! J:\awb3ryk.exe
Deleted ! J:\cgaqyi.exe
Deleted ! J:\dqm.exe
Deleted ! J:\iuvvl9f3.exe
Deleted ! J:\lhhr8.exe
Deleted ! J:\utcddeq.exe
Deleted ! J:\wa.exe
Deleted ! J:\wyskq6lt.exe
Deleted ! J:\y6cqb2is.exe
Deleted ! C:\rfg.exe
Deleted ! C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP51\A0009880.exe
Deleted ! H:\rfg.exe
Deleted ! J:\rfg.exe
Deleted ! J:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP51\A0009881.exe

################## | Registry |

Deleted ! HKLM\Software\Classes\CLSID\MADOWN
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dso32

################## | Mountpoints2 |


################## | Listing |

[07/12/2009 - 01:59:26 | RDC ] C:\$VAULT$.AVG
[09/05/2009 - 18:24:42 | AC | 2] C:\-461568472
[08/06/2010 - 13:29:21 | AC | 81760256000] C:\3590F75ABA9E485486C100C1A9D4FF06TTWQJNWXCOGBFEGH
[09/02/2007 - 00:59:31 | D ] C:\52e42208603f0d384b8e8d
[09/02/2007 - 01:00:02 | D ] C:\6da850a3acf2773a2a9098677cd6
[06/11/2006 - 22:28:10 | AC | 4345344] C:\ALLCHAR-32.exe
[26/05/2010 - 22:42:51 | AC | 4] C:\AUTOEXEC.BAT
[30/01/2010 - 01:20:56 | DC ] C:\autorun.inf
[20/01/2007 - 11:39:50 | AC | 1673] C:\avast! Antivirus.lnk
[06/11/2006 - 22:28:10 | AC | 3010] C:\A_LIRE.TXT
[19/01/2007 - 17:51:51 | AC | 211] C:\Boot.bak
[06/12/2009 - 23:24:21 | RASHC | 281] C:\boot.ini
[28/02/2006 - 14:00:00 | RASHC | 4952] C:\bootfont.bin
[13/06/2007 - 18:34:54 | D ] C:\Cakewalk Projects
[06/12/2009 - 23:24:20 | RASHDC ] C:\cmdcons
[04/08/2004 - 00:00:10 | AC | 262448] C:\cmldr
[09/03/2008 - 21:16:27 | AC | 74] C:\CMLoader.log
[08/06/2010 - 13:02:30 | DC ] C:\ComboFix
[08/06/2010 - 13:02:27 | AC | 13650] C:\ComboFix.txt
[20/05/2006 - 17:58:54 | RAC | 81] C:\company.url
[09/06/2010 - 11:34:17 | D ] C:\Config.Msi
[19/01/2007 - 17:56:42 | AC | 0] C:\CONFIG.SYS
[25/02/2009 - 11:25:52 | D ] C:\Dokumente und Einstellungen
[09/02/2007 - 01:00:34 | D ] C:\e3468d2bfc3623a4f26e82c9
[12/06/2008 - 21:04:31 | D ] C:\Game
[20/07/2004 - 12:32:20 | AC | 2728] C:\HS_License.html
[06/09/2006 - 17:06:44 | RAC | 62464] C:\hs_regex.dll
[07/09/2007 - 13:38:08 | AC | 1120] C:\INSTALL.LOG
[19/01/2007 - 17:56:42 | RASHC | 0] C:\IO.SYS
[26/05/2010 - 22:24:13 | DC ] C:\Kill'em
[08/03/2007 - 19:10:08 | D ] C:\language
[06/09/2006 - 17:06:44 | RAC | 839680] C:\libeay32.dll
[24/05/2010 - 19:43:34 | AC | 21236] C:\List'em.txt
[27/07/2006 - 18:36:46 | AC | 9702] C:\logo.gif
[16/01/2007 - 10:50:48 | RAC | 1264440] C:\mega.smf
[15/02/2007 - 20:25:24 | AC | 18944] C:\MegaIeFn.dll
[15/02/2007 - 20:25:32 | AC | 110592] C:\MegaIEMn.dll
[09/02/2007 - 00:41:19 | D ] C:\Mes téléchargements
[05/04/2006 - 20:06:12 | AC | 1453] C:\mm_file.htm
[19/01/2007 - 17:56:42 | RASHC | 0] C:\MSDOS.SYS
[21/01/2007 - 13:56:24 | RD ] C:\MSOCache
[10/06/2010 - 10:09:01 | RSHC | 117248] C:\n0qls.exe
[28/02/2006 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[05/11/2008 - 19:12:24 | RASH | 251712] C:\ntldr
[11/06/2010 - 00:02:38 | ASH | 1610612736] C:\pagefile.sys
[02/05/2000 - 04:17:00 | AC | 212480] C:\PCDLIB32.DLL
[08/03/2007 - 19:10:08 | D ] C:\plugins
[23/08/2008 - 22:49:29 | AC | 48] C:\plug_in.ini
[20/05/2006 - 17:59:04 | RAC | 81] C:\product.url
[26/05/2010 - 22:25:19 | RD ] C:\Programme
[08/06/2010 - 13:02:29 | ADC ] C:\Qoobox
[16/01/2007 - 11:44:32 | AC | 1336] C:\readme.txt
[11/06/2010 - 00:22:36 | SHDC ] C:\RECYCLER
[15/02/2007 - 20:25:32 | AC | 303104] C:\res.dll
[31/10/2007 - 20:52:24 | D ] C:\rimes
[16/02/2010 - 16:21:34 | AC | 110067182] C:\Sauv.reg
[10/02/2007 - 00:03:56 | AC | 2599088] C:\Shockwave_Installer_Slim.exe
[22/03/2006 - 15:24:50 | RAC | 159744] C:\ssleay32.dll
[20/05/2006 - 17:58:44 | RAC | 81] C:\support.url
[16/02/2010 - 16:31:39 | SHD ] C:\System Volume Information
[01/05/2010 - 22:12:29 | AC | 874] C:\TCleaner.txt
[31/05/2010 - 22:44:28 | AC | 34760] C:\TDSSKiller.2.3.2.0_31.05.2010_22.44.15_log.txt
[31/05/2010 - 22:46:24 | AC | 34760] C:\TDSSKiller.2.3.2.0_31.05.2010_22.46.14_log.txt
[31/05/2010 - 22:59:40 | AC | 34760] C:\TDSSKiller.2.3.2.0_31.05.2010_22.59.30_log.txt
[16/01/2007 - 11:44:18 | AC | 168] C:\thirdPartyNotice.txt
[24/05/2001 - 12:59:30 | AC | 162304] C:\UNWISE.EXE
[11/06/2010 - 00:22:19 | DC ] C:\UsbFix
[11/06/2010 - 00:22:43 | AC | 2643] C:\UsbFix.txt
[27/01/2007 - 16:50:32 | AC | 9453630] C:\vlc-0.8.6a-win32.exe
[13/08/2003 - 17:20:48 | AC | 4164] C:\W3C_License.html
[10/06/2010 - 13:21:06 | D ] C:\WINDOWS
[15/02/2007 - 19:52:50 | AC | 61440] C:\wwwapp.dll
[15/02/2007 - 19:52:08 | AC | 23552] C:\wwwcache.dll
[15/02/2007 - 19:51:46 | AC | 139264] C:\wwwcore.dll
[15/02/2007 - 19:52:38 | AC | 17920] C:\wwwdir.dll
[15/02/2007 - 19:51:16 | AC | 3584] C:\wwwdll.dll
[15/02/2007 - 19:51:56 | AC | 28672] C:\wwwfile.dll
[15/02/2007 - 19:53:00 | AC | 33280] C:\wwwftp.dll
[15/02/2007 - 19:52:24 | AC | 61440] C:\wwwhtml.dll
[15/02/2007 - 19:52:34 | AC | 77824] C:\wwwhttp.dll
[15/02/2007 - 19:53:04 | AC | 16384] C:\wwwinit.dll
[15/02/2007 - 19:52:14 | AC | 29696] C:\wwwmime.dll
[15/02/2007 - 19:52:56 | AC | 12288] C:\wwwssl.dll
[15/02/2007 - 19:52:06 | AC | 23040] C:\wwwstream.dll
[15/02/2007 - 19:51:52 | AC | 18432] C:\wwwtrans.dll
[15/02/2007 - 19:51:28 | AC | 45056] C:\wwwutils.dll
[06/06/2010 - 15:26:50 | RSHC | 116224] C:\yqq8eqil.exe
[05/06/2009 - 15:43:40 | RSHD ] H:\RECYCLER
[30/01/2010 - 00:20:58 | D ] H:\autorun.inf
[20/04/2010 - 16:38:56 | AH | 15364] H:\.DS_Store
[03/02/2010 - 13:53:10 | HD ] H:\.Spotlight-V100
[12/10/2009 - 17:50:22 | HD ] H:\.Trashes
[01/01/1601 - 02:00:00 | D ] H:\Digidesign Databases
[24/05/2010 - 14:27:44 | A | 20480] H:\Titre+texte ALEXANDER GRUBE debat nano.doc
[10/06/2010 - 14:36:16 | D ] H:\Forme Cheveux
[10/06/2010 - 10:09:02 | RSH | 117248] H:\n0qls.exe
[21/05/2010 - 18:42:06 | AH | 4096] H:\._La minute de silence.bounce.wav
[22/04/2010 - 11:37:12 | A | 519739292] H:\Debat final (dernier hit) - Alexander Grube.wav
[18/05/2010 - 23:11:52 | D ] H:\Assétou La Kawaii
[11/02/2010 - 16:41:46 | D ] H:\CLEF USB FREATOX
[06/03/2010 - 20:57:48 | A | 5973159] I:\01 Dizzee Rascal - Bonkers [With Armand Van Helden].mp3
[09/11/2009 - 19:21:00 | A | 6624797] I:\02 Dizzee Rascal - Road Rage.mp3
[31/03/2010 - 17:07:58 | A | 6527798] I:\05 Dizzee Rascal - Can't Tek No More.mp3
[31/03/2010 - 17:07:14 | A | 9119539] I:\07 Dizzee Rascal - Dirtee Cash.mp3
[31/03/2010 - 17:08:00 | A | 6730917] I:\08 Dizzee Rascal - Money Money.mp3
[10/05/2010 - 13:49:20 | A | 7025463] I:\08 Nobody Move!.mp3
[31/03/2010 - 17:08:02 | A | 7929657] I:\09 Dizzee Rascal - Leisure.mp3
[31/03/2010 - 17:08:04 | A | 8821665] I:\11 Dizzee Rascal - Bad Behaviour.mp3
[19/01/2009 - 17:01:46 | A | 13187045] I:\Crookers - Don Rimini - Let Me Back Up (Crookers Rmx).mp3
[29/05/2006 - 19:36:54 | A | 2900910] I:\01-para_one-piste_blue.mp3
[29/05/2006 - 18:03:40 | A | 5526116] I:\02-para_one-turtle_trouble.mp3
[29/05/2006 - 18:31:04 | A | 6787254] I:\03-para_one-midnight_swim (bof).mp3
[29/05/2006 - 18:35:40 | A | 4920858] I:\04-para_one-f.u.d.g.e (bof)..mp3
[01/01/2008 - 00:12:24 | H | 512] I:\MUSICEDT.INI
[01/01/2008 - 00:12:28 | H | 8192] I:\BOOKMARK.BMK
[01/01/2008 - 00:12:32 | H | 52736] I:\USERPL.PL
[09/02/2010 - 12:25:48 | SHD ] I:\Recycled
[09/02/2010 - 12:25:48 | SHD ] I:\System Volume Information
[29/05/2006 - 18:37:26 | A | 6824165] I:\05-para_one-dudun-dun.mp3
[19/10/2009 - 16:33:44 | A | 5450360] I:\01 - Movements.mp3
[24/04/2003 - 20:09:04 | A | 5960321] I:\03 Under Mi Sensi Barrington Levy Duets.mp3
[06/10/2003 - 18:31:46 | RA | 3010560] I:\-.mp3
[18/10/2009 - 13:52:28 | A | 4820072] I:\02 - Dem Phonies.mp3
[29/05/2006 - 17:59:06 | A | 4560332] I:\06-para_one-musclor_feat_t.t.c. (bof).mp3
[18/10/2009 - 13:52:54 | A | 6315060] I:\03 - Juggle Tings Proper.mp3
[29/05/2006 - 19:07:58 | A | 5028941] I:\07-para_one-le_soleil_artificiels.mp3
[18/10/2009 - 13:54:18 | A | 6348749] I:\04 - Inna.mp3
[15/12/2009 - 11:28:10 | A | 11222287] I:\Ascending Melody.mp3
[15/12/2009 - 11:26:34 | A | 9664347] I:\Emblem Of The World.mp3
[24/05/2010 - 22:45:22 | A | 4337418] I:\Gil_Scott-Heron-New_York_Is_Killing_Me_f_Mos_Def-2dope.mp3
[24/05/2010 - 22:38:42 | A | 17085347] I:\ZakolskiMars.mp3
[19/05/2010 - 21:19:40 | A | 70329007] I:\hudmo-fader.mp3
[24/05/2010 - 15:10:22 | A | 89901140] I:\SanyPitbull-MixTapeMadeinFavela01.mp3
[08/05/2010 - 15:56:48 | A | 196486707] I:\Take Flight Club present Cookie Monsta (Where's My Cookie).mp3
[29/05/2006 - 18:45:38 | A | 1348556] I:\08-para_one-def_tea_machine.mp3
[29/05/2006 - 19:12:50 | A | 4355404] I:\09-para_one-sages-femmes.mp3
[05/11/2009 - 14:12:02 | A | 5086107] I:\05 - Soul Decay.mp3
[29/05/2006 - 19:33:32 | A | 7716328] I:\10-para_one-liege.mp3
[18/10/2009 - 13:53:58 | A | 4693070] I:\06 - Baptism.mp3
[29/05/2006 - 19:03:54 | A | 7625272] I:\11-para_one-clubhoppn.mp3
[05/11/2009 - 14:21:46 | A | 5117019] I:\07 - Strange Behaviour.mp3
[17/07/2007 - 21:29:08 | A | 958698] I:\16-modeselektor-late_check-out.mp3
[29/05/2006 - 19:28:08 | A | 5708689] I:\12-para_one-nobody_cared.mp3
[18/10/2009 - 13:43:18 | A | 396672] I:\08 - Organ Skit.mp3
[17/07/2007 - 21:29:32 | A | 6361841] I:\17-modeselektor-the_wedding_toccata_theme.mp3
[05/11/2009 - 15:01:44 | A | 6306862] I:\09 - Big Tings Gwidarn.mp3
[29/05/2006 - 19:25:46 | A | 3693082] I:\13-para_one-bobble.mp3
[11/03/2010 - 12:32:40 | A | 1096142] I:\lyfe and bled.mp3
[05/11/2009 - 14:30:42 | A | 5180006] I:\10 - Sinking Sands.mp3
[11/03/2010 - 12:33:50 | A | 1403342] I:\lyfe and bled2.mp3
[29/05/2006 - 19:59:20 | A | 9078572] I:\14-para_one-ski_lessons_blues.mp3
[06/10/2003 - 18:32:46 | RA | 8081408] I:\So Fresh, So Clean.mp3
[05/11/2009 - 14:57:46 | A | 4377445] I:\11 - Wisdom Fall.mp3
[05/08/2004 - 19:25:56 | A | 7022667] I:\aphex twin - drukqs - 04 - omgyjya-switch.mp3
[18/10/2009 - 13:35:50 | A | 729732] I:\12 - Roots-fi Discotheque (Skit).mp3
[29/09/2007 - 20:42:02 | A | 4722128] I:\04 Can't Hold On.mp3
[05/11/2009 - 17:30:16 | A | 5476982] I:\13 - Clockwork.mp3
[05/11/2009 - 15:07:12 | A | 7208142] I:\14 - Cornmeal Dumpling.mp3
[17/07/2007 - 21:24:50 | A | 2848475] I:\05-modeselektor-bm_ocean.mp3
[07/12/2008 - 23:53:00 | A | 5412992] I:\05-Selfish featuring Kanye West & John Legend.mp3
[05/11/2009 - 15:11:14 | A | 5508455] I:\15 - Fever.mp3
[17/07/2007 - 21:25:06 | A | 8727041] I:\06-modeselektor-sucker_pin.mp3
[18/10/2009 - 13:52:00 | A | 4499661] I:\16 - Oh Yeah.mp3
[19/10/2009 - 16:46:56 | A | 7495858] I:\17 - Motion 5000.mp3
[06/03/2010 - 17:51:26 | A | 4999490] I:\07-b-real-fire_feat._damian_marley.mp3
[17/07/2007 - 21:27:42 | A | 5724719] I:\07-modeselektor-edgar.mp3
[24/09/2009 - 14:19:04 | A | 7755763] I:\08-modeselektor-hyper_hyper.mp3
[17/07/2007 - 21:24:24 | A | 7491159] I:\09-modeselektor-bmi.mp3
[20/10/2008 - 20:23:30 | A | 5782454] I:\11-modeselektor-the_dark_side_of_the_sun.mp3
[07/12/2008 - 23:53:00 | A | 6576256] I:\12-Count the Ways featuring Dwele.mp3
[18/04/2005 - 00:01:18 | A | 4522314] I:\15 Get Back.mp3
[17/07/2007 - 21:30:12 | A | 7109494] I:\15-modeselektor-the_white_flash.mp3
[18/04/2005 - 00:02:46 | A | 2885010] I:\16 Listen 2 This.mp3
[06/06/2010 - 15:26:50 | RSH | 116224] J:\yqq8eqil.exe
[10/06/2010 - 10:09:02 | RSH | 117248] J:\n0qls.exe
[25/11/2009 - 19:09:40 | AH | 4096] J:\._.Trashes
[24/05/2010 - 14:31:04 | D ] J:\PRODUCTION
[24/05/2010 - 14:34:30 | D ] J:\autres
[06/04/2010 - 15:51:16 | D ] J:\PHOTOS
[01/04/2010 - 16:35:52 | AH | 15364] J:\.DS_Store
[04/04/2010 - 22:44:52 | RD ] J:\Assétou ordinateur
[05/04/2010 - 20:56:52 | D ] J:\VIDEOS
[05/04/2010 - 20:55:44 | D ] J:\Fichiers ptite carte SD
[01/04/2010 - 14:48:06 | AD ] J:\ALEXander ordinateur
[24/05/2010 - 14:29:32 | D ] J:\MUSIQUE
[12/12/2009 - 10:14:28 | ASH | 10752] J:\Thumbs.db
[12/12/2009 - 10:15:34 | SHD ] J:\System Volume Information
[01/01/2010 - 16:20:54 | SHD ] J:\Recycled

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_ALEX-27A2A99469.zip
https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.

################## | E.O.F |
0
Réponse 35 / 60
Utilisateur anonyme
 
Bonjour
as tu fait ceci ?
Please send the file: C:\UsbFix_Upload_Me_ALEX-27A2A99469.zip
https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.

Tes clé USB étaient bourrés de cochonneries, surtout la clé USB H
Il faudrai faire attention où tu branches tes clé USB
Evite de les brancher sur les PC dans les cybers café, car ces PC sont bourrés
de virus, et demande à ton entourage de faire vérifier leur PC et leurs disques
amovibles
Si tu as Malwarebytes, met le à jour, et fait un scan complet
0
Sodium
 
Salut Nathandre.

Je n'ai pas pu envoyer le fichier à Usbfix, lorsque je clique sur parcourir, je selectionne mon fichier, clique OK, selectionne USBFIX dans la partie outils concernés puis clique sur envoyer le fichire, un temps passe et une page s'affiche qui me dit : "vous n'avez pas sélectionné de fichier!". Bizarre.

J'ai fait un scan Malwarebytes. J'avais besoin de mon dique dur externe, je te ferais un autre scan de ce disque dur plus tard dès que j'ai le temps.

Voici le rapport

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

06.12.2009 20:25:30
mbam-log-2009-12-06 (20-25-30).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 218657
Temps écoulé: 2 hour(s), 23 minute(s), 49 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 10
Clé(s) du Registre infectée(s): 41
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 14
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 100

Processus mémoire infecté(s):
C:\WINDOWS\ld09.exe (Worm.KoobFace) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\biserano.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\damopore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\habanuvo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\sidejuwo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vowikewa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00545D2.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkshfuiehi.dll (Trojan.Ertfor) -> Delete on reboot.
c:\programme\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
c:\programme\driver\driver.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9884d9c4-77ab-481d-a1ee-a09de2716201} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9884d9c4-77ab-481d-a1ee-a09de2716201} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9884d9c4-77ab-481d-a1ee-a09de2716201} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00545d2 (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TDSSdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driverdrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pumehunihe (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme74e351b (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e47d0687 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\driver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\damopore.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sidejuwo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sidejuwo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\damopore.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\damopore.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\damopore.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind (Hijack.Find) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Programme\podmena (Trojan.Downloader) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\biserano.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bijapeka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dahovibo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\damopore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fufakili.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\habanuvo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\harupeza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azepurah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jahomayo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jejowada.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juzeziwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\keyisori.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irosiyek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kidamore.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eromadik.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lotonene.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\minuzudi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mojuwaga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agawujom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nikarili.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilirakin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nikoloki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nupanogo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogonapun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pusekudu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udukesup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rawijeku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\riwakabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotawapo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opawator.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rowopapo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opapowor.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sidejuwo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\somituso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suyetebo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obeteyus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tifupeva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tikufozi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vagimutu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vowikewa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awekiwov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vujigami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wadilegi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wesagibu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zasulege.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egelusaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zeyeleme.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zowavami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zupejaku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukajepuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkshfuiehi.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00545D2.dat (Trojan.Vundo) -> Delete on reboot.
c:\programme\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
c:\programme\driver\driver.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\jbnmcd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\kinkerc.exe (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\vfmf.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\boyedt.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\09QBG1Q3\pdrv[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\your\reader_s.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Steinberg\Nuendo 2\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\driver\driver.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\podmena\podmena.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pp06.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fopihofu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbnmck.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\semehine.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005D222.dat (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0073EAA.dat (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rahegega.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SYS32DLL.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fikomake.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\f72ecd02.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
C:\d45.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\krakbqe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgukgwe_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgukgwe_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\zaponce52689.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\zaponce53173.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\zaponce53290.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ld09.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2668f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2692f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2695f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Rootkit.TDSS) -> Quarantined and deleted successfully.
0
Réponse 36 / 60
Utilisateur anonyme
 
Bonjour
06.12.2009 20:25:30
mbam-log-2009-12-06 (20-25-30).txt

Pourquoi tu me sors un rapport vieux de 6 mois ?
0
Réponse 37 / 60
Utilisateur anonyme
 
salut le plus marrant est ceci :


C:\WINDOWS\system32\reader_s.exe
0
Utilisateur anonyme
 
Bonjour Gen Hackman
je sais j'ai vu
C'est pas marrant du tout
0
Utilisateur anonyme
 
non c'etait de l'ironie ;)
0
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
En effet un beau Virut, j'ai bien peur qu' un form.......
En tout cas bon courage Nathandre
0
Utilisateur anonyme
 
Bonjour Smart
C'est rien ça, j'en ai déjà traité
Voilà le résultat quand on télé charge n'importe quoi
0
Sodium
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

15.06.2010 19:57:18
mbam-log-2010-06-15 (19-57-18).txt

Type d'examen: Examen complet (C:\|H:\|I:\|)
Elément(s) analysé(s): 240782
Temps écoulé: 46 minute(s), 16 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 42

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\3dcs9.exe.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\ey.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\fk.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\ggpw.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\utcddeq.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\vgyn6ewc.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\J\3dcs9.exe.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\J\ey.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\J\fk.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\J\ggpw.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\J\r3fhr.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\C\lhhr8.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\C\y6cqb2is.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\H\fk.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\H\utcddeq.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\I\r3fhr.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\J\lhhr8.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\J\utcddeq.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\UsbFix\Quarantine\J\y6cqb2is.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP16\A0000897.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP16\A0000905.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP16\A0000913.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP16\A0000923.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP17\A0000927.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP17\A0000934.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP17\A0000942.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP22\A0001266.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP22\A0001267.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP27\A0003038.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP28\A0003072.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP28\A0003087.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP28\A0003120.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP29\A0003190.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP29\A0004132.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP29\A0004141.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP35\A0004669.dll (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP50\A0007799.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP50\A0007806.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP50\A0007814.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP50\A0007815.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP51\A0009890.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{DC835154-275A-4C89-BACA-34AD3A26AA67}\RP51\A0009891.exe (Spyware.OnlineGames) -> No action taken.
0
Réponse 38 / 60
Utilisateur anonyme
 
Sodium on va faire Dr Web


Télécharge Dr Web CureIt sur ton Bureau :

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

- Double clique drweb-cureit.exe et ensuite clique sur Analyse;

- Clique Ok à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton Oui.
Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".
- Lorsque le scan rapide est terminé, clique sur le menu Options puis Changer la configuration ; Choisis l'onglet Scanner, et décoche Analyse heuristique. Clique ensuite sur Ok.
- De retour à la fenêtre principale : clique pour activer Analyse complète
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique Oui pour tout à l'invite Désinfecter ? lorsqu'un fichier est détecté, et ensuite clique Désinfecter.
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône Suivant, au dessous, et choisis Déplacer en quarantaine l'objet indésirable.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.
0
Sodium
 
Je l'ai déjà téléchargé (il y a quelques mois du coup) je me le re-télécharge au cas où il y aie une mise à jour quelconque?
0
Réponse 39 / 60
Utilisateur anonyme
 
ouvre malwarebytes et dans la quarantaine, clique sur supprimer la sélection, et après le redémarrage du PC poste le rapport
0
Réponse 40 / 60
Sodium
 
Je vais refaire le scan malwarebytes pour ensuite supprimer la quarantaine. Mais juste avant je te file un hijackthis de l'autre PC (portable) de la maison, avec qui je fais beaucoup de transferts de fichiers donc pour savoir (ou confirmer) que ce PC est bien l'origine de mes réinfections sur le premier PC.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:16, on 22/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Sony\VCM Manager Setting\VcmMgrNotification.exe
C:\Users\JAPANESE\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [dso32] C:\Users\JAPANESE\AppData\Local\Temp\dsoqq.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Discussions similaires

Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse