Sujet Précédent Sujet Suivant

Trojan wow

Fermé
seb86 - 13 janv. 2010 à 20:43
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 16 janv. 2010 à 21:45
Bonjour,
voici les 2 raport de rsit !!
je ne sais plus quoi faire pour me debarassé de ce truc!!!!merci de vos reponse
1er raport
Logfile of random's system information tool 1.06 (written by random/random)
Run by sebastien at 2010-01-13 20:29:01
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 185 GB (63%) free of 294 GB
Total RAM: 2814 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:23, on 13/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\sebastien\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\sebastien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [PCMAgent] "c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "c:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoomsmgr.exe] C:\Windows\system32\rundll32.exe C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll,Start
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Program Files\Anti-keylogger\akl_svc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
A voir également:

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
13 janv. 2010 à 21:33
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.


:processes
explorer.exe
:files
C:\Windows\70496.exe
C:\Windows\5526616.exe
C:\Windows\5023341.exe
C:\Windows\4527242.exe
C:\Windows\740349.exe
C:\Windows\166390.exe
C:\Windows\6961841.exe
C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll
C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk
C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoomsmgr.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________



scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­
0
Réponse 2 / 5
seb86
14 janv. 2010 à 15:45
voici le raport OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Windows\70496.exe not found.
File/Folder C:\Windows\5526616.exe not found.
File/Folder C:\Windows\5023341.exe not found.
File/Folder C:\Windows\4527242.exe not found.
File/Folder C:\Windows\740349.exe not found.
File/Folder C:\Windows\166390.exe not found.
File/Folder C:\Windows\6961841.exe not found.
File/Folder C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll not found.
File/Folder C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup not found.
File/Folder Notification de cadeaux MSN.lnk not found.
File/Folder C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe not found.
File/Folder [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run] not found.
File/Folder Yahoomsmgr.exe"= not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: sebastien
->Temp folder emptied: 3645150 bytes
->Temporary Internet Files folder emptied: 2824943741 bytes
->Java cache emptied: 43949288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6628757 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13426544 bytes
RecycleBin emptied: 4713 bytes

Total Files Cleaned = 2 759,00 mb


OTM by OldTimer - Version 3.1.5.0 log created on 01142010_152751

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

raport malwarebytes
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3561
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

14/01/2010 15:41:51
mbam-log-2010-01-14 (15-41-51).txt

Type de recherche: Examen rapide
Eléments examinés: 96459
Temps écoulé: 3 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\5331973.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 3 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
14 janv. 2010 à 18:35
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
seb86
14 janv. 2010 à 20:13
une fois fait je peut desinstaller combofix ou me serat il utile plus tard ???
voici le raport
ComboFix 10-01-14.01 - sebastien 14/01/2010 19:55:40.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1926 [GMT 1:00]
Lancé depuis: c:\users\sebastien\Desktop\killbagle.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1972301564-3474235584-991511132-1000
c:\$recycle.bin\S-1-5-21-2078663341-3694880461-555554543-500
c:\$recycle.bin\S-1-5-21-387172161-2880252421-4039532654-500

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-14 au 2010-01-14 ))))))))))))))))))))))))))))))))))))
.

2010-01-14 14:36 . 2010-01-14 14:36 -------- d-----w- c:\users\sebastien\AppData\Roaming\Malwarebytes
2010-01-14 14:36 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 14:36 . 2010-01-14 14:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 14:36 . 2010-01-14 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 14:36 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 14:20 . 2010-01-14 14:20 -------- d-----w- C:\_OTM
2010-01-13 20:31 . 2010-01-13 20:31 4 ----a-w- c:\windows\5331973.dat
2010-01-13 19:29 . 2010-01-13 19:29 -------- d-----w- c:\program files\trend micro
2010-01-13 19:29 . 2010-01-13 19:29 -------- d-----w- C:\rsit
2010-01-13 19:03 . 2010-01-13 19:03 4 ----a-w- c:\windows\70496.dat
2010-01-13 19:01 . 2010-01-13 19:01 116 ----a-w- c:\windows\5526616.dat
2010-01-13 18:54 . 2010-01-13 19:03 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-01-13 18:53 . 2010-01-13 18:53 116 ----a-w- c:\windows\5023341.dat
2010-01-13 18:45 . 2010-01-13 18:45 4 ----a-w- c:\windows\4527242.dat
2010-01-13 17:28 . 2010-01-13 17:28 116 ----a-w- c:\windows\740349.dat
2010-01-13 17:19 . 2010-01-13 17:19 4 ----a-w- c:\windows\166390.dat
2010-01-13 17:15 . 2010-01-13 17:15 230 ----a-w- c:\windows\6961841.dat
2010-01-13 15:45 . 2010-01-14 14:53 -------- d-----w- c:\program files\a-squared Free
2010-01-13 15:25 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:25 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 18:51 . 2010-01-14 14:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-12 18:51 . 2010-01-14 14:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-12 18:32 . 2010-01-12 18:32 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-12 18:32 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-12 18:25 . 2010-01-12 18:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-12 17:14 . 2010-01-12 17:14 0 ----a-w- c:\windows\system32\SBRC.dat
2010-01-12 17:14 . 2010-01-12 17:14 0 ----a-w- c:\windows\system32\SBFC.dat
2010-01-12 17:13 . 2010-01-12 17:13 -------- d-----w- c:\users\sebastien\AppData\Roaming\Sunbelt Software
2010-01-12 16:51 . 2010-01-12 16:51 2 --shatr- c:\windows\winstart.bat
2010-01-12 16:50 . 2010-01-12 16:50 -------- d-----w- c:\program files\Greatis
2010-01-12 16:07 . 2010-01-12 16:07 -------- d-----w- c:\program files\VS Revo Group
2010-01-12 15:56 . 2010-01-12 15:56 -------- d-----w- c:\users\sebastien\AppData\Local\Threat Expert
2010-01-11 08:59 . 2010-01-11 08:59 -------- d-----w- c:\programdata\WindowsSearch
2009-12-26 19:53 . 2009-12-26 19:53 17592 ----a-w- c:\users\sebastien\AppData\Roaming\Mumble\Plugins\tf2.dll
2009-12-26 19:53 . 2009-12-26 19:53 17080 ----a-w- c:\users\sebastien\AppData\Roaming\Mumble\Plugins\wow.dll
2009-12-26 19:53 . 2009-12-26 19:53 17592 ----a-w- c:\users\sebastien\AppData\Roaming\Mumble\Plugins\dods.dll
2009-12-26 19:52 . 2009-12-27 13:13 -------- d-----w- c:\users\sebastien\AppData\Roaming\Mumble
2009-12-26 19:52 . 2009-12-26 19:52 -------- d-----w- c:\program files\Mumble
2009-12-20 08:08 . 2009-12-20 08:08 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-20 08:01 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-12-20 08:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-20 08:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-20 08:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-18 10:38 . 2009-12-18 10:38 -------- d-----w- c:\windows\system32\ca-ES
2009-12-18 10:38 . 2009-12-18 10:38 -------- d-----w- c:\windows\system32\eu-ES
2009-12-18 10:38 . 2009-12-18 10:38 -------- d-----w- c:\windows\system32\vi-VN
2009-12-18 07:56 . 2009-12-18 07:56 -------- d-----w- c:\windows\system32\EventProviders
2009-12-16 18:47 . 2009-12-16 19:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-16 16:12 . 2009-12-16 16:43 -------- d-----w- c:\users\Public\Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 19:02 . 2009-11-01 09:09 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-14 18:46 . 2008-11-22 07:52 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-14 18:46 . 2008-11-22 07:52 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-14 18:42 . 2008-11-21 23:42 -------- d-----w- c:\programdata\NVIDIA
2010-01-14 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 17:14 . 2008-11-21 23:43 -------- d-----w- c:\program files\PC-Doctor for Windows
2010-01-12 19:40 . 2009-05-10 12:13 -------- d-----w- c:\program files\IncrediMail
2010-01-12 18:32 . 2009-05-10 11:37 -------- d-----w- c:\program files\Windows Live
2010-01-12 18:31 . 2009-05-10 17:35 86576 ----a-w- c:\users\sebastien\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-01-12 18:31 . 2009-05-10 17:35 392728 ----a-w- c:\users\sebastien\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2010-01-12 18:31 . 2009-05-10 17:35 132672 ----a-w- c:\users\sebastien\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-01-12 18:31 . 2009-05-10 17:35 0 ----a-r- c:\users\sebastien\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2010-01-12 16:23 . 2009-07-01 13:30 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-12 15:45 . 2009-11-16 14:46 7592 ----a-w- c:\users\sebastien\AppData\Local\d3d9caps.dat
2009-12-20 08:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-20 08:08 . 2009-12-20 08:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-12-17 15:27 . 2009-05-11 04:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-02 20:43 . 2008-11-21 23:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 11:12 . 2009-05-10 11:56 -------- d-----w- c:\users\sebastien\AppData\Roaming\Skype
2009-11-29 09:54 . 2009-05-10 11:55 -------- d-----r- c:\program files\Skype
2009-11-29 09:54 . 2009-11-29 09:54 -------- d-----w- c:\program files\Common Files\Skype
2009-11-29 09:54 . 2009-05-10 11:55 -------- d-----w- c:\programdata\Skype
2009-11-29 09:53 . 2009-05-10 11:57 -------- d-----w- c:\users\sebastien\AppData\Roaming\skypePM
2009-11-24 23:54 . 2009-09-08 18:07 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-09-08 18:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-08 18:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-08 18:07 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-09-08 18:07 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-08 18:07 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-08 18:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 20:41 . 2009-11-22 20:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-22 20:39 . 2009-11-22 20:39 -------- d-----w- c:\program files\Microsoft
2009-11-22 07:25 . 2009-05-10 11:14 -------- d-----w- c:\users\sebastien\AppData\Roaming\PowerCinema
2009-11-21 06:40 . 2009-12-09 19:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 19:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 19:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 19:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-16 15:32 . 2009-05-10 14:30 216 ----a-w- c:\users\sebastien\AppData\Roaming\wklnhst.dat
2009-11-03 21:43 . 2009-12-09 19:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-09 19:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-09 19:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 07:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2008-11-22 08:16 . 2008-11-22 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-09-07 251336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-25 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-09-15 143360]
"CLMLServer"="c:\program files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-09-15 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-08-29 172032]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

c:\_otm\MovedFiles\01142010_152035\C_Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\_otm\MovedFiles\01142010_152035\C_Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-1-12 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,4e,50,fe,ce,7f,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/09/2009 19:07 114768]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\System32\drivers\krnl_akl.sys [21/04/2009 19:50 360960]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [13/01/2010 19:54 1858144]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21/01/2008 03:33 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/09/2009 19:07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/09/2009 19:07 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [20/08/2009 12:15 233472]
R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [10/05/2009 13:03 98432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [20/08/2009 12:15 36608]
S2 akl_svc;Anti-keylogger Service;"c:\program files\Anti-keylogger\akl_svc.exe" --> c:\program files\Anti-keylogger\akl_svc.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:33 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [12/01/2010 19:32 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 01:58 20640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-06-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Presario&pf=cndt
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NPSStartup - (no file)
AddRemove-Notification de cadeaux MSN - c:\users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 20:02
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(212)
c:\program files\IncrediMail\bin\B4ImApp.dll
.
Heure de fin: 2010-01-14 20:05:51
ComboFix-quarantined-files.txt 2010-01-14 19:05

Avant-CF: 195 419 136 000 octets libres
Après-CF: 195 357 913 088 octets libres

- - End Of File - - EE9012E981933F4BC463956C7CC9F2AD
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040 > seb86
14 janv. 2010 à 22:04
Tu peux virer combofix. Colle un rapport usbfix option 1
0
Réponse 4 / 5
seb86
15 janv. 2010 à 13:55
raport usbfix

############################## | UsbFix V6.073 |

User : sebastien (Administrateurs) # PC-DE-SEBASTIEN
Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:51:48 | 15/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) Dual Core Processor 4450e
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 286,64 Go (180,94 Go free) [COMPAQ] # NTFS
D:\ -> Disque fixe local # 11,44 Go (1,56 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

############################## | Processus actifs |

C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 596
C:\Windows\system32\wininit.exe 648
C:\Windows\system32\csrss.exe 656
C:\Windows\system32\services.exe 720
C:\Windows\system32\lsass.exe 732
C:\Windows\system32\lsm.exe 740
C:\Windows\system32\svchost.exe 888
C:\Windows\system32\nvvsvc.exe 960
C:\Windows\system32\svchost.exe 996
C:\Windows\System32\svchost.exe 1036
C:\Windows\System32\svchost.exe 1096
C:\Windows\System32\svchost.exe 1136
C:\Windows\system32\svchost.exe 1160
C:\Windows\system32\svchost.exe 1280
C:\Windows\system32\SLsvc.exe 1304
C:\Windows\system32\svchost.exe 1340
C:\Windows\system32\winlogon.exe 1460
C:\Windows\system32\svchost.exe 1532
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1712
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1740
C:\Windows\system32\rundll32.exe 1844
C:\Windows\system32\Dwm.exe 432
C:\Windows\Explorer.EXE 552
C:\Windows\System32\spoolsv.exe 1332
C:\Windows\system32\svchost.exe 1432
C:\Windows\system32\taskeng.exe 1512
C:\Program Files\Windows Defender\MSASCui.exe 2152
C:\hp\support\hpsysdrv.exe 2172
C:\Windows\System32\nvraidservice.exe 2224
C:\Windows\System32\rundll32.exe 2304
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe 2428
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe 2440
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe 2456
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2492
C:\Windows\WindowsMobile\wmdc.exe 2508
C:\Program Files\Java\jre6\bin\jusched.exe 2560
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 2568
C:\Program Files\Windows Sidebar\sidebar.exe 2584
C:\Windows\system32\taskeng.exe 2592
C:\Program Files\Windows Media Player\wmpnscfg.exe 2608
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 2616
C:\_OTM\MovedFiles\01142010_152035\C_Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2676
C:\Program Files\IncrediMail\bin\IMApp.exe 3256
C:\Program Files\Windows Sidebar\sidebar.exe 3292
C:\Program Files\a-squared Anti-Malware\a2service.exe 3396
C:\Windows\System32\svchost.exe 3448
C:\Windows\system32\svchost.exe 3508
C:\Windows\system32\FsUsbExService.Exe 3548
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3708
C:\Windows\system32\svchost.exe 3820
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3888
C:\Windows\system32\svchost.exe 4012
C:\Windows\System32\svchost.exe 1932
C:\Windows\system32\SearchIndexer.exe 2028
C:\Windows\system32\WUDFHost.exe 2636
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2736
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2972
C:\Program Files\Windows Media Player\wmpnetwk.exe 3132
C:\Windows\system32\svchost.exe 2272
C:\Windows\system32\wbem\wmiprvse.exe 2188
C:\Windows\system32\wbem\unsecapp.exe 4228
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4628
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe 6008
C:\Windows\system32\conime.exe 5552
C:\Windows\system32\taskeng.exe 5124
C:\Windows\System32\mobsync.exe 6068
C:\Windows\system32\wbem\wmiprvse.exe 5652

################## | Elements infectieux |


################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Cracks > Keygens > Serials |


################## | ! Fin du rapport # UsbFix V6.073 ! |
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 janv. 2010 à 21:45
ok colle un rapport option 2 après avoir branché tes supports externes

puis
remets un rapport rsit
et dis si encore des soucis
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses