Aller au contenu

kamelkos

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    28

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par kamelkos

  1. kamelkos
    bonjour a tous, voila depuis quelques semaines, j'ai chopé le trojan services.exe et smss.exe . impossible de les supprimer, ils reviennent tous le temps. mais je pense que beaucoup de personne est dans mon cas :/. je suis tombé sur un site qui disait que grace a Combofix on pouvait supprimer le trojan: 1- Créer un doc texte sur ton bureau : * Pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" . * Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer : @ECHO OFF START remover.exe fix \\.\PhysicalDrive0 EXIT * Sauvegarde le document sur ton bureau : Va sur "fichier"/"enregistrer sous" : ---> Nom du fichier, tu tapes : fix.bat Type de fichier, tu choisis : "tous les fichiers" -> clique sur "enregistrer" (le .bat à la fin est important) ! Désactive ton antivirus et ferme toutes applications en cours ! * Double clic sur fix.bat > ça doit ouvrir une fenêtre noir qui va se refermer. * Une fois finit, une nouvelle fenêtre noir type DOS va apparaitre > copie/colle tout le contenu de cette dernière dans ta prochaine réponse pour analyse et fait la suite ... ======================= 2- Créer de nouveau un doc texte sur ton bureau : * Pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" . * Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer : File:: c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe Folder:: c:\system volume information\Microsoft * Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : CFScript puis valide ... 3- Nettoyage : !! Ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !! --> Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe . Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif Cette manipulation va lancer Combofix ! > A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ... voila ensuite Combofix ma donner comme rapport cela : ComboFix 10-07-01.02 - kamelkos 03/07/2010 10:37:19.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1022 [GMT 2:00] Lancé depuis: c:\users\kamelkos\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\kamelkos\Desktop\CFScript.txt AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé FILE :: "c:\system volume information\Microsoft\services.exe" "c:\system volume information\Microsoft\smss.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\system volume information\Microsoft c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-06-03 au 2010-07-03 )))))))))))))))))))))))))))))))))))) . 2010-07-03 08:50 . 2010-07-03 09:31 -------- d-----w- c:\users\kamelkos\AppData\Local\temp 2010-07-03 08:50 . 2010-07-03 08:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-07-03 08:50 . 2010-07-03 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-03 08:50 . 2010-07-03 08:50 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2010-07-01 01:49 . 2010-07-01 01:49 -------- d-----w- C:\DriveKey 2010-06-30 19:32 . 2010-06-30 19:32 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Megaupload 2010-06-29 17:38 . 2010-07-03 08:38 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2010-06-29 15:13 . 2010-06-29 15:13 916 ----a-w- c:\windows\55249470.dat 2010-06-25 03:43 . 2010-06-25 03:43 460 ----a-w- c:\windows\109051063.dat 2010-06-24 02:00 . 2010-06-24 02:00 230 ----a-w- c:\windows\16487464.dat 2010-06-23 22:47 . 2010-06-23 22:47 460 ----a-w- c:\windows\4889523.dat 2010-06-23 14:46 . 2010-06-28 22:04 -------- d-----w- c:\program files\a-squared Free 2010-06-23 12:34 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 12:34 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 12:34 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 12:34 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 12:34 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-23 12:13 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-23 12:13 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-22 00:52 . 2010-06-22 00:52 -------- d-----w- c:\program files\iPod 2010-06-22 00:52 . 2010-06-22 00:54 -------- d-----w- c:\program files\iTunes 2010-06-22 00:45 . 2010-06-22 00:45 -------- d-----w- c:\program files\Bonjour 2010-06-21 18:00 . 2010-06-21 17:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-21 17:59 . 2010-06-21 17:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 12:05 . 2010-06-17 12:05 737280 ----a-w- c:\windows\iun6002.exe 2010-06-15 01:31 . 2010-06-15 01:31 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-14 19:16 . 2010-06-21 17:59 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-14 19:00 . 2010-06-15 17:08 -------- d-----w- c:\program files\VS Revo Group 2010-06-14 17:57 . 2010-06-15 01:31 -------- d-----w- c:\program files\Lavasoft 2010-06-14 17:57 . 2010-06-14 17:58 -------- d-----w- c:\programdata\Lavasoft 2010-06-14 12:15 . 2010-06-14 12:15 -------- d-----w- c:\users\kamelkos\AppData\Local\OPaC bright ideas 2010-06-14 12:15 . 2010-06-14 12:15 -------- d-----w- c:\users\kamelkos\AppData\Roaming\OPaC bright ideas 2010-06-14 12:14 . 2010-06-14 12:14 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Epsitec Cache 2010-06-13 20:43 . 2010-06-14 12:56 -------- d-----w- c:\users\kamelkos\AppData\Local\Unity 2010-06-13 16:57 . 2010-06-13 16:57 -------- d-----w- c:\program files\iSpring 2010-06-13 16:45 . 2010-06-13 16:45 -------- d-----w- c:\users\kamelkos\AppData\Roaming\speechi 2010-06-13 16:37 . 2010-06-14 12:59 -------- d-----w- c:\program files\Speechi 2010-06-12 22:29 . 2010-06-12 22:31 -------- d-----w- c:\users\kamelkos\AppData\Roaming\GetRightToGo 2010-06-12 22:17 . 2010-06-17 12:05 -------- d-----w- c:\program files\SWF to AVI 2010-06-07 13:30 . 2010-06-28 16:12 -------- d-----w- c:\program files\Adobe Media Player . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 09:20 . 2009-09-24 22:44 81984 ----a-w- c:\windows\system32\bdod.bin 2010-07-03 09:20 . 2007-07-20 16:20 12 ----a-w- c:\windows\bthservsdp.dat 2010-07-02 15:09 . 2010-05-09 23:07 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Skype 2010-07-02 14:59 . 2010-03-21 20:25 -------- d-----w- c:\users\kamelkos\AppData\Roaming\vlc 2010-07-02 14:56 . 2009-09-26 14:40 -------- d-----w- c:\program files\FlashGet 2010-07-02 14:09 . 2010-05-09 23:13 -------- d-----w- c:\users\kamelkos\AppData\Roaming\skypePM 2010-07-01 01:49 . 2007-07-20 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-01 00:27 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat 2010-07-01 00:27 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-30 20:23 . 2009-10-12 12:12 -------- d-----w- c:\users\kamelkos\AppData\Roaming\FileZilla 2010-06-30 20:21 . 2009-12-07 22:55 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Vso 2010-06-30 19:26 . 2009-09-26 14:40 -------- d-----w- c:\program files\Pando Networks 2010-06-29 17:45 . 2009-10-14 08:45 1 ----a-w- c:\users\kamelkos\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-28 23:11 . 2009-12-27 16:14 -------- d-----w- c:\users\kamelkos\AppData\Roaming\dvdcss 2010-06-28 16:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-06-28 16:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-06-28 16:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-06-28 16:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-28 16:03 . 2010-05-22 14:05 -------- d-----w- c:\program files\Micro Application 2010-06-28 00:34 . 2010-05-26 12:27 -------- d-----w- c:\program files\Screaming Bee 2010-06-28 00:22 . 2009-10-04 15:55 -------- d-----w- c:\program files\Uniblue 2010-06-25 14:34 . 2009-09-30 16:12 -------- d-----w- c:\program files\Microsoft.NET 2010-06-25 03:35 . 2009-09-24 19:06 2032 ----a-w- c:\users\kamelkos\AppData\Local\d3d9caps.dat 2010-06-23 15:58 . 2009-09-26 19:23 -------- d-----w- c:\program files\Webteh 2010-06-22 00:52 . 2009-09-25 12:22 -------- d-----w- c:\program files\Common Files\Apple 2010-06-22 00:45 . 2010-06-22 00:45 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-22 00:44 . 2009-11-01 17:11 -------- d-----w- c:\program files\Safari 2010-06-22 00:43 . 2010-06-22 00:43 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe 2010-06-17 12:35 . 2010-06-30 19:56 1496064 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-06-17 12:35 . 2010-06-30 19:56 43008 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-06-17 12:35 . 2010-06-30 19:56 339456 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-06-17 12:35 . 2010-06-30 19:56 346112 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-06-16 14:00 . 2010-02-01 13:23 117676 ----a-w- c:\users\kamelkos\AppData\Roaming\nvModes.dat 2010-06-16 13:59 . 2009-09-24 19:06 161352 ----a-w- c:\users\kamelkos\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-14 18:37 . 2009-09-26 16:07 -------- d-----w- c:\program files\MAGIX 2010-06-14 18:37 . 2009-09-26 16:08 -------- d-----w- c:\programdata\MAGIX 2010-06-14 18:29 . 2010-06-01 22:12 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-14 13:35 . 2010-05-16 22:08 -------- d-----w- c:\program files\ConvertGenius 2010-05-26 19:08 . 2010-05-26 19:05 -------- d-----w- c:\program files\Virtual Personality 2010-05-26 17:06 . 2010-06-08 19:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 15:46 . 2010-05-26 12:29 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Screaming Bee 2010-05-26 15:19 . 2010-05-26 12:27 -------- d-----w- c:\programdata\Screaming Bee 2010-05-26 15:12 . 2010-05-09 23:07 -------- d-----r- c:\program files\Skype 2010-05-26 14:47 . 2010-06-08 19:13 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-26 12:43 . 2010-05-26 12:43 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Avnex 2010-05-25 21:30 . 2009-09-24 19:06 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Sony Corporation 2010-05-22 14:13 . 2010-05-22 14:13 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Micro Application 2010-05-22 14:02 . 2010-05-21 20:53 -------- d-----w- c:\users\kamelkos\AppData\Roaming\DAEMON Tools Lite 2010-05-21 20:54 . 2010-05-21 20:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-05-21 20:53 . 2010-05-21 20:53 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-05-20 23:09 . 2010-04-09 19:07 -------- d-----w- c:\program files\NewsLeecher 2010-05-20 23:08 . 2007-07-23 09:09 -------- d-----w- c:\program files\Common Files\Java 2010-05-20 22:49 . 2009-10-20 13:44 -------- d-----w- c:\program files\Microsoft SQL Server 2010-05-20 22:40 . 2010-04-13 20:04 -------- d-----w- c:\program files\Common Files\MAGIX Services 2010-05-20 22:30 . 2010-05-09 15:55 -------- d-----w- c:\program files\League of Legends 2010-05-20 17:24 . 2010-05-20 17:24 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-15 12:59 . 2010-05-12 13:00 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-05-12 15:23 . 2010-05-12 15:23 -------- d-----w- c:\users\kamelkos\AppData\Roaming\LolClient 2010-05-09 23:13 . 2010-05-09 23:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-05-09 23:07 . 2010-05-09 23:07 -------- d-----w- c:\program files\Common Files\Skype 2010-05-09 23:07 . 2009-09-22 07:56 -------- d-----w- c:\programdata\Skype 2010-05-09 01:45 . 2010-05-09 01:45 -------- d-----w- c:\users\kamelkos\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2010-05-08 20:31 . 2010-05-08 20:29 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-08 20:31 . 2010-05-08 20:31 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-08 20:31 . 2010-01-22 01:24 38784 ----a-w- c:\users\kamelkos\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-08 20:12 . 2010-05-08 20:12 -------- d-----w- c:\programdata\PMB Files 2010-05-08 18:33 . 2010-05-08 18:32 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-04 05:59 . 2010-06-08 19:13 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-08 19:13 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-08 19:13 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-08 19:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-08 19:13 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 14:13 . 2010-05-25 18:31 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-05 17:01 . 2010-06-08 19:13 67072 ----a-w- c:\windows\system32\asycfilt.dll 2009-11-12 21:25 . 2009-09-24 21:59 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll 2008-07-25 08:31 . 2009-09-25 13:50 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-09-24 69632] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-06-29 3627912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-26 160592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-07-12 06:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\windows\30864813.exe \??\c:\windows\30864813.dat SetupExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Pando"="c:\program files\Pando Networks\Pando\Pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):98,9b,ed,45,46,40,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-289133231-3036828548-2532764815-1000] "EnableNotificationsRef"=dword:00000005 R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x] R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-21 691696] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288] S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-05-15 39576] S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776] S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-06-29 1935120] S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-06-23 1872320] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-09-24 82696] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-27 86016] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-29 71008] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-09-24 111112] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-09-24 104456] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ bdx REG_MULTI_SZ scan HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-07-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:58] 2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{4AA6A211-5C1E-48E8-BC75-DAC35A762B74}.job - c:\windows\system32\msfeedssync.exe [2010-06-08 04:30] . . ------- Examen supplémentaire ------- . uStart Page = about:blank mDefault_Page_URL = hxxp://www.club-vaio.com uInternet Settings,ProxyOverride = *.local IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html FF - ProfilePath - c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-03 11:25 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,91,f7,3d,30,4d,ca,43,a4,2c,80,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,91,f7,3d,30,4d,ca,43,a4,2c,80,\ [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\stacsv.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Apoint\Apntex.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\wermgr.exe . ************************************************************************** . Heure de fin: 2010-07-03 11:42:05 - La machine a redémarré ComboFix-quarantined-files.txt 2010-07-03 09:41 ComboFix2.txt 2010-07-03 08:00 Avant-CF: 59 387 674 624 octets libres Après-CF: 56 450 046 976 octets libres - - End Of File - - 2431CD867808CF35BB5C72371C1605F5 le trojan et toujours la et je sais pas comment m'en débarrasser! quelqu'un pourrait il m'aider?
×
×
  • Créer...