pc contaminé par services.exe/smss.exe

[Falkra]

Regarde si tu as l'option de "Réparer votre ordinateur" via le menu du F8 (au démarrage). Si oui, ce sera plus simple pour la suite.

[kamelkos]

Regarde si tu as l'option de "Réparer votre ordinateur" via le menu du F8 (au démarrage). Si oui, ce sera plus simple pour la suite.

 

 

oui je l'ai.

 

enfait en revenant sur mon 1er message, depuis que j'ai utilisé Combofix, mon pc ne lague plus, mon anti malware le detecte et le bloque ( je recois le message : impossible de se connecter a jl.chura.pl) je n'ai plus de plantage, Mais encore quelque bug, toujours de popups qui s'ouvre meme si je ne surf pas sur internet.

alors la voila j'espere que tu ne vas pas me donner de faire une restauration du systeme,(enfait je sais pas si tout ce qui a en quarantaine se restaure apres une restauration du systeme).

[Falkra]

Il faut réparer le secteur de démarrage.

 

Au démarrage de la machine, choisis de "Réparer votre ordinateur" (via F8 donc).

Choisis ensuite l'option "Invite de commandes".

À l'invite, tape ceci :

bootrec /fixmbr et valide avec la touche [Entrée]

(il y a un espace après "bootrec")

 

Après redémarrage en mode Normal, relance ComboFix (accepte la mise à jour de l'outil proposée dès son lancement).

[kamelkos]

donc c bon , j'ai fais le redémarrage, tout ce que tu m'as demandé , ensuite je cliké sur remove.exe j'ai bien eu cette fois le message OK en vert ! ensuite le Combofix . et j'ai eu le rapport suivant :

 

ComboFix 10-07-07.02 - kamelkos 08/07/2010 19:57:01.3.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1090 [GMT 2:00]

Lancé depuis: c:\users\kamelkos\Desktop\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\system volume information\Microsoft

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-08 au 2010-07-08 ))))))))))))))))))))))))))))))))))))

.

 

2010-07-08 18:11 . 2010-07-08 18:12 -------- d-----w- c:\users\kamelkos\AppData\Local\temp

2010-07-08 18:11 . 2010-07-08 18:11 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-07-08 18:11 . 2010-07-08 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-07-08 18:11 . 2010-07-08 18:11 -------- d-----w- c:\users\Administrateur\AppData\Local\temp

2010-07-04 18:15 . 2010-07-04 18:15 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-04 18:12 . 2010-07-04 18:07 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-07-04 18:12 . 2010-07-04 18:07 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-07-04 18:12 . 2009-09-29 16:54 529200 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

2010-07-04 18:12 . 2010-07-04 18:12 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-07-04 18:12 . 2009-09-29 16:54 529200 ----a-w- c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe

2010-07-04 18:12 . 2010-07-04 18:12 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-07-04 18:11 . 2010-07-04 18:11 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-07-04 18:11 . 2010-07-04 18:11 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe

2010-07-04 18:10 . 2010-07-04 18:10 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

2010-07-04 18:09 . 2010-07-04 18:09 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe

2010-07-04 18:09 . 2010-07-04 18:09 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-07-04 18:09 . 2010-07-04 18:09 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-07-04 18:09 . 2010-07-04 18:09 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-07-04 18:09 . 2010-07-04 18:09 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe

2010-07-04 18:07 . 2010-07-04 18:12 -------- d-----w- c:\programdata\DivX

2010-07-01 01:49 . 2010-07-01 01:49 -------- d-----w- C:\DriveKey

2010-06-30 19:56 . 2010-06-17 12:35 43008 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-06-30 19:56 . 2010-06-17 12:35 339456 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-06-30 19:56 . 2010-06-17 12:35 346112 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-06-30 19:56 . 2010-06-17 12:35 1496064 ----a-w- c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-06-29 17:38 . 2010-07-08 17:53 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-06-29 15:13 . 2010-06-29 15:13 916 ----a-w- c:\windows\55249470.dat

2010-06-25 03:43 . 2010-06-25 03:43 460 ----a-w- c:\windows\109051063.dat

2010-06-24 02:00 . 2010-06-24 02:00 230 ----a-w- c:\windows\16487464.dat

2010-06-23 22:47 . 2010-06-23 22:47 460 ----a-w- c:\windows\4889523.dat

2010-06-23 14:46 . 2010-06-28 22:04 -------- d-----w- c:\program files\a-squared Free

2010-06-23 12:34 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 12:34 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 12:34 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 12:34 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 12:34 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 12:13 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-23 12:13 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-22 00:52 . 2010-06-22 00:52 -------- d-----w- c:\program files\iPod

2010-06-22 00:52 . 2010-06-22 00:54 -------- d-----w- c:\program files\iTunes

2010-06-22 00:45 . 2010-06-22 00:45 -------- d-----w- c:\program files\Bonjour

2010-06-22 00:45 . 2010-06-22 00:45 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-22 00:43 . 2010-06-22 00:43 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-21 18:00 . 2010-06-21 17:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-21 17:59 . 2010-06-21 17:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-17 12:05 . 2010-06-17 12:05 737280 ----a-w- c:\windows\iun6002.exe

2010-06-15 01:31 . 2010-06-15 01:31 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-06-15 01:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-06-14 19:16 . 2010-06-21 17:59 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-14 19:00 . 2010-06-15 17:08 -------- d-----w- c:\program files\VS Revo Group

2010-06-14 17:57 . 2010-06-15 01:31 -------- d-----w- c:\program files\Lavasoft

2010-06-14 17:57 . 2010-06-14 17:58 -------- d-----w- c:\programdata\Lavasoft

2010-06-14 12:15 . 2010-06-14 12:15 -------- d-----w- c:\users\kamelkos\AppData\Local\OPaC bright ideas

2010-06-14 12:15 . 2010-06-14 12:15 -------- d-----w- c:\users\kamelkos\AppData\Roaming\OPaC bright ideas

2010-06-14 12:14 . 2010-06-14 12:14 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Epsitec Cache

2010-06-13 20:43 . 2010-06-14 12:56 -------- d-----w- c:\users\kamelkos\AppData\Local\Unity

2010-06-13 16:57 . 2010-06-13 16:57 -------- d-----w- c:\program files\iSpring

2010-06-13 16:45 . 2010-06-13 16:45 -------- d-----w- c:\users\kamelkos\AppData\Roaming\speechi

2010-06-13 16:37 . 2010-06-14 12:59 -------- d-----w- c:\program files\Speechi

2010-06-12 22:29 . 2010-06-12 22:31 -------- d-----w- c:\users\kamelkos\AppData\Roaming\GetRightToGo

2010-06-12 22:17 . 2010-06-17 12:05 -------- d-----w- c:\program files\SWF to AVI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-08 17:36 . 2009-09-24 22:44 81984 ----a-w- c:\windows\system32\bdod.bin

2010-07-08 17:36 . 2007-07-20 16:20 12 ----a-w- c:\windows\bthservsdp.dat

2010-07-08 17:34 . 2010-03-21 20:25 -------- d-----w- c:\users\kamelkos\AppData\Roaming\vlc

2010-07-07 21:49 . 2010-02-01 13:23 117676 ----a-w- c:\users\kamelkos\AppData\Roaming\nvModes.dat

2010-07-05 00:43 . 2009-10-14 08:45 1 ----a-w- c:\users\kamelkos\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-07-04 21:56 . 2009-09-26 13:25 -------- d-----w- c:\users\kamelkos\AppData\Roaming\DivX

2010-07-04 19:09 . 2009-10-12 12:12 -------- d-----w- c:\users\kamelkos\AppData\Roaming\FileZilla

2010-07-04 18:12 . 2007-07-23 09:00 -------- d-----w- c:\program files\DivX

2010-07-04 18:12 . 2009-09-29 16:53 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-07-03 19:35 . 2007-07-20 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-02 15:09 . 2010-05-09 23:07 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Skype

2010-07-02 14:56 . 2009-09-26 14:40 -------- d-----w- c:\program files\FlashGet

2010-07-02 14:09 . 2010-05-09 23:13 -------- d-----w- c:\users\kamelkos\AppData\Roaming\skypePM

2010-07-01 00:27 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat

2010-07-01 00:27 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat

2010-06-30 20:21 . 2009-12-07 22:55 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Vso

2010-06-30 19:26 . 2009-09-26 14:40 -------- d-----w- c:\program files\Pando Networks

2010-06-28 23:11 . 2009-12-27 16:14 -------- d-----w- c:\users\kamelkos\AppData\Roaming\dvdcss

2010-06-28 16:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-06-28 16:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-06-28 16:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-06-28 16:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-06-28 16:03 . 2010-05-22 14:05 -------- d-----w- c:\program files\Micro Application

2010-06-28 00:34 . 2010-05-26 12:27 -------- d-----w- c:\program files\Screaming Bee

2010-06-28 00:22 . 2009-10-04 15:55 -------- d-----w- c:\program files\Uniblue

2010-06-25 14:34 . 2009-09-30 16:12 -------- d-----w- c:\program files\Microsoft.NET

2010-06-25 03:35 . 2009-09-24 19:06 2032 ----a-w- c:\users\kamelkos\AppData\Local\d3d9caps.dat

2010-06-23 15:58 . 2009-09-26 19:23 -------- d-----w- c:\program files\Webteh

2010-06-22 00:52 . 2009-09-25 12:22 -------- d-----w- c:\program files\Common Files\Apple

2010-06-22 00:44 . 2009-11-01 17:11 -------- d-----w- c:\program files\Safari

2010-06-16 13:59 . 2009-09-24 19:06 161352 ----a-w- c:\users\kamelkos\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-14 18:37 . 2009-09-26 16:07 -------- d-----w- c:\program files\MAGIX

2010-06-14 18:37 . 2009-09-26 16:08 -------- d-----w- c:\programdata\MAGIX

2010-06-14 18:29 . 2010-06-01 22:12 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-14 13:35 . 2010-05-16 22:08 -------- d-----w- c:\program files\ConvertGenius

2010-05-26 19:08 . 2010-05-26 19:05 -------- d-----w- c:\program files\Virtual Personality

2010-05-26 17:06 . 2010-06-08 19:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 15:46 . 2010-05-26 12:29 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Screaming Bee

2010-05-26 15:19 . 2010-05-26 12:27 -------- d-----w- c:\programdata\Screaming Bee

2010-05-26 15:12 . 2010-05-09 23:07 -------- d-----r- c:\program files\Skype

2010-05-26 14:47 . 2010-06-08 19:13 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-26 12:43 . 2010-05-26 12:43 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Avnex

2010-05-25 21:30 . 2009-09-24 19:06 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Sony Corporation

2010-05-22 14:13 . 2010-05-22 14:13 -------- d-----w- c:\users\kamelkos\AppData\Roaming\Micro Application

2010-05-22 14:02 . 2010-05-21 20:53 -------- d-----w- c:\users\kamelkos\AppData\Roaming\DAEMON Tools Lite

2010-05-21 20:54 . 2010-05-21 20:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-05-21 20:53 . 2010-05-21 20:53 -------- d-----w- c:\programdata\DAEMON Tools Lite

2010-05-20 23:09 . 2010-04-09 19:07 -------- d-----w- c:\program files\NewsLeecher

2010-05-20 23:08 . 2007-07-23 09:09 -------- d-----w- c:\program files\Common Files\Java

2010-05-20 22:49 . 2009-10-20 13:44 -------- d-----w- c:\program files\Microsoft SQL Server

2010-05-20 22:40 . 2010-04-13 20:04 -------- d-----w- c:\program files\Common Files\MAGIX Services

2010-05-20 22:30 . 2010-05-09 15:55 -------- d-----w- c:\program files\League of Legends

2010-05-20 17:24 . 2010-05-20 17:24 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-15 12:59 . 2010-05-12 13:00 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-05-12 15:23 . 2010-05-12 15:23 -------- d-----w- c:\users\kamelkos\AppData\Roaming\LolClient

2010-05-09 23:13 . 2010-05-09 23:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-05-09 23:07 . 2010-05-09 23:07 -------- d-----w- c:\program files\Common Files\Skype

2010-05-09 23:07 . 2009-09-22 07:56 -------- d-----w- c:\programdata\Skype

2010-05-08 20:31 . 2010-05-08 20:31 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-08 20:31 . 2010-01-22 01:24 38784 ----a-w- c:\users\kamelkos\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-08 18:33 . 2010-05-08 18:32 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-04 05:59 . 2010-06-08 19:13 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55 . 2010-06-08 19:13 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 05:55 . 2010-06-08 19:13 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 04:31 . 2010-06-08 19:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-01 14:13 . 2010-06-08 19:13 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-27 18:40 . 2009-09-22 07:53 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-04-27 18:40 . 2009-09-22 07:53 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-04-27 18:40 . 2007-02-06 14:03 133616 ------w- c:\windows\system32\PxAFS.DLL

2010-04-23 14:13 . 2010-05-25 18:31 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-16 16:43 . 2010-06-23 12:13 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-04-16 16:43 . 2010-06-23 12:13 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-04-16 16:43 . 2010-06-23 12:13 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-04-16 16:43 . 2010-06-23 12:13 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2009-11-12 21:25 . 2009-09-24 21:59 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll

2008-07-25 08:31 . 2009-09-25 13:50 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-09-24 69632]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]

"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-06-29 3627912]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-26 160592]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-07-12 06:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\windows\30864813.exe \??\c:\windows\30864813.dat

SetupExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" /Minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):98,9b,ed,45,46,40,ca,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-289133231-3036828548-2532764815-1000]

"EnableNotificationsRef"=dword:00000005

 

R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-27 86016]

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]

R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]

R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-21 691696]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-05-15 39576]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]

S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-06-29 1935120]

S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-06-23 1872320]

S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-09-24 82696]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-29 71008]

S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-09-24 111112]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-09-24 104456]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

bdx REG_MULTI_SZ scan

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:58]

.

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

mDefault_Page_URL = hxxp://www.club-vaio.com

uInternet Settings,ProxyOverride = *.local

IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

FF - ProfilePath - c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - component: c:\users\kamelkos\AppData\Roaming\Mozilla\Firefox\Profiles\uo12bvfw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-08 20:12

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,91,f7,3d,30,4d,ca,43,a4,2c,80,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,91,f7,3d,30,4d,ca,43,a4,2c,80,\

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:0000003d

 

[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(1736)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Heure de fin: 2010-07-08 20:20:04

ComboFix-quarantined-files.txt 2010-07-08 18:19

ComboFix2.txt 2010-07-03 09:42

ComboFix3.txt 2010-07-03 08:00

 

Avant-CF: 45 114 983 936 octets libres

Après-CF: 45 107 765 248 octets libres

 

- - End Of File - - 8A2A1F4E4B698475A341321F269D1EA2

[Falkra]

Ca, c'est très très bien.

 

Télécharge le fichier extraction.bat ici, pour nettoyer les restes :

senduit | Share easily.

 

Exécute le fichier avec droits administrateur, il va faire un rapport que tu pourras poster, on va regarder des clés de registre à réparer.

 

Le plus gros est fait !

[kamelkos]

bug