Antimalware Doctor à encore frappé

kartatus · le 15 septembre 2010

Ca vient pas du fait que je change le nom du fichier par "kartatus.exe" ? (comme je comprends pas, je me pose surement des questions bête ^^)

Thanos · le 15 septembre 2010

Il n'y a pas de question bête

Non, le problème ne provient pas de là en tout cas.

J'aimerai stp que tu fasses le scan suivant pour en voir plus =>

Télécharge GMER Rootkit Scanner

- Désactive le bouclier d'Antivir avant de lancer le scan: Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Activer Antivir Guard

- N'utilise pas le pc pendant le scan et ferme tout programme ouvert avant de le lancer.

Clique sur le bouton "Download EXE"
Sauvegarde-le sur ton Bureau.
Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.
Ferme les fenêtres de navigateur ouvertes et tout autre programme ouvert car le scan peut faire planter le pc.
Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;
Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"
Clique maintenant sur le bouton et patiente (cela peut prendre 10 minutes ou +)
Lorsque l'analyse sera terminée, clique sur le bouton (au bas à droite)
Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau
Copie/colle le contenu de ce rapport dans ta réponse.

kartatus · le 16 septembre 2010

Alors voici le rapport après 2 tentatives (à cause des fenetres internet explorer qui s'ouvre sans arrêt> mais c'est peut etre un autre problème et je devrais faire un autre poste, car ça n'arrête pas... ):

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-16 19:09:27

Windows 6.0.6002 Service Pack 2

Running: nh9goyjc.exe; Driver: C:\Users\Wax\AppData\Local\Temp\kwldrpob.sys

---- System - GMER 1.0.15 ----

SSDT 8B7F7BBC ZwCreateThread

SSDT 8B7F7BA8 ZwOpenProcess

SSDT 8B7F7BAD ZwOpenThread

SSDT 8B7F7BB7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 824FC984 4 Bytes [bC, 7B, 7F, 8B]

.text ntkrnlpa.exe!KeSetEvent + 3F1 824FCB54 4 Bytes [A8, 7B, 7F, 8B] {TEST AL, 0x7b; JG 0xffffffffffffff8f}

.text ntkrnlpa.exe!KeSetEvent + 40D 824FCB70 4 Bytes [AD, 7B, 7F, 8B]

.text ntkrnlpa.exe!KeSetEvent + 621 824FCD84 4 Bytes [b7, 7B, 7F, 8B] {MOV BH, 0x7b; JG 0xffffffffffffff8f}

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD56000, 0x4036D, 0xE8000020]

.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD9F000, 0x510, 0x40000040]

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F608000, 0x2D14E8, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\wininit.exe[772] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\csrss.exe[784] KERNEL32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[788] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\services.exe[820] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text ...

.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3040] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3040] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\System32\mobsync.exe[3080] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Windows\System32\mobsync.exe[3080] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3244] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Windows Media Player\wmplayer.exe[3276] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Program Files\Windows Media Player\wmplayer.exe[3276] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\Dwm.exe[3496] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Windows\system32\Dwm.exe[3496] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\Explorer.EXE[3512] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\taskeng.exe[3536] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Windows\system32\taskeng.exe[3536] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\RtHDVCpl.exe[3720] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Windows\RtHDVCpl.exe[3720] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3728] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\System32\rundll32.exe[3772] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Windows\System32\rundll32.exe[3772] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\WUDFHost.exe[3836] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3868] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3868] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\taskeng.exe[4716] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Users\Wax\Desktop\nh9goyjc.exe[5112] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5220] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Program Files\Internet Explorer\IEUser.exe[5720] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Program Files\Internet Explorer\IEUser.exe[5720] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Users\Wax\teioq.exe[5848] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

.text C:\Windows\system32\conime.exe[5900] kernel32.dll!TerminateProcess 766C18EF 1 Byte [C3]

.text C:\Windows\system32\conime.exe[5900] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

? C:\Windows\system32\svchost.exe[5928] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

.text C:\Windows\system32\svchost.exe[5928] kernel32.dll!TerminateThread 767041F7 1 Byte [C3]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DC7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E1A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DCBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DBF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DC75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DBE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DF8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DCDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DBFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DBFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DB71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E4CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DEC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DBD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DB6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DB687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DC2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExA] [0041A63A] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [0041A72E] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\WININET.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\WININET.dll [uSER32.dll!SetWindowPos] [0041A7E0] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shell32.dll [uSER32.dll!CreateWindowExW] [0041A6B4] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shell32.dll [uSER32.dll!SetWindowPos] [0041A7E0] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kj9.exe[3636] @ C:\Windows\system32\shell32.dll [uSER32.dll!ShowWindow] [0041A72E] C:\Users\Wax\AppData\Local\Temp\Kj9.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [00419E70] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExA] [00419D80] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!DialogBoxParamA] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shlwapi.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!SetWindowPos] [00419F1E] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\wininet.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!CreateWindowExW] [00419DF8] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!SetWindowPos] [00419F1E] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!DialogBoxParamW] [00419F8A] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!ShowWindow] [00419E70] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\shell32.dll [uSER32.dll!MessageBoxIndirectW] [00419F84] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kke.exe[3684] @ C:\Windows\system32\CRYPT32.dll [uSER32.dll!MessageBoxW] [00419F96] C:\Users\Wax\AppData\Local\Temp\Kke.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!CreateWindowExA] [00418864] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!DialogBoxParamA] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHLWAPI.DLL [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SetWindowPos] [00418A02] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!ShowWindow] [00418954] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!MessageBoxIndirectW] [00418A68] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\ole32.dll [uSER32.dll!ShowWindow] [00418954] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!CreateWindowExW] [004188DC] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!MessageBoxW] [00418A7A] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!SetWindowPos] [00418A02] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Users\Wax\AppData\Local\Temp\Kkg.exe[3692] @ C:\Windows\system32\wininet.dll [uSER32.dll!DialogBoxParamW] [00418A6E] C:\Users\Wax\AppData\Local\Temp\Kkg.exe (Daniels/Don HO don.h@free.fr)

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!HeapSetInformation] 81EC8B55

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 000134EC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!CreateActCtxW] 6A006A00

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 5C92E80F

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 45890000

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!lstrlenW] FC7D83FC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 330475FF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!InterlockedExchange] C77DEBC0

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] FFFED085

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 000128FF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetModuleHandleA] D0858D00

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 50FFFFFE

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetTickCount] 51FC4D8B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 005C65E8

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 08558B00

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] F4858D52

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 50FFFFFE

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 005257E8

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 08C48300

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 2C74C085

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ExitProcess] FED88D8B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 6A51FFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 15FF0000

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [00407008] C:\Windows\system32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation)

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!HeapFree] 558BFFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 15FF52FC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LocalFree] [00407004] C:\Windows\system32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation)

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!CloseHandle] FECC858B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 20EBFFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] FED0858D

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 8B50FFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!FreeLibrary] E851FC4D

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!Sleep] 00005C0C

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] A975C085

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 52FC558B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 700415FF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetLastError] C0330040

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!ActivateActCtx] C35DE58B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 000134EC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 94850FFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__p__commode] E80F6A00

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_adjust_fdiv] 00005BE8

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__setusermatherr] 83F84589

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_amsg_exit] 75FFF87D

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_initterm] E9C03307

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!exit] 000000A8

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__p__fmode] FED085C7

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_exit] 0128FFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!memcpy] 858D0000

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!memset] FFFFFED0

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__set_app_type] F84D8B50

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 5BB8E851

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_except_handler4_common] 45C70000

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_controlfp] 000000FC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_cexit] 08558B00

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!__wgetmainargs] F4858D52

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [msvcrt.dll!_XcptFilter] 50FFFFFE

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 08C48300

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 2074C085

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 3BFC4D8B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 1873104D

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 8BFC558B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 8D8B0C45

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FFFFFED8

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 8B900C89

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 8B50FFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] E851F84D

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00005B64

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] B575C085

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 52F8558B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 700415FF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 832DEBFC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 7C00147D

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlCopySid] 14458B25

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 8B0C4D8B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 6A528114

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 043A6800

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 15FF0000

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [00407008] C:\Windows\system32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation)

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] FECC8589

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 858BFFFF

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] FFFFFECC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerListen] C35DE58B

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] CCCCCCCC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] CCCCCCCC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 81EC8B55

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 000140EC

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 6A006A00

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 5B12E80F

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 45890000

IAT C:\Windows\system32\svchost.exe[5928] @ C:\Windows\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] FC7D83FC

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@teioq C:\Users\Wax\teioq.exe /f

---- Files - GMER 1.0.15 ----

File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NAVBID3\dnserrordiagoff_webOC[1] 6884 bytes

File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87CXEDLK\background_gradient[4] 453 bytes

File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87CXEDLK\navcancl[2] 2724 bytes

File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1FTJ75B\httpErrorPagesScripts[3] 7579 bytes

File C:\Users\Wax\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUW2Z8U4\ErrorPageTemplate[3] 0 bytes

---- EOF - GMER 1.0.15 ----

Bon courage !!

Thanos · le 16 septembre 2010

mais c'est peut etre un autre problème et je devrais faire un autre poste, car ça n'arrête pas

L'activité du malware sans doute. Ne poste pas d'autre topic

Rend toi à cette adresse => Viru s Total - Free Online Viru s , Malware and URL S canner

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\Users\Wax\teioq.exe

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now

Fais de même avec ce fichier stp => C:\Users\Wax\AppData\Local\Temp\Kj9.exe

Poste moi aussi le rapport suivant qui se trouve sur ton disque: C:\TDSSKiller.2.4.2.1_12.09.2010_13.02.46_log.txt

kartatus · le 17 septembre 2010

Ok, le premier :

Antivirus Version Last Update Result

AhnLab-V3 2010.09.17.00 2010.09.16 -

AntiVir 8.2.4.52 2010.09.16 -

Antiy-AVL 2.0.3.7 2010.09.16 -

Authentium 5.2.0.5 2010.09.16 -

Avast 4.8.1351.0 2010.09.16 -

Avast5 5.0.594.0 2010.09.16 -

AVG 9.0.0.851 2010.09.16 SHeur3.AZWE

BitDefender 7.2 2010.09.17 -

CAT-QuickHeal 11.00 2010.09.16 -

ClamAV 0.96.2.0-git 2010.09.16 -

Comodo 6101 2010.09.16 -

DrWeb 5.0.2.03300 2010.09.17 -

Emsisoft 5.0.0.37 2010.09.17 -

eSafe 7.0.17.0 2010.09.17 -

eTrust-Vet 36.1.7860 2010.09.16 Win32/Vobfus.D!generic

F-Prot 4.6.1.107 2010.09.16 -

F-Secure 9.0.15370.0 2010.09.17 -

Fortinet 4.1.143.0 2010.09.16 -

GData 21 2010.09.17 -

Ikarus T3.1.1.88.0 2010.09.16 -

Jiangmin 13.0.900 2010.09.16 -

K7AntiVirus 9.63.2533 2010.09.16 -

Kaspersky 7.0.0.125 2010.09.16 Trojan.Win32.VBKrypt.fsc

McAfee 5.400.0.1158 2010.09.16 -

McAfee-GW-Edition 2010.1C 2010.09.16 -

Microsoft 1.6201 2010.09.17 -

NOD32 5456 2010.09.16 -

Norman 6.06.06 2010.09.16 -

nProtect 2010-09-16.02 2010.09.16 -

Panda 10.0.2.7 2010.09.16 -

PCTools 7.0.3.5 2010.09.16 -

Prevx 3.0 2010.09.17 High Risk Cloaked Malware

Rising 22.65.03.04 2010.09.16 -

Sophos 4.57.0 2010.09.16 -

Sunbelt 6884 2010.09.16 -

SUPERAntiSpyware 4.40.0.1006 2010.09.17 Trojan.Agent/Gen-FakeAV

Symantec 20101.1.1.7 2010.09.17 -

TheHacker 6.7.0.0.020 2010.09.17 -

TrendMicro 9.120.0.1004 2010.09.16 Mal_VBNA

TrendMicro-HouseCall 9.120.0.1004 2010.09.17 Mal_VBNA

VBA32 3.12.14.0 2010.09.16 -

ViRobot 2010.8.25.4006 2010.09.16 -

VirusBuster 12.65.10.0 2010.09.16 -

Additional information

Show all

MD5 : cab1eea2c49aeec3f512e5df8e86b3a2

SHA1 : 41754d3dd8388f0739dc5042d803ecea8c41b6a7

SHA256: 4ebc54d73ac3dbc9c55e759c4e50afdfd12e1a64b7e2ceee1258d424d91cec8e

ssdeep: 1536:LAutoLIq1noL9bZm6ViaEVrs9oHacTQDfqbxmuLw:sutoL7no30s9oHacgybxV

File size : 135168 bytes

First seen: 2010-09-17 00:15:17

Last seen : 2010-09-17 00:15:17

TrID:

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: 7.87

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x11C8

timedatestamp....: 0x4C91C998 (Thu Sep 16 07:39:04 2010)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x1EE60, 0x1F000, 5.51, e4003e88df8971d39e05b4a0f55f044a

.data, 0x20000, 0x1ED8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.rsrc, 0x22000, 0x88C, 0x1000, 1.72, c8a2c207aedd4237a7b7f34a5450a38e

[[ 1 import(s) ]]

MSVBVM60.DLL: -, -, -, -, MethCallEngine, -, -, -, -, -, -, -, -, -, EVENT_SINK_AddRef, -, -, -, -, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

Prevx Info:

Prevx

Symantec reputation:Suspicious.Insight

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

et le second :

2010/09/12 13:02:46.0720 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/12 13:02:46.0721 ================================================================================

2010/09/12 13:02:46.0721 SystemInfo:

2010/09/12 13:02:46.0721

2010/09/12 13:02:46.0721 OS Version: 6.0.6002 ServicePack: 2.0

2010/09/12 13:02:46.0721 Product type: Workstation

2010/09/12 13:02:46.0721 ComputerName: PC-DE-WAX

2010/09/12 13:02:46.0722 UserName: Wax

2010/09/12 13:02:46.0722 Windows directory: C:\Windows

2010/09/12 13:02:46.0722 System windows directory: C:\Windows

2010/09/12 13:02:46.0722 Processor architecture: Intel x86

2010/09/12 13:02:46.0722 Number of processors: 2

2010/09/12 13:02:46.0722 Page size: 0x1000

2010/09/12 13:02:46.0722 Boot type: Normal boot

2010/09/12 13:02:46.0722 ================================================================================

2010/09/12 13:02:50.0330 Initialize success

2010/09/12 13:03:40.0668 ================================================================================

2010/09/12 13:03:40.0668 Scan started

2010/09/12 13:03:40.0668 Mode: Manual;

2010/09/12 13:03:40.0668 ================================================================================

2010/09/12 13:03:41.0528 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

2010/09/12 13:03:41.0707 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/09/12 13:03:41.0887 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/09/12 13:03:42.0259 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/09/12 13:03:42.0429 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/09/12 13:03:42.0573 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/09/12 13:03:42.0841 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/09/12 13:03:43.0051 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

2010/09/12 13:03:43.0647 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2010/09/12 13:03:43.0817 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/09/12 13:03:44.0086 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/09/12 13:03:44.0401 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/09/12 13:03:44.0608 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/09/12 13:03:44.0806 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/09/12 13:03:45.0006 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/09/12 13:03:45.0321 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/09/12 13:03:45.0717 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/09/12 13:03:46.0138 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/09/12 13:03:46.0492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/09/12 13:03:46.0795 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/09/12 13:03:46.0927 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys

2010/09/12 13:03:47.0595 AtiHdmiService (627a938ac02e8f1b348875242968fea8) C:\Windows\system32\drivers\AtiHdmi.sys

2010/09/12 13:03:48.0160 atikmdag (af1ea1ac528e796d242b0cac522291a8) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/09/12 13:03:50.0594 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

2010/09/12 13:03:50.0865 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/09/12 13:03:51.0016 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/09/12 13:03:52.0081 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys

2010/09/12 13:03:53.0198 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/09/12 13:03:53.0674 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/09/12 13:03:53.0948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/09/12 13:03:54.0397 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/09/12 13:03:54.0684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/09/12 13:03:54.0954 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/09/12 13:03:55.0088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/09/12 13:03:55.0446 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/09/12 13:03:55.0741 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/09/12 13:03:56.0211 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/09/12 13:03:56.0488 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/09/12 13:03:56.0774 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

2010/09/12 13:03:56.0923 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/09/12 13:03:57.0428 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/09/12 13:03:57.0686 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/09/12 13:03:57.0923 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/09/12 13:03:58.0249 CplIR (c3156b712e3873aad354f1696b2b2925) C:\Windows\system32\DRIVERS\CplIR.SYS

2010/09/12 13:03:58.0651 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/09/12 13:03:58.0847 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/09/12 13:03:59.0170 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/09/12 13:03:59.0941 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/09/12 13:04:00.0147 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2010/09/12 13:04:00.0904 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/09/12 13:04:01.0827 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/09/12 13:04:02.0206 driverhardwarev2 (c0bf8cd94c88b34fb324f4bd6dae544d) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

2010/09/12 13:04:02.0474 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/09/12 13:04:02.0737 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/09/12 13:04:02.0882 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/09/12 13:04:03.0173 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/09/12 13:04:03.0470 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys

2010/09/12 13:04:03.0692 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/09/12 13:04:04.0206 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/09/12 13:04:04.0320 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/09/12 13:04:04.0475 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/09/12 13:04:04.0653 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/09/12 13:04:04.0866 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/09/12 13:04:05.0044 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/09/12 13:04:05.0308 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/09/12 13:04:05.0756 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/09/12 13:04:05.0979 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/09/12 13:04:06.0265 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

2010/09/12 13:04:06.0586 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/09/12 13:04:06.0759 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/09/12 13:04:06.0992 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys

2010/09/12 13:04:07.0298 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/09/12 13:04:07.0493 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/09/12 13:04:07.0699 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/09/12 13:04:08.0346 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/09/12 13:04:08.0537 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/09/12 13:04:08.0862 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys

2010/09/12 13:04:08.0988 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/09/12 13:04:09.0256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/09/12 13:04:09.0535 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys

2010/09/12 13:04:09.0818 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/09/12 13:04:09.0901 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/09/12 13:04:10.0058 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/09/12 13:04:10.0293 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/09/12 13:04:10.0446 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/09/12 13:04:10.0657 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/09/12 13:04:10.0839 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/09/12 13:04:11.0016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/09/12 13:04:11.0139 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/09/12 13:04:11.0335 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/09/12 13:04:11.0554 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/09/12 13:04:11.0838 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/09/12 13:04:12.0081 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys

2010/09/12 13:04:12.0396 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys

2010/09/12 13:04:12.0736 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/09/12 13:04:13.0239 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/09/12 13:04:13.0740 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

2010/09/12 13:04:14.0168 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/09/12 13:04:14.0497 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/09/12 13:04:14.0771 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/09/12 13:04:14.0963 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/09/12 13:04:15.0167 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/09/12 13:04:15.0344 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/09/12 13:04:15.0510 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/09/12 13:04:15.0681 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/09/12 13:04:15.0832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/09/12 13:04:15.0967 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/09/12 13:04:16.0086 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/09/12 13:04:16.0202 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/09/12 13:04:16.0279 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/09/12 13:04:16.0503 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/09/12 13:04:16.0717 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/09/12 13:04:17.0088 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/09/12 13:04:17.0836 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/09/12 13:04:18.0130 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2010/09/12 13:04:18.0267 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/09/12 13:04:18.0477 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

2010/09/12 13:04:18.0700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/09/12 13:04:18.0897 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/09/12 13:04:19.0150 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/09/12 13:04:19.0314 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/09/12 13:04:19.0517 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/09/12 13:04:19.0831 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/09/12 13:04:20.0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/09/12 13:04:20.0324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/09/12 13:04:20.0598 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/09/12 13:04:21.0223 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/09/12 13:04:21.0752 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/09/12 13:04:21.0948 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/09/12 13:04:22.0079 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/09/12 13:04:22.0366 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/09/12 13:04:22.0547 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/09/12 13:04:22.0709 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/09/12 13:04:22.0978 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/09/12 13:04:23.0665 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys

2010/09/12 13:04:25.0356 NETw4v32 (c4f27ba95327b6441ca44ddcfb47562a) C:\Windows\system32\DRIVERS\NETw4v32.sys

2010/09/12 13:04:27.0947 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys

2010/09/12 13:04:29.0993 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/09/12 13:04:30.0987 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/09/12 13:04:32.0010 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/09/12 13:04:33.0011 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/09/12 13:04:35.0382 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/09/12 13:04:36.0291 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

2010/09/12 13:04:36.0556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/09/12 13:04:36.0868 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/09/12 13:04:37.0655 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/09/12 13:04:37.0831 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/09/12 13:04:38.0362 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/09/12 13:04:38.0546 OXYGEN (3e84953b8bbcea8c2176bcb85241c83d) C:\Windows\system32\DRIVERS\MAudioOxygen.sys

2010/09/12 13:04:38.0857 pae_1394 (4ed8eb3c2bbf16946aad64b1e69d408f) C:\Windows\system32\Drivers\pae_1394.sys

2010/09/12 13:04:39.0140 pae_avs (c7a2572abcca9069c2f79b01763ff58d) C:\Windows\system32\Drivers\pae_avs.sys

2010/09/12 13:04:39.0389 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/09/12 13:04:39.0646 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/09/12 13:04:40.0016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/09/12 13:04:40.0327 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/09/12 13:04:40.0489 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2010/09/12 13:04:40.0795 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/09/12 13:04:41.0233 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/09/12 13:04:41.0968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/09/12 13:04:42.0083 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/09/12 13:04:42.0284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/09/12 13:04:42.0418 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/09/12 13:04:43.0291 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/09/12 13:04:43.0574 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/09/12 13:04:43.0761 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/09/12 13:04:43.0899 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/09/12 13:04:44.0311 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/09/12 13:04:44.0556 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/09/12 13:04:44.0774 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/09/12 13:04:45.0024 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/09/12 13:04:45.0250 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/09/12 13:04:45.0602 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/09/12 13:04:45.0818 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/09/12 13:04:46.0123 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/09/12 13:04:46.0349 RTL8169 (8517ed042693ee6b616086b03c23ca7a) C:\Windows\system32\DRIVERS\Rtlh86.sys

2010/09/12 13:04:46.0513 Saffire (a5f8d1a8c980e0cfeca9286c4ec3323c) C:\Windows\system32\Drivers\Saffire.sys

2010/09/12 13:04:46.0842 SaffireAudio (878dc1df44e29342a33518c471f09f3c) C:\Windows\system32\drivers\SaffireAudio.sys

2010/09/12 13:04:47.0029 SaffireMidi (bb4594d16b21d251333fbb249bd36c17) C:\Windows\system32\drivers\SaffireMidi.sys

2010/09/12 13:04:47.0393 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/09/12 13:04:47.0689 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2010/09/12 13:04:48.0002 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/09/12 13:04:48.0280 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/09/12 13:04:48.0524 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/09/12 13:04:48.0793 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/09/12 13:04:48.0982 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/09/12 13:04:49.0210 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2010/09/12 13:04:49.0459 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/09/12 13:04:49.0792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/09/12 13:04:50.0132 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2010/09/12 13:04:50.0331 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/09/12 13:04:50.0568 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/09/12 13:04:50.0915 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/09/12 13:04:51.0212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/09/12 13:04:51.0461 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys

2010/09/12 13:04:52.0028 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys

2010/09/12 13:04:52.0625 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/09/12 13:04:53.0028 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys

2010/09/12 13:04:53.0310 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/09/12 13:04:53.0582 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/09/12 13:04:53.0973 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/09/12 13:04:54.0464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/09/12 13:04:54.0674 SynasUSB (e46088b882e6315518630e249ddf958c) C:\Windows\system32\drivers\SynasUSB.sys

2010/09/12 13:04:55.0121 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys

2010/09/12 13:04:55.0771 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/09/12 13:04:56.0893 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/09/12 13:04:57.0468 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/09/12 13:04:58.0513 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

2010/09/12 13:04:59.0344 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/09/12 13:05:00.0082 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/09/12 13:05:00.0814 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/09/12 13:05:01.0991 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/09/12 13:05:03.0099 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys

2010/09/12 13:05:03.0946 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

2010/09/12 13:05:04.0156 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

2010/09/12 13:05:04.0545 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/09/12 13:05:04.0692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/09/12 13:05:04.0806 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/09/12 13:05:05.0434 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2010/09/12 13:05:05.0608 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/09/12 13:05:06.0069 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/09/12 13:05:06.0459 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/09/12 13:05:06.0645 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/09/12 13:05:06.0787 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/09/12 13:05:06.0929 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/09/12 13:05:07.0059 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/09/12 13:05:07.0230 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/09/12 13:05:07.0361 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/09/12 13:05:07.0473 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/09/12 13:05:07.0605 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/09/12 13:05:07.0716 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/09/12 13:05:07.0858 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/09/12 13:05:07.0969 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/09/12 13:05:08.0111 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys

2010/09/12 13:05:08.0208 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/09/12 13:05:08.0321 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/09/12 13:05:08.0461 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2010/09/12 13:05:08.0589 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS

2010/09/12 13:05:08.0721 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys

2010/09/12 13:05:08.0875 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/09/12 13:05:09.0416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/09/12 13:05:09.0546 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/09/12 13:05:09.0672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/09/12 13:05:09.0811 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/09/12 13:05:09.0923 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/09/12 13:05:10.0042 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/09/12 13:05:10.0213 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/09/12 13:05:10.0873 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/09/12 13:05:11.0062 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/09/12 13:05:11.0219 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/12 13:05:11.0273 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/12 13:05:11.0483 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/09/12 13:05:11.0645 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/09/12 13:05:12.0249 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2010/09/12 13:05:12.0581 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/09/12 13:05:12.0814 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/09/12 13:05:13.0363 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/09/12 13:05:13.0780 ================================================================================

2010/09/12 13:05:13.0780 Scan finished

2010/09/12 13:05:13.0780 ================================================================================

2010/09/12 13:05:31.0542 Deinitialize success

Encore bon courage...

Thanos · le 17 septembre 2010

ok le fichier est infecté: je t'avais aussi demandé de scanner celui ci =>

KJ9.exe (voir plus haut).

Je te prépare une procédure pendant ce temps....

Thanos · le 17 septembre 2010

Télécharge OTM par OldTimer et enregistre ce fichier sur le Bureau.

Fais un clic droit sur OTM.exe pour lancer l'exécution de l'outil puis choisis Exécuter en tant qu'administrateur.

Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

:first

:processes
explorer.exe

:files
C:\Users\Wax\teioq.exe
C:\Users\Wax\AppData\Local\Temp\Kj9.exe
C:\Users\Wax\AppData\Local\Temp\Kke.exe
C:\Users\Wax\AppData\Local\Temp\Kkg.exe
C:\Users\Wax\AppData\Local\Temp\Kj1.exe
C:\Users\Wax\xaagut.exe 

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"@teioq"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"tooamoq"=-
"yaoujab"=-
"teapuy"=-
"qeakie"=-
"boeofe"=-
"YXE7DXCQ37"=-
"xaagut"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnvqmrmv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\juuez]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpodmuxx]
[-KEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\luaeru]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvvoew]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediafix70700en02.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nzyit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tooamoq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wax]

:commands
[emptytemp]
[start explorer]
[zipfiles]

Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste Instructions for Items to be Moved" puis choisis Coller.
Clique sur le bouton rouge MoveIt!
Ferme OTM
Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Thanos · le 17 septembre 2010

kartatus: j'étais en train d'éditer mon message alors que tu lisais! le message est à jour aussi je te demanderais de rafraichir la page actuelle pour pouvoir voir les modifications apportées

kartatus · le 17 septembre 2010

Ok, désolé :

KJ9.exe

Antivirus Version Last Update Result

AhnLab-V3 2010.09.17.00 2010.09.16 -

AntiVir 8.2.4.52 2010.09.16 -

Antiy-AVL 2.0.3.7 2010.09.16 -

Authentium 5.2.0.5 2010.09.16 W32/Renos.A!Generic

Avast 4.8.1351.0 2010.09.16 Win32:Dropper-gen

Avast5 5.0.594.0 2010.09.16 Win32:Dropper-gen

AVG 9.0.0.851 2010.09.16 Generic19.PVB

BitDefender 7.2 2010.09.17 Trojan.Generic.KDV.37586

CAT-QuickHeal 11.00 2010.09.16 Win32.Packed.Katusha.n.5

ClamAV 0.96.2.0-git 2010.09.16 -

Comodo 6101 2010.09.16 -

DrWeb 5.0.2.03300 2010.09.17 Trojan.Packed.189

Emsisoft 5.0.0.37 2010.09.17 Packed.Win32.Katusha.n!A2

eSafe 7.0.17.0 2010.09.17 -

eTrust-Vet 36.1.7860 2010.09.16 Win32/Renos.D!generic

F-Prot 4.6.1.107 2010.09.16 W32/Renos.A!Generic

F-Secure 9.0.15370.0 2010.09.17 Trojan.Generic.KDV.37586

Fortinet 4.1.143.0 2010.09.16 W32/CodecPack.fam!tr.dldr

GData 21 2010.09.17 Trojan.Generic.KDV.37586

Ikarus T3.1.1.88.0 2010.09.16 -

Jiangmin 13.0.900 2010.09.16 -

K7AntiVirus 9.63.2533 2010.09.16 Virus

Kaspersky 7.0.0.125 2010.09.17 Packed.Win32.Katusha.n

McAfee 5.400.0.1158 2010.09.16 Downloader-CEW.b

McAfee-GW-Edition 2010.1C 2010.09.16 Heuristic.BehavesLike.Win32.Suspicious.H

Microsoft 1.6201 2010.09.17 TrojanDownloader:Win32/Renos.LX

NOD32 5456 2010.09.16 a variant of Win32/Kryptik.GUA

Norman 6.06.06 2010.09.16 -

nProtect 2010-09-16.02 2010.09.16 Trojan.Generic.KDV.37586

Panda 10.0.2.7 2010.09.16 -

PCTools 7.0.3.5 2010.09.16 Trojan.FakeAV

Prevx 3.0 2010.09.17 -

Rising 22.65.03.04 2010.09.16 -

Sophos 4.57.0 2010.09.16 Mal/FakeAV-CX

Sunbelt 6884 2010.09.16 VirTool.Win32.Obfuscator.hg!b (v)

SUPERAntiSpyware 4.40.0.1006 2010.09.17 Trojan.Agent/Gen-Fraudera

Symantec 20101.1.1.7 2010.09.17 Trojan.FakeAV!gen29

TheHacker 6.7.0.0.020 2010.09.17 -

TrendMicro 9.120.0.1004 2010.09.16 TROJ_FAKEAV.SMA5

TrendMicro-HouseCall 9.120.0.1004 2010.09.17 TROJ_FAKEAV.SMA5

VBA32 3.12.14.0 2010.09.16 Malware-Cryptor.Win32.Gron.2

ViRobot 2010.8.25.4006 2010.09.16 -

VirusBuster 12.65.10.0 2010.09.16 -

Additional information

Show all

MD5 : fc9656786f2bce470cf6ff8edd22aa41

SHA1 : 866d3d097b8701a8685f498354cc3ffa5a4ff206

SHA256: 63cea531fb8324bdd5e09b18f61b4acc1a23d86d7c0c274bd11c603cfc1bed4e

ssdeep: 3072:Y1zpE+Qs0BLuJmiHKF4AkD+MDgYrfgyoygdP6N01jGGe+JJNSct:2nQF4QiHGna+MTr4yo

y46GjE+J

File size : 184832 bytes

First seen: 2010-09-17 00:18:23

Last seen : 2010-09-17 00:18:23

Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Don HO don.h@free.fr

copyright....: Daniels

product......: Daniels

description..: Daniels

original name: Daniels.exe

internal name: Daniels

file version.: 1.2.7.0

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x3D93

timedatestamp....: 0x4A40C0C4 (Tue Jun 23 11:47:16 2009)

machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

CODE, 0x1000, 0x6A39, 0x6C00, 5.16, db0ef16bd197fcdfddefde2616e485c0

.rdata, 0x8000, 0x2072B, 0x20800, 7.44, 273a83dbfe0e3dc1a30044485327bd1c

.data, 0x29000, 0xFA3D, 0x2C00, 4.79, 556c124a7f7a54d3a36ce01774c83946

.adata, 0x39000, 0x5B8, 0x600, 0.05, 12b467a11e981ac8096fa3f0cfd3120d

.rsrc, 0x3A000, 0x2760, 0x2800, 3.53, 99c72d3e02bf9b3c9c9d6e2ceee0da28

[[ 9 import(s) ]]

advapi32.dll: RegEnumKeyExA, GetLengthSid, RegOpenKeyExA

comctl32.dll: ImageList_Write, ImageList_Add, ImageList_DrawEx, ImageList_Read, ImageList_DragShowNolock, ImageList_Draw, ImageList_GetBkColor, ImageList_Remove, ImageList_Destroy

gdi32.dll: GetCurrentPositionEx, CreateDIBitmap, CreateCompatibleDC, GetObjectA, CreateDIBSection, CreateFontIndirectA, GetPaletteEntries, GetClipBox, CreatePenIndirect, SetBkColor

kernel32.dll: SetFilePointer, ExitThread, GetModuleHandleA, lstrcmpiA, LoadLibraryA, GetProcAddress, VirtualAlloc, GetCurrentThreadId, GlobalDeleteAtom, lstrlenW, GetProcessHeap, GetDiskFreeSpaceA, CreateThread, ExitProcess, GetCommandLineA

msvcrt.dll: tan, log10, abs

ole32.dll: GetHGlobalFromStream, OleRegGetUserType, CoGetContextToken, CoCreateInstanceEx

shlwapi.dll: SHEnumValueA, SHSetValueA, PathGetCharTypeA, SHDeleteKeyA, SHGetValueA, SHQueryValueExA, SHQueryInfoKeyA

user32.dll: ShowWindow, CharLowerBuffA, GetKeyboardLayoutList, GetSysColor, GetMessagePos, GetPropA, CallNextHookEx, GetScrollRange, EnableScrollBar, MapVirtualKeyA, CreateIcon, WaitMessage, GetDesktopWindow, CallWindowProcA, SetWindowPlacement, SendMessageA, RedrawWindow, PeekMessageW, IsWindowEnabled, GetMenuItemCount, SetScrollInfo, PostQuitMessage

version.dll: VerInstallFileA, VerFindFileA, GetFileVersionInfoA

VT Community

kartatus · le 17 septembre 2010

Euh j'ai copié le code que tu m'as écris, j'espère qu'il était déjà fini d'édité.

All processes killed

Error: Unable to interpret <:first> in the current context!

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder C:\Users\Wax\teioq.exe not found.

C:\Users\Wax\AppData\Local\Temp\Kj9.exe moved successfully.

C:\Users\Wax\AppData\Local\Temp\Kke.exe moved successfully.

C:\Users\Wax\AppData\Local\Temp\Kkg.exe moved successfully.

C:\Users\Wax\AppData\Local\Temp\Kj1.exe moved successfully.

File/Folder C:\Users\Wax\xaagut.exe not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348FE907-249E-4C65-A838-F34A193FE1D1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\@teioq not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tooamoq deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yaoujab deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\teapuy deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qeakie deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\boeofe deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YXE7DXCQ37 not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xaagut deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnvqmrmv\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\juuez\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpodmuxx\ deleted successfully.

Registry key KEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\luaeru\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvvoew\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediafix70700en02.exe\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nzyit\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tooamoq\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wax\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 56504 bytes

User: Public

User: Wax

->Temp folder emptied: 11860851 bytes

->Temporary Internet Files folder emptied: 3161671 bytes

->Java cache emptied: 2267831 bytes

->FireFox cache emptied: 54854405 bytes

->Flash cache emptied: 60670 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 35237056 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 89068 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 103,00 mb

OTM by OldTimer - Version 3.1.16.1 log created on 09172010_115321

Files moved on Reboot...

C:\Users\Wax\AppData\Local\Temp\sshnas21.dll moved successfully.

Registry entries deleted on Reboot...

C'est bon ?

Euh sinon il y a toujours sbmgr.exe qui veut s'executer et qui fait une ":error" lorsque je refuse.

Connexion

Pas encore inscrit ?

Antimalware Doctor à encore frappé

Messages recommandés

kartatus

Thanos

kartatus

Thanos

kartatus

Thanos

Thanos

Thanos

kartatus

kartatus

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer