Infoentraide

Antivirus/Aide/Forum jalobservateur/Dépannage/Antivir 8/Astuces/Anti-spywares/Conseils/Firefox/Optimisation
 
AccueilPortailRechercherS'enregistrerConnexion
Bonjour à tous les membres ici:) Étant donné que je suis très impliqué dans Linux et pour cause... Je vous invite à découvrir ce merveilleux monde libre ici sur notre nouveau site : http://cyber-nux.fr N'hésitez pas à vous inscrire Sourire Jal

Partagez | 
 

 Supprimer un virus avec OTM !

Voir le sujet précédent Voir le sujet suivant Aller en bas 
AuteurMessage
Loicdem
Admin
Admin


Nombre de messages : 203
Localisation : Devant le pc.....
Vista, XP ou Linux : XP
Date d'inscription : 09/10/2008

MessageSujet: Supprimer un virus avec OTM !   Sam 12 Déc - 16:29

Bonjour,
On peut supprimer un rogue ou une autre infection avec OTMovEit!

Celui-ci a été utilisé dans ma désinfection ici :
http://www.commentcamarche.net/forum/affich-15494650-probleme-explorateur-windows-sous-vista

Voici le RSIT de la personne avant le OTM :

Logfile of random's system information tool 1.06 (written by random/random)

Run by jerome at 2009-12-12 12:13:04

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 459 GB (77%) free of 596 GB

Total RAM: 4094 MB (53% free)


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:07, on 12/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\F-Secure\common\FSM32.EXE

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\F-Secure\FSGUI\fsguidll.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe

C:\Users\jerome\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\jerome.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
- C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files
(x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll

O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: &Google Search - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Version de la page actuelle
disponible dans le cache Google - res://C:\Program Files
(x86)\Google\GoogleToolbar1.dll/cmcache.html

O13 - Gopher Prefix:

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) -
F-Secure Corporation - C:\Program Files
(x86)\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure
Corporation - C:\Program Files (x86)\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) -
F-Secure Corporation - C:\Program Files
(x86)\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner -
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon)
- Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

O23 - Service: @%systemroot%\system32\psbase.dll,-300
(ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
(file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator)
- Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -
Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service
(sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware
Terminator\sp_rsser.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101
(UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file
missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
(wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
(file missing)

O23 - Service: @%ProgramFiles%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program
Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 8452 bytes


======Scheduled tasks folder======


C:\Windows\tasks\PCDRScheduledMaintenance.job


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-12-08 1218000]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files (x86)\google\googletoolbar1.dll [2009-10-10 696320]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar1.dll [2009-10-10 696320]

{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-12-08 1218000]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]

"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-01-27 61440]

"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"F-Secure Manager"=C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [2008-06-19 182936]

"F-Secure TNB"=C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [2008-06-19 895584]

"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-12 3037696]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableLockWorkstation"=0

"DisableChangePassword"=0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

"HideFastUserSwitching"=0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"ForceActiveDesktopOn"=

"BindDirectlyToPropertySetStorage"=

"NoActiveDesktopChanges"=


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


======File associations======


.js - edit - C:\Windows\SysWOW64\Notepad.exe %1

.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*


======List of files/folders created in the last 1 months======


2009-12-12 11:21:42 ----D---- C:\Program Files (x86)\Crawler

2009-12-12 11:21:38 ----D---- C:\Users\jerome\AppData\Roaming\Spyware Terminator

2009-12-12 11:21:37 ----D---- C:\ProgramData\Spyware Terminator

2009-12-12 11:21:37 ----D---- C:\Program Files (x86)\Spyware Terminator

2009-12-12 10:55:24 ----A---- C:\FindyKill.txt

2009-12-12 10:55:01 ----D---- C:\FindyKill

2009-12-10 17:53:49 ----D---- C:\rsit

2009-12-07 18:28:42 ----D---- C:\Windows\Temp

2009-12-06 23:29:11 ----D---- C:\Users\jerome\AppData\Roaming\Malwarebytes

2009-12-06 23:29:06 ----D---- C:\ProgramData\Malwarebytes

2009-12-06 23:29:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2009-12-06 12:25:22 ----A---- C:\TCleaner.txt

2009-12-06 12:10:54 ----D---- C:\32788R22FWJFW

2009-12-06 00:04:48 ----D---- C:\Program Files (x86)\Trend Micro

2009-12-05 16:45:18 ----D---- C:\Program Files (x86)\CCleaner

2009-12-05 14:20:05 ----A---- C:\Windows\system32\tmp.txt

2009-12-05 14:20:05 ----A---- C:\Users\jerome\AppData\Roaming\SetValue.bat

2009-12-05 14:20:05 ----A---- C:\Users\jerome\AppData\Roaming\GetValue.vbs

2009-12-05 14:19:58 ----A---- C:\rapport.txt

2009-12-05 14:19:20 ----A---- C:\Windows\system32\WS2Fix.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\VCCLSID.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\VACFix.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\swxcacls.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\swsc.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\swreg.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\SrchSTS.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\o4Patch.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\IEDFix.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\IEDFix.C.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\dumphive.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\404Fix.exe

2009-12-05 14:19:19 ----A---- C:\Windows\system32\Process.exe

2009-12-05 13:03:13 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2009-12-05 13:02:38 ----D---- C:\Users\jerome\AppData\Roaming\SUPERAntiSpyware.com

2009-12-05 13:02:38 ----D---- C:\Program Files (x86)\SUPERAntiSpyware

2009-12-05 13:01:56 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2009-12-03 19:57:14 ----D---- C:\Program Files (x86)\Panda Security

2009-12-03 19:26:02 ----D---- C:\Users\jerome\AppData\Roaming\Uniblue

2009-12-03 18:41:54 ----SHD---- C:\found.000

2009-11-30 00:37:51 ----D---- C:\Users\jerome\AppData\Roaming\NeroDigital(TM)

2009-11-28 10:50:14 ----A---- C:\Windows\system32\msxml6.dll

2009-11-28 10:50:13 ----A---- C:\Windows\system32\msxml3.dll

2009-11-28 10:48:14 ----A---- C:\Windows\system32\tzres.dll

2009-11-16 00:53:55 ----A---- C:\Windows\system32\WSDApi.dll


======List of files/folders modified in the last 1 months======


2009-12-12 12:04:00 ----SHD---- C:\System Volume Information

2009-12-12 11:32:54 ----D---- C:\Windows\System32

2009-12-12 11:32:54 ----D---- C:\Windows\inf

2009-12-12 11:28:09 ----D---- C:\Windows\Prefetch

2009-12-12 11:26:49 ----D---- C:\Windows

2009-12-12 11:26:24 ----D---- C:\Windows\SysWOW64

2009-12-12 11:21:42 ----D---- C:\Program Files (x86)

2009-12-12 11:21:40 ----D---- C:\Windows\system32\drivers

2009-12-12 11:21:37 ----HD---- C:\ProgramData

2009-12-12 11:14:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2009-12-12 11:13:57 ----SHD---- C:\Windows\Installer

2009-12-12 11:13:46 ----D---- C:\Program Files (x86)\Pinnacle

2009-12-12 11:12:35 ----RSD---- C:\Windows\Fonts

2009-12-10 17:52:08 ----D---- C:\Program Files (x86)\Common Files

2009-12-10 17:50:02 ----AD---- C:\ProgramData\Temp

2009-12-10 17:47:21 ----D---- C:\Program Files (x86)\Common Files\Nero

2009-12-10 17:46:03 ----D---- C:\ProgramData\Nero

2009-12-10 17:40:42 ----D---- C:\Program Files (x86)\Nero

2009-12-10 17:40:25 ----A---- C:\Windows\Irremote.ini

2009-12-10 17:38:02 ----D---- C:\Program Files (x86)\Winamp

2009-12-10 17:34:10 ----D---- C:\Program Files (x86)\Microsoft Office

2009-12-10 17:34:09 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2009-12-10 17:34:04 ----D---- C:\Windows\ShellNew

2009-12-10 17:32:34 ----RSD---- C:\Windows\assembly

2009-12-10 17:27:26 ----D---- C:\Program Files (x86)\BSPlayer

2009-12-10 17:27:25 ----D---- C:\Users\jerome\AppData\Roaming\BSplayer

2009-12-08 23:39:56 ----D---- C:\Windows\winsxs

2009-12-06 12:18:40 ----D---- C:\Users\jerome\AppData\Roaming\LimeWire

2009-12-05 21:05:15 ----D---- C:\Windows\Debug

2009-12-05 20:11:29 ----D---- C:\Program Files (x86)\SFR

2009-12-05 16:33:22 ----D---- C:\Windows\Logs

2009-12-05 16:31:54 ----D---- C:\Program Files (x86)\SMINST

2009-12-03 20:38:50 ----SD---- C:\ProgramData\Microsoft

2009-12-03 20:38:18 ----SD---- C:\Users\jerome\AppData\Roaming\Microsoft

2009-12-03 19:56:57 ----SD---- C:\Windows\Downloaded Program Files

2009-11-30 00:14:29 ----D---- C:\ProgramData\DVD Shrink

2009-11-28 11:08:13 ----D---- C:\Windows\rescache

2009-11-28 10:48:50 ----D---- C:\Windows\system32\fr-FR

2009-11-28 01:12:43 ----D---- C:\Windows\Tasks

2009-11-28 01:12:42 ----D---- C:\Windows\registration

2009-11-23 19:47:04 ----D---- C:\Windows\system

2009-11-23 19:39:02 ----D---- C:\Users\jerome\AppData\Roaming\Nero

2009-11-16 16:38:18 ----D---- C:\Program Files (x86)\Windows Mail


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys []

R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys []

R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files
(x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-06-19 13408]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files
(x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-06-19 98400]

R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le
service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys
[]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []

R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys []

R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR64.SYS []

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files (x86)\F-Secure\HIPS\fshs.sys [2008-06-19 70752]

S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]

S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []

S3
PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0
- PCDR Kernel Mode Service Helper Driver; \??\c:\program
files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]

S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program
Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-06-19 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;
\??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys
[2008-06-19 25184]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []

S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []


======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []

R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2008-06-19 47800]

R2 FSMA;F-Secure Management Agent; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [2008-06-19 117400]

R2 LightScribeService;LightScribeService Direct Disc Labeling
Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
[2009-04-13 73728]

R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program
Files (x86)\Spyware Terminator\sp_rsser.exe [2009-12-12 488960]

R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files (x86)\F-Secure\FSAUA\program\fsaua.exe [2008-06-19 461408]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [2008-06-19 465504]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker;
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [2008-06-19 162456]

S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
[]

S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [2005-02-09 14165]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN
v2.0.50727_X64;
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
[2009-03-30 89920]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]


-----------------EOF-----------------

1.Télécharge OTMoveIt http://up.sur-la-toile.com/iadW (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.


2.Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\system32\IEDFix.exe

C:\Windows\system32\IEDFix.C.exe

C:\Windows\system32\404Fix.exe

C:\Windows\system32\Agent.OMZ.Fix.exe

C:\Windows\system32\dumphive.exe

C:\Windows\system32\o4Patch.exe

C:\Windows\system32\SrchSTS.exe

C:\Windows\system32\VACFix.exe

C:\Windows\system32\VCCLSID.exe

C:\Windows\system32\WS2Fix.exe



Et fait MoveIt!



Pratique quand SmitFraudFix marche pas. En plus, ComboFix aussi !

Voici le rapport obtenu :

OTMoveIt:

results

C:\Windows\system32\IEDFix.exe moved successfully.

C:\Windows\system32\IEDFix.C.exe moved successfully.

C:\Windows\system32\404Fix.exe moved successfully.

C:\Windows\system32\Agent.OMZ.Fix.exe moved successfully.

C:\Windows\system32\dumphive.exe moved successfully.

C:\Windows\system32\o4Patch.exe moved successfully.

C:\Windows\system32\SrchSTS.exe moved successfully.

C:\Windows\system32\VACFix.exe moved successfully.

C:\Windows\system32\VCCLSID.exe moved successfully.

C:\Windows\system32\WS2Fix.exe moved successfully.


Le RSIT obtenu de la victime :

Logfile of random's system information tool 1.06 (written by random/random)

Run by jerome at 2009-12-12 12:55:33

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 445 GB (75%) free of 596 GB

Total RAM: 4094 MB (51% free)


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:55:34, on 12/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\F-Secure\common\FSM32.EXE

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\F-Secure\FSGUI\fsguidll.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe

C:\Users\jerome\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\jerome.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
- C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files
(x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll

O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: &Google Search - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pages liées - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Version de la page actuelle
disponible dans le cache Google - res://C:\Program Files
(x86)\Google\GoogleToolbar1.dll/cmcache.html

O13 - Gopher Prefix:

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) -
F-Secure Corporation - C:\Program Files
(x86)\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure
Corporation - C:\Program Files (x86)\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) -
F-Secure Corporation - C:\Program Files
(x86)\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner -
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon)
- Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

O23 - Service: @%systemroot%\system32\psbase.dll,-300
(ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
(file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator)
- Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -
Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service
(sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware
Terminator\sp_rsser.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101
(UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file
missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
(wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
(file missing)

O23 - Service: @%ProgramFiles%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program
Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 8452 bytes


======Scheduled tasks folder======


C:\Windows\tasks\PCDRScheduledMaintenance.job


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-12-08 1218000]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files (x86)\google\googletoolbar1.dll [2009-10-10 696320]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar1.dll [2009-10-10 696320]

{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-12-08 1218000]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]

"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-01-27 61440]

"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"F-Secure Manager"=C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [2008-06-19 182936]

"F-Secure TNB"=C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [2008-06-19 895584]

"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-12 3037696]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableLockWorkstation"=0

"DisableChangePassword"=0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

"HideFastUserSwitching"=0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"ForceActiveDesktopOn"=

"BindDirectlyToPropertySetStorage"=

"NoActiveDesktopChanges"=


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


======File associations======


.js - edit - C:\Windows\SysWOW64\Notepad.exe %1

.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*


======List of files/folders created in the last 1 months======


2009-12-12 12:53:53 ----D---- C:\_OTMoveIt

2009-12-12 11:21:42 ----D---- C:\Program Files (x86)\Crawler

2009-12-12 11:21:38 ----D---- C:\Users\jerome\AppData\Roaming\Spyware Terminator

2009-12-12 11:21:37 ----D---- C:\ProgramData\Spyware Terminator

2009-12-12 11:21:37 ----D---- C:\Program Files (x86)\Spyware Terminator

2009-12-12 10:55:24 ----A---- C:\FindyKill.txt

2009-12-12 10:55:01 ----D---- C:\FindyKill

2009-12-10 17:53:49 ----D---- C:\rsit

2009-12-07 18:28:42 ----D---- C:\Windows\Temp

2009-12-06 23:29:11 ----D---- C:\Users\jerome\AppData\Roaming\Malwarebytes

2009-12-06 23:29:06 ----D---- C:\ProgramData\Malwarebytes

2009-12-06 23:29:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2009-12-06 12:25:22 ----A---- C:\TCleaner.txt

2009-12-06 12:10:54 ----D---- C:\32788R22FWJFW

2009-12-06 00:04:48 ----D---- C:\Program Files (x86)\Trend Micro

2009-12-05 16:45:18 ----D---- C:\Program Files (x86)\CCleaner

2009-12-05 14:20:05 ----A---- C:\Windows\system32\tmp.txt

2009-12-05 14:20:05 ----A---- C:\Users\jerome\AppData\Roaming\SetValue.bat

2009-12-05 14:20:05 ----A---- C:\Users\jerome\AppData\Roaming\GetValue.vbs

2009-12-05 14:19:58 ----A---- C:\rapport.txt

2009-12-05 14:19:20 ----A---- C:\Windows\system32\swxcacls.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\swsc.exe

2009-12-05 14:19:20 ----A---- C:\Windows\system32\swreg.exe

2009-12-05 14:19:19 ----A---- C:\Windows\system32\Process.exe

2009-12-05 13:03:13 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2009-12-05 13:02:38 ----D---- C:\Users\jerome\AppData\Roaming\SUPERAntiSpyware.com

2009-12-05 13:02:38 ----D---- C:\Program Files (x86)\SUPERAntiSpyware

2009-12-05 13:01:56 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2009-12-03 19:57:14 ----D---- C:\Program Files (x86)\Panda Security

2009-12-03 19:26:02 ----D---- C:\Users\jerome\AppData\Roaming\Uniblue

2009-12-03 18:41:54 ----SHD---- C:\found.000

2009-11-30 00:37:51 ----D---- C:\Users\jerome\AppData\Roaming\NeroDigital(TM)

2009-11-28 10:50:14 ----A---- C:\Windows\system32\msxml6.dll

2009-11-28 10:50:13 ----A---- C:\Windows\system32\msxml3.dll

2009-11-28 10:48:14 ----A---- C:\Windows\system32\tzres.dll

2009-11-16 00:53:55 ----A---- C:\Windows\system32\WSDApi.dll


======List of files/folders modified in the last 1 months======


2009-12-12 12:53:55 ----D---- C:\Windows\SysWOW64

2009-12-12 12:43:11 ----D---- C:\Windows\Prefetch

2009-12-12 12:24:08 ----D---- C:\Windows

2009-12-12 12:04:00 ----SHD---- C:\System Volume Information

2009-12-12 11:32:54 ----D---- C:\Windows\System32

2009-12-12 11:32:54 ----D---- C:\Windows\inf

2009-12-12 11:21:42 ----D---- C:\Program Files (x86)

2009-12-12 11:21:40 ----D---- C:\Windows\system32\drivers

2009-12-12 11:21:37 ----HD---- C:\ProgramData

2009-12-12 11:14:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2009-12-12 11:13:57 ----SHD---- C:\Windows\Installer

2009-12-12 11:13:46 ----D---- C:\Program Files (x86)\Pinnacle

2009-12-12 11:12:35 ----RSD---- C:\Windows\Fonts

2009-12-10 17:52:08 ----D---- C:\Program Files (x86)\Common Files

2009-12-10 17:50:02 ----AD---- C:\ProgramData\Temp

2009-12-10 17:47:21 ----D---- C:\Program Files (x86)\Common Files\Nero

2009-12-10 17:46:03 ----D---- C:\ProgramData\Nero

2009-12-10 17:40:42 ----D---- C:\Program Files (x86)\Nero

2009-12-10 17:40:25 ----A---- C:\Windows\Irremote.ini

2009-12-10 17:38:02 ----D---- C:\Program Files (x86)\Winamp

2009-12-10 17:34:10 ----D---- C:\Program Files (x86)\Microsoft Office

2009-12-10 17:34:09 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2009-12-10 17:34:04 ----D---- C:\Windows\ShellNew

2009-12-10 17:32:34 ----RSD---- C:\Windows\assembly

2009-12-10 17:27:26 ----D---- C:\Program Files (x86)\BSPlayer

2009-12-10 17:27:25 ----D---- C:\Users\jerome\AppData\Roaming\BSplayer

2009-12-08 23:39:56 ----D---- C:\Windows\winsxs

2009-12-06 12:18:40 ----D---- C:\Users\jerome\AppData\Roaming\LimeWire

2009-12-05 21:05:15 ----D---- C:\Windows\Debug

2009-12-05 20:11:29 ----D---- C:\Program Files (x86)\SFR

2009-12-05 16:33:22 ----D---- C:\Windows\Logs

2009-12-05 16:31:54 ----D---- C:\Program Files (x86)\SMINST

2009-12-03 20:38:50 ----SD---- C:\ProgramData\Microsoft

2009-12-03 20:38:18 ----SD---- C:\Users\jerome\AppData\Roaming\Microsoft

2009-12-03 19:56:57 ----SD---- C:\Windows\Downloaded Program Files

2009-11-30 00:14:29 ----D---- C:\ProgramData\DVD Shrink

2009-11-28 11:08:13 ----D---- C:\Windows\rescache

2009-11-28 10:48:50 ----D---- C:\Windows\system32\fr-FR

2009-11-28 01:12:43 ----D---- C:\Windows\Tasks

2009-11-28 01:12:42 ----D---- C:\Windows\registration

2009-11-23 19:47:04 ----D---- C:\Windows\system

2009-11-23 19:39:02 ----D---- C:\Users\jerome\AppData\Roaming\Nero

2009-11-16 16:38:18 ----D---- C:\Program Files (x86)\Windows Mail


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys []

R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys []

R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files
(x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-06-19 13408]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files
(x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-06-19 98400]

R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le
service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys
[]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []

R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys []

R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR64.SYS []

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files (x86)\F-Secure\HIPS\fshs.sys [2008-06-19 70752]

S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]

S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []

S3
PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0
- PCDR Kernel Mode Service Helper Driver; \??\c:\program
files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]

S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program
Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-06-19 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;
\??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys
[2008-06-19 25184]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []

S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []


======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []

R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2008-06-19 47800]

R2 FSMA;F-Secure Management Agent; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [2008-06-19 117400]

R2 LightScribeService;LightScribeService Direct Disc Labeling
Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
[2009-04-13 73728]

R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program
Files (x86)\Spyware Terminator\sp_rsser.exe [2009-12-12 488960]

R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files (x86)\F-Secure\FSAUA\program\fsaua.exe [2008-06-19 461408]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [2008-06-19 465504]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker;
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [2008-06-19 162456]

S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
[]

S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [2005-02-09 14165]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN
v2.0.50727_X64;
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
[2009-03-30 89920]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]


-----------------EOF-----------------

Donc, avec OTM, on peut supprimer des autres trucs
EXEMPLE :

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\SysWOW64\svchost.exe


Un faux svchost !
Revenir en haut Aller en bas
Voir le profil de l'utilisateur http://la-securite-avant-to.forumsactifs.net/
 
Supprimer un virus avec OTM !
Voir le sujet précédent Voir le sujet suivant Revenir en haut 
Page 1 sur 1
 Sujets similaires
-
» [Résolu] detection de virus par eset smart security
» tr/atraps.gen, phish/fraudtool.spyrid.d, tr/gendal.312590
» Désactiver le HDCP du decodeur
» Impossible de télécharger quoi que ce soit pour supprimer mes virus [résolu]
» virus détécté et impossibilité de mettre en quarantaine ni même de supprimer le fichier

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Infoentraide :: Spyware-Secure et ses accolytes !-
Sauter vers: