PatOtj

Membres

Afficher le profil Afficher son activité

Compteur de contenus
45
Inscription
le 16 mai 2006
Dernière visite
le 20 juin 2012

Contact Methods

Website URL
http://
ICQ
0

Autres informations

Mes langues
Français

PatOtj's Achievements

Member (4/12)

Réputation sur la communauté

[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Ok merci beaucoup, je vais regarder et appliquer tous ces conseils à mon aise
- le 3 octobre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\_OTM: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\Babel\Bureau\Gmer.exe: trouvé ! C:\Documents and Settings\Babel\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\Babel\Bureau\Rsit.exe: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\Babel\Bureau\Gmer.exe: supprimé ! C:\Documents and Settings\Babel\Bureau\OTM.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Documents and Settings\Babel\Bureau\Rsit.exe: supprimé ! C:\_OTM: supprimé ! C:\Rsit: supprimé ! Voilà
- le 3 octobre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Pour Antivir, la mise à jour a été faite ... et pas par moi ! je suppose donc qu'elle s'est faite automatiquement en mon absence voici le rapport OTM : All processes killed ========== FILES ========== File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Babel ->Temp folder emptied: 82436318 bytes ->Temporary Internet Files folder emptied: 20606028 bytes ->Java cache emptied: 25749465 bytes ->FireFox cache emptied: 73161607 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be deleted on reboot. %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 9280656 bytes Total Files Cleaned = 201,48 mb OTM by OldTimer - Version 3.0.0.6 log created on 10032009_083704 Files moved on Reboot... File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot...
- le 3 octobre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Bon j'acvais oublié de désactiver antivir et ce dernier a réagit à +/- 30% du scan Kapersky => j'ai mis en quarantaine le(s) fichier(s) détecté(s) puis j'ai désactivé Antivir Guard Voici le résultat final de Kapersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, October 2, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, October 01, 2009 21:18:37 Records in database: 2929988 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ K:\ Scan statistics: Objects scanned: 203924 Threats found: 5 Infected objects found: 8 Suspicious objects found: 0 Scan duration: 12:43:42 File name / Threat / Threats count C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP442\A0077018.dll Infected: Trojan.Win32.Scar.xmh 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP449\A0079941.dll Infected: Trojan.Win32.Monder.bzea 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP449\A0079945.dll Infected: Trojan.Win32.Monder.bzea 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP449\A0079949.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP450\A0081113.exe Infected: P2P-Worm.Win32.Palevo.jaz 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP451\A0081156.exe Infected: Packed.Win32.Black.a 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP451\A0081157.dll Infected: Trojan.Win32.Scar.xmh 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP451\A0081158.dll Infected: Trojan.Win32.Scar.xmh 1 Selected area has been scanned.
- le 2 octobre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Pour le point 1, j'aurais besoin de précisons car si je fais Démarrer, Exécuter Cmd et que je copie/colle le contenu de la citation j'ai un message Pour le point 2, je ne parviens pas à installer l'active X sur IE mais ça fonctionne sous Firefox ==> j'attends donc le complément d'info sur le point 1 avant de lancer le 2 sous firefox
- le 1 octobre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Le Centre de sécurité Windows n'affiche plus d'alerte mais je ne sais pas encore si Antivir va effectuer une mise à jour automatique Pour VirusTotal, il y a un stud ! Je n'arrive pas à uploader le fichier je le vois bien à l'endroit indiqué (en grisé) mais j'obtiens ce message une fois l'upload lancé : et si je passe par la version email il m'indique que le fichier à attacher ne s'attache pas !
- le 1 octobre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

MP lu et suivi ComboFix 09-09-28.01 - Babel 30/09/2009 18:26.2.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1531 [GMT 2:00] Lancé depuis: c:\documents and settings\Babel\Bureau\bibitte.exe Commutateurs utilisés :: c:\documents and settings\Babel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Un nouveau point de restauration a été créé FILE :: "c:\windows\S96DCFBA0.tmp" "c:\windows\system32\drivers\a7812lml.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\S96DCFBA0.tmp . . . . impossible à supprimer . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 )))))))))))))))))))))))))))))))))))) . 2009-09-30 16:23 . 2009-09-30 16:22 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-09-30 16:23 . 2009-09-30 16:22 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-29 21:43 . 2009-09-29 21:43 -------- d-----w- C:\rsit 2009-09-23 21:38 . 2009-09-23 21:38 -------- d-----w- C:\_OTM 2009-09-21 21:38 . 2009-09-21 21:38 -------- d-----w- c:\program files\Garmin 2009-09-19 11:22 . 2009-09-19 11:22 -------- d-----w- c:\program files\CCleaner 2009-09-19 11:07 . 2009-09-19 11:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-12 12:55 . 2009-06-16 16:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-12 12:55 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 12:06 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2009-09-12 12:06 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2009-09-12 12:06 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\program files\ma-config.com 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-09-10 00:54 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 15:48 . 2009-09-07 15:48 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-09-07 04:43 . 2009-09-07 04:43 -------- d-----w- C:\spoolerlogs 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-06 19:03 . 2009-09-06 19:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-06 18:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-06 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-06 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-06 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\program files\Avira 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-06 18:42 . 2009-09-06 18:42 -------- d-----w- c:\documents and settings\Babel\Application Data\Malwarebytes 2009-09-06 18:41 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 18:41 . 2009-09-30 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 18:41 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 17:19 . 2009-09-06 17:19 -------- d-sh--w- c:\documents and settings\Babel\IECompatCache 2009-09-06 17:18 . 2009-09-06 17:18 -------- d-sh--w- c:\documents and settings\Babel\PrivacIE . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-30 16:34 . 2009-07-25 13:50 0 ------w- c:\windows\S96DCFBA0.tmp 2009-09-27 08:00 . 2008-12-20 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-27 07:57 . 2002-08-30 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-27 07:57 . 2002-08-30 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-27 07:56 . 2008-04-03 09:09 -------- d-----w- c:\program files\SWAT 4 2009-09-19 20:33 . 2008-05-27 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-19 11:19 . 2008-01-16 22:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 11:15 . 2008-05-29 17:36 -------- d-----w- c:\program files\Lavasoft 2009-09-19 11:06 . 2008-05-31 08:59 -------- d-----w- c:\program files\Java 2009-09-19 08:36 . 2008-08-28 10:23 -------- d-----w- c:\program files\TOPCOM 2009-09-13 21:28 . 2008-08-29 09:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Skype 2009-09-12 12:19 . 2004-08-19 14:10 14336 ------w- c:\windows\system32\svchost.exe 2009-09-12 12:18 . 2008-05-29 17:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-12 12:18 . 2008-10-31 17:48 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-10 17:41 . 2009-04-12 16:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-30 06:22 . 2009-08-30 06:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland 2009-08-30 06:21 . 2009-08-30 06:21 -------- d-----w- c:\program files\Softland 2009-08-18 19:13 . 2009-08-18 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-08-18 19:13 . 2008-08-22 09:01 -------- d-----w- c:\program files\CDBurnerXP 2009-08-18 19:08 . 2008-01-16 22:05 69632 ----a-w- c:\documents and settings\Babel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll 2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-16 22:57 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-16 22:57 . 2008-10-07 12:33 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 22:57 . 2008-10-07 12:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-16 22:57 . 2008-10-07 12:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 22:57 . 2007-09-16 17:07 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-16 22:57 . 2007-09-16 17:07 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\program files\Fichiers communs\SWF Studio 2009-08-12 10:50 . 2009-08-30 06:21 21192 ----a-w- c:\windows\system32\dopdfmn6.dll 2009-08-12 10:50 . 2009-08-30 06:21 18632 ----a-w- c:\windows\system32\dopdfmi6.dll 2009-08-11 17:57 . 2009-03-22 08:07 -------- d-----w- c:\program files\TomTom HOME 2009-08-11 17:52 . 2008-04-20 14:27 -------- d-----w- c:\program files\American Conquest - Fight Back 2009-08-11 17:51 . 2008-04-20 13:59 -------- d-----w- c:\program files\American Conquest 2009-08-11 10:35 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-05 09:00 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 21:13 . 2009-08-04 21:13 -------- d-----w- c:\program files\The KMPlayer FR 2009-08-04 21:05 . 2009-08-04 21:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Media Player Classic 2009-08-04 21:05 . 2009-08-04 21:04 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll 2009-07-17 19:03 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 14:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-19 14:09 915456 ------w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-06-11 . 3F89432724DC5D72689E16F3354BCCFC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_21.31.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 16:34 . 2009-09-30 16:34 16384 c:\windows\temp\Perflib_Perfdata_770.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk backup=c:\windows\pss\PrintKey 2000 Fr.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GUILD WARS\\Gw.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8587:TCP"= 8587:TCP:BitComet 8587 TCP "8587:UDP"= 8587:UDP:BitComet 8587 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/04/2009 08:30 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [17/01/2008 00:38 22168] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26/10/2008 17:03 2915944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/09/2009 20:59 108289] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [16/07/2009 12:35 515803] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder Audio Edition\SysInfo.sys --> c:\program files\MediaCoder Audio Edition\SysInfo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [16/07/2009 12:35 10986] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.mediapluspro.com/mediaplus66/download/packages/_Installer/packageinstaller.ocx FF - ProfilePath - c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\extensions\[email protected]\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 18:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f4,eb,20,be,17,58,fc,a9,f6,4a,94,0c,6c,ed,f0,10,81,68,65,64,6f,c0,38, 65,e0,64,4b,8b,7b,d4,1a,f1,0d,ac,a9,df,3a,52,32,a4,ae,b0,2f,c5,01,29,b3,44,\ "??"=hex:81,d7,06,db,64,1d,a3,ec,b3,e8,5a,c2,80,d2,e7,76 [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:97,e8,20,42,c5,72,df,d8,5b,4f,89,98,18,e2,df,32,69,8d,09,77,9a, fd,b9,91,d7,1e,c8,19,fb,9f,d9,c2,1c,7e,ee,ac,cc,6f,be,e8,9c,53,e8,85,dd,96,\ "rkeysecu"=hex:10,ba,3d,de,73,7c,79,e7,59,00,84,3a,45,d0,97,bb [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2872) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe . ************************************************************************** . Heure de fin: 2009-09-30 18:40 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-30 16:40 ComboFix2.txt 2009-09-29 21:36 Avant-CF: 62 483 300 352 octets libres Après-CF: 62 471 671 808 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 267 --- E O F --- 2009-09-10 05:35 et la suite : Logfile of random's system information tool 1.06 (written by random/random) Run by Babel at 2009-09-30 19:14:35 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 60 GB (38%) free of 156 GB Total RAM: 2046 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:35, on 30/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Babel\Bureau\RSIT.exe D:\Download\HiJackThis\Babel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6074 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl] C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "HonorAutoRunSetting"=1 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3" "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-30 18:40:30 ----A---- C:\ComboFix.txt 2009-09-30 18:33:12 ----D---- C:\WINDOWS\temp 2009-09-29 23:43:38 ----D---- C:\rsit 2009-09-29 23:23:23 ----A---- C:\Boot.bak 2009-09-29 23:23:15 ----RASHD---- C:\cmdcons 2009-09-29 23:22:28 ----A---- C:\WINDOWS\zip.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWSC.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWREG.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\sed.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\PEV.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\grep.exe 2009-09-29 23:22:23 ----D---- C:\WINDOWS\ERDNT 2009-09-29 23:21:49 ----D---- C:\Qoobox 2009-09-25 18:35:43 ----RAD---- C:\autorun.inf 2009-09-23 23:38:29 ----D---- C:\_OTM 2009-09-23 00:21:41 ----A---- C:\TCleaner.txt 2009-09-21 23:38:26 ----D---- C:\Program Files\Garmin 2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll 2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation 2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll 2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com 2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-07 06:43:17 ----D---- C:\spoolerlogs 2009-09-06 20:59:54 ----D---- C:\Program Files\Avira 2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes 2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes ======List of files/folders modified in the last 1 months====== 2009-09-30 19:14:04 ----D---- C:\WINDOWS\Prefetch 2009-09-30 19:12:40 ----D---- C:\Program Files\Mozilla Firefox 2009-09-30 18:40:32 ----D---- C:\WINDOWS\system32\drivers 2009-09-30 18:40:32 ----D---- C:\WINDOWS\system32 2009-09-30 18:35:31 ----D---- C:\WINDOWS 2009-09-30 18:35:30 ----A---- C:\WINDOWS\system.ini 2009-09-30 18:35:22 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-30 18:34:55 ----N---- C:\WINDOWS\S96DCFBA0.tmp 2009-09-30 18:29:59 ----D---- C:\WINDOWS\AppPatch 2009-09-30 18:29:54 ----D---- C:\Program Files\Fichiers communs 2009-09-30 18:25:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-30 18:23:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-29 23:35:28 ----SD---- C:\WINDOWS\Tasks 2009-09-29 23:29:15 ----D---- C:\WINDOWS\system32\config 2009-09-29 23:23:23 ----RASH---- C:\boot.ini 2009-09-27 15:31:41 ----HD---- C:\WINDOWS\inf 2009-09-27 15:02:00 ----SHD---- C:\WINDOWS\Installer 2009-09-27 15:01:57 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-27 15:01:30 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-27 10:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-27 10:00:39 ----RSD---- C:\WINDOWS\assembly 2009-09-27 09:58:01 ----RD---- C:\Program Files 2009-09-27 09:57:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-27 09:57:27 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-27 09:56:17 ----D---- C:\Program Files\SWAT 4 2009-09-27 09:48:05 ----A---- C:\WINDOWS\win.ini 2009-09-27 09:48:04 ----D---- C:\WINDOWS\pss 2009-09-26 12:46:08 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-21 23:38:32 ----D---- C:\Garmin 2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 13:16:07 ----D---- C:\Warhammer Online - Age of Reckoning 2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft 2009-09-19 13:06:59 ----D---- C:\Program Files\Java 2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM 2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair 2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump 2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype 2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-12 14:19:17 ----N---- C:\WINDOWS\system32\svchost.exe 2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help 2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies 2009-09-12 14:16:38 ----D---- C:\NVIDIA 2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight 2009-09-10 07:33:47 ----A---- C:\WINDOWS\imsins.BAK 2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS 2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 catchme;catchme; \??\C:\DOCUME~1\Babel\LOCALS~1\Temp\catchme.sys [] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803] S3 a48nlf64;a48nlf64; C:\WINDOWS\system32\drivers\a48nlf64.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
- le 30 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

ComboFix 09-09-28.01 - Babel 29/09/2009 23:26.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1537 [GMT 2:00] Lancé depuis: c:\documents and settings\Babel\Bureau\bibitte.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Babel\Application Data\Microsoft\Clip Organizer\mstore10.mgc c:\documents and settings\Babel\Application Data\Microsoft\Clip Organizer\Offic10.MGC c:\windows\system32\drivers\4e5fab3d.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_4e5fab3d ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-29 )))))))))))))))))))))))))))))))))))) . 2009-09-23 21:38 . 2009-09-23 21:38 -------- d-----w- C:\_OTM 2009-09-21 21:38 . 2009-09-21 21:38 -------- d-----w- c:\program files\Garmin 2009-09-19 11:22 . 2009-09-19 11:22 -------- d-----w- c:\program files\CCleaner 2009-09-19 11:07 . 2009-09-19 11:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-12 12:55 . 2009-06-16 16:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-12 12:55 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 12:06 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2009-09-12 12:06 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2009-09-12 12:06 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\program files\ma-config.com 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-09-10 00:54 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 15:48 . 2009-09-07 15:48 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-09-07 04:43 . 2009-09-07 04:43 -------- d-----w- C:\spoolerlogs 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-06 19:03 . 2009-09-06 19:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-06 18:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-06 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-06 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-06 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\program files\Avira 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-06 18:42 . 2009-09-06 18:42 -------- d-----w- c:\documents and settings\Babel\Application Data\Malwarebytes 2009-09-06 18:41 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 18:41 . 2009-09-18 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 18:41 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 17:19 . 2009-09-06 17:19 -------- d-sh--w- c:\documents and settings\Babel\IECompatCache 2009-09-06 17:18 . 2009-09-06 17:18 -------- d-sh--w- c:\documents and settings\Babel\PrivacIE . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-27 08:00 . 2008-12-20 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-27 07:57 . 2002-08-30 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-27 07:57 . 2002-08-30 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-27 07:56 . 2008-04-03 09:09 -------- d-----w- c:\program files\SWAT 4 2009-09-19 20:33 . 2008-05-27 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-19 11:19 . 2008-01-16 22:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 11:15 . 2008-05-29 17:36 -------- d-----w- c:\program files\Lavasoft 2009-09-19 11:06 . 2008-05-31 08:59 -------- d-----w- c:\program files\Java 2009-09-19 08:36 . 2008-08-28 10:23 -------- d-----w- c:\program files\TOPCOM 2009-09-13 21:28 . 2008-08-29 09:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Skype 2009-09-12 12:19 . 2004-08-19 14:10 14336 ----a-w- c:\windows\system32\svchost.exe 2009-09-12 12:18 . 2008-05-29 17:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-12 12:18 . 2008-10-31 17:48 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-10 17:41 . 2009-04-12 16:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-30 06:22 . 2009-08-30 06:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland 2009-08-30 06:21 . 2009-08-30 06:21 -------- d-----w- c:\program files\Softland 2009-08-18 19:13 . 2009-08-18 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-08-18 19:13 . 2008-08-22 09:01 -------- d-----w- c:\program files\CDBurnerXP 2009-08-18 19:08 . 2008-01-16 22:05 69632 ----a-w- c:\documents and settings\Babel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll 2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-16 22:57 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-16 22:57 . 2008-10-07 12:33 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 22:57 . 2008-10-07 12:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-16 22:57 . 2008-10-07 12:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 22:57 . 2007-09-16 17:07 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-16 22:57 . 2007-09-16 17:07 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\program files\Fichiers communs\SWF Studio 2009-08-12 10:50 . 2009-08-30 06:21 21192 ----a-w- c:\windows\system32\dopdfmn6.dll 2009-08-12 10:50 . 2009-08-30 06:21 18632 ----a-w- c:\windows\system32\dopdfmi6.dll 2009-08-11 17:57 . 2009-03-22 08:07 -------- d-----w- c:\program files\TomTom HOME 2009-08-11 17:52 . 2008-04-20 14:27 -------- d-----w- c:\program files\American Conquest - Fight Back 2009-08-11 17:51 . 2008-04-20 13:59 -------- d-----w- c:\program files\American Conquest 2009-08-11 10:35 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-05 09:00 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 21:13 . 2009-08-04 21:13 -------- d-----w- c:\program files\The KMPlayer FR 2009-08-04 21:05 . 2009-08-04 21:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Media Player Classic 2009-08-04 21:05 . 2009-08-04 21:04 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll 2009-07-25 13:54 . 2009-07-25 13:50 24 --sh--w- c:\windows\S96DCFBA0.tmp 2009-07-17 19:03 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 14:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-19 14:09 915456 ----a-w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-06-11 . 3F89432724DC5D72689E16F3354BCCFC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys c:\windows\system32\drivers\beep.sys ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk backup=c:\windows\pss\PrintKey 2000 Fr.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GUILD WARS\\Gw.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8587:TCP"= 8587:TCP:BitComet 8587 TCP "8587:UDP"= 8587:UDP:BitComet 8587 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/04/2009 08:30 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [17/01/2008 00:38 22168] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26/10/2008 17:03 2915944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/09/2009 20:59 108289] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [16/07/2009 12:35 515803] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder Audio Edition\SysInfo.sys --> c:\program files\MediaCoder Audio Edition\SysInfo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [16/07/2009 12:35 10986] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.mediapluspro.com/mediaplus66/download/packages/_Installer/packageinstaller.ocx FF - ProfilePath - c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\extensions\[email protected]\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) AddRemove-BitComet - c:\program files\BitComet\uninst.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 23:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f4,eb,20,be,17,58,fc,a9,f6,4a,94,0c,6c,ed,f0,10,81,68,65,64,6f,c0,38, 65,e0,64,4b,8b,7b,d4,1a,f1,0d,ac,a9,df,3a,52,32,a4,ae,b0,2f,c5,01,29,b3,44,\ "??"=hex:81,d7,06,db,64,1d,a3,ec,b3,e8,5a,c2,80,d2,e7,76 [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:97,e8,20,42,c5,72,df,d8,5b,4f,89,98,18,e2,df,32,69,8d,09,77,9a, fd,b9,91,d7,1e,c8,19,fb,9f,d9,c2,1c,7e,ee,ac,cc,6f,be,e8,9c,53,e8,85,dd,96,\ "rkeysecu"=hex:10,ba,3d,de,73,7c,79,e7,59,00,84,3a,45,d0,97,bb [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(924) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-09-29 23:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-29 21:35 Avant-CF: 62 513 254 400 octets libres Après-CF: 62 481 145 856 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 270 --- E O F --- 2009-09-10 05:35 et voici le rapport suivant : Logfile of random's system information tool 1.06 (written by random/random) Run by Babel at 2009-09-29 23:43:38 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 60 GB (38%) free of 156 GB Total RAM: 2046 MB (75% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:43:43, on 29/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\update.exe C:\Documents and Settings\Babel\Bureau\RSIT.exe D:\Download\HiJackThis\Babel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6260 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl] C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "HonorAutoRunSetting"=1 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3" "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-29 23:43:38 ----D---- C:\rsit 2009-09-29 23:36:01 ----A---- C:\ComboFix.txt 2009-09-29 23:29:01 ----D---- C:\WINDOWS\temp 2009-09-29 23:23:23 ----A---- C:\Boot.bak 2009-09-29 23:23:15 ----RASHD---- C:\cmdcons 2009-09-29 23:22:28 ----A---- C:\WINDOWS\zip.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWSC.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWREG.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\sed.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\PEV.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\grep.exe 2009-09-29 23:22:23 ----D---- C:\WINDOWS\ERDNT 2009-09-29 23:21:49 ----D---- C:\Qoobox 2009-09-25 18:35:43 ----RAD---- C:\autorun.inf 2009-09-23 23:38:29 ----D---- C:\_OTM 2009-09-23 00:21:41 ----A---- C:\TCleaner.txt 2009-09-21 23:38:26 ----D---- C:\Program Files\Garmin 2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll 2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation 2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll 2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com 2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-07 06:43:17 ----D---- C:\spoolerlogs 2009-09-06 20:59:54 ----D---- C:\Program Files\Avira 2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes 2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll 2009-08-30 08:21:20 ----D---- C:\Program Files\Softland ======List of files/folders modified in the last 1 months====== 2009-09-29 23:41:16 ----D---- C:\Program Files\Mozilla Firefox 2009-09-29 23:36:04 ----D---- C:\WINDOWS\system32\drivers 2009-09-29 23:36:04 ----D---- C:\WINDOWS\system32 2009-09-29 23:35:28 ----SD---- C:\WINDOWS\Tasks 2009-09-29 23:31:56 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-29 23:31:51 ----D---- C:\WINDOWS 2009-09-29 23:31:51 ----A---- C:\WINDOWS\system.ini 2009-09-29 23:29:15 ----D---- C:\WINDOWS\system32\config 2009-09-29 23:27:59 ----D---- C:\WINDOWS\AppPatch 2009-09-29 23:27:56 ----D---- C:\Program Files\Fichiers communs 2009-09-29 23:23:23 ----RASH---- C:\boot.ini 2009-09-29 23:22:38 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-29 23:22:25 ----D---- C:\WINDOWS\Prefetch 2009-09-27 15:31:41 ----HD---- C:\WINDOWS\inf 2009-09-27 15:02:00 ----SHD---- C:\WINDOWS\Installer 2009-09-27 15:02:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-27 15:01:57 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-27 15:01:30 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-27 10:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-27 10:00:39 ----RSD---- C:\WINDOWS\assembly 2009-09-27 09:58:01 ----RD---- C:\Program Files 2009-09-27 09:57:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-27 09:57:27 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-27 09:56:17 ----D---- C:\Program Files\SWAT 4 2009-09-27 09:48:05 ----A---- C:\WINDOWS\win.ini 2009-09-27 09:48:04 ----D---- C:\WINDOWS\pss 2009-09-26 12:46:08 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-21 23:38:32 ----D---- C:\Garmin 2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 13:16:07 ----D---- C:\Warhammer Online - Age of Reckoning 2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft 2009-09-19 13:06:59 ----D---- C:\Program Files\Java 2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM 2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair 2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump 2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype 2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-12 14:19:17 ----N---- C:\WINDOWS\system32\svchost.exe 2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help 2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies 2009-09-12 14:16:38 ----D---- C:\NVIDIA 2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight 2009-09-10 07:33:47 ----A---- C:\WINDOWS\imsins.BAK 2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS 2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 catchme;catchme; \??\C:\bibitte\catchme.sys [] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803] S3 a7812lml;a7812lml; C:\WINDOWS\system32\drivers\a7812lml.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
- le 29 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

OK pas de soucis, il n'y a pas le feu ! Le PC tourne bien et ces "copains" ne m'empêchent pas de dormir pour le moment
- le 29 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Voilà ! Je n'ai pas eu l'occasion de décocher tout ce qui n'était pas "file" et "services" avant de lancer alors ça a pris un bon moment GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-09-29 06:42:03 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Babel\LOCALS~1\Temp\awpyqfob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwCreateEvent [0xB4254995] SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwCreateKey [0xB4252985] SSDT B86B9944 ZwCreateThread SSDT B86B9953 ZwDeleteKey SSDT B86B995D ZwDeleteValueKey SSDT spgv.sys ZwEnumerateKey [0xB7EC5CA4] SSDT spgv.sys ZwEnumerateValueKey [0xB7EC6032] SSDT B86B9962 ZwLoadKey SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwOpenKey [0xB4252A45] SSDT B86B9930 ZwOpenProcess SSDT B86B9935 ZwOpenThread SSDT spgv.sys ZwQueryKey [0xB7EC610A] SSDT spgv.sys ZwQueryValueKey [0xB7EC5F8A] SSDT B86B996C ZwReplaceKey SSDT B86B9967 ZwRestoreKey SSDT B86B9958 ZwSetValueKey SSDT B86B993F ZwTerminateProcess INT 0x62 ? 8A853BF8 INT 0x63 ? 8A853BF8 INT 0x63 ? 8A853BF8 INT 0x63 ? 8A669BF8 INT 0x63 ? 8A669BF8 INT 0x63 ? 8A853BF8 INT 0x82 ? 8A853BF8 INT 0x84 ? 8A669BF8 INT 0x94 ? 8A669BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spgv.sys Le fichier spécifié est introuvable. ! .text USBPORT.SYS!DllUnload B6F598AC 5 Bytes JMP 8A6691D8 .text an2q9dft.SYS B6EE4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text an2q9dft.SYS B6EE43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text an2q9dft.SYS B6EE43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text an2q9dft.SYS B6EE43C9 1 Byte [30] .text an2q9dft.SYS B6EE43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ? C:\WINDOWS\System32\drivers\4e5fab3d.sys Le fichier spécifié est introuvable. ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA8042] spgv.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA813E] spgv.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA80C0] spgv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA8800] spgv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA86D6] spgv.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EB7E9C] spgv.sys IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 4e5fab3d.sys Device \FileSystem\Ntfs \Ntfs 8A8521F8 Device \Driver\Tcpip \Device\Ip 4e5fab3d.sys Device \Driver\sptd \Device\668650070 spgv.sys Device \Driver\usbuhci \Device\USBPDO-0 8A6681F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7E21F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A7E21F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A7E21F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A7E21F8 Device \Driver\usbuhci \Device\USBPDO-1 8A6681F8 Device \Driver\usbuhci \Device\USBPDO-2 8A6681F8 Device \Driver\usbuhci \Device\USBPDO-3 8A6681F8 Device \Driver\usbehci \Device\USBPDO-4 8A5DE1F8 Device \Driver\Tcpip \Device\Tcp 4e5fab3d.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8541F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8541F8 Device \Driver\Cdrom \Device\CdRom0 8A66C1F8 Device \Driver\Cdrom \Device\CdRom1 8A66C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8541F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B2EA5F4E-C4CC-4399-8981-765D0FBFAA9A} 8A52C1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A52C1F8 Device \Driver\NetBT \Device\NetbiosSmb 8A52C1F8 Device \Driver\usbstor \Device\00000086 8A4D11F8 Device \Driver\PCI_PNP6320 \Device\0000004d spgv.sys Device \Driver\usbstor \Device\00000087 8A4D11F8 Device \Driver\Tcpip \Device\Udp 4e5fab3d.sys Device \Driver\Tcpip \Device\RawIp 4e5fab3d.sys Device \Driver\usbuhci \Device\USBFDO-0 8A6681F8 Device \Driver\usbuhci \Device\USBFDO-1 8A6681F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5261F8 Device \Driver\Tcpip \Device\IPMULTICAST 4e5fab3d.sys Device \Driver\usbuhci \Device\USBFDO-2 8A6681F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5261F8 Device \Driver\usbuhci \Device\USBFDO-3 8A6681F8 Device \Driver\usbehci \Device\USBFDO-4 8A5DE1F8 Device \Driver\Ftdisk \Device\FtControl 8A8541F8 Device \Driver\an2q9dft \Device\Scsi\an2q9dft1Port4Path0Target0Lun0 8A59F408 Device \Driver\an2q9dft \Device\Scsi\an2q9dft1 8A59F408 Device \FileSystem\Cdfs \Cdfs 8A2C3500 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\System32\drivers\4e5fab3d.sys (*** hidden *** ) [sYSTEM] 4e5fab3d <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@Type 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@Start 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@kadfmmqr 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6 Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ... Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@group file system Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@imagepath \systemroot\system32\drivers\rotscxkmotuqpf.sys Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@aid 10001 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@sid 2 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@cmddelay 14400 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\injector@* rotscxwsp8.dll Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\[email protected] \systemroot\system32\drivers\rotscxkmotuqpf.sys Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\[email protected] \systemroot\system32\rotscxqmobxxrc.dll Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\[email protected] \systemroot\system32\rotscxftabuyxm.dat Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\[email protected] \systemroot\system32\rotscxbnmvtrnv.dll Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\[email protected] \systemroot\system32\rotscxdjntidqo.dat Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\[email protected] \systemroot\system32\rotscxhxrevsie.dll Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x07 0x84 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0xAE 0xD5 0x5E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xD3 0x8F 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x91 0x9B 0x16 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@kadfmmqr 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@Type 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@Start 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@ErrorControl 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@kadfmmqr 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6 Reg HKLM\SYSTEM\controlset004\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8 Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ... Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ... Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\EncryptedDirectories@ Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ... Reg HKLM\SYSTEM\controlset004\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll ---- EOF - GMER 1.0.15 ----
- le 29 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Les 2 services correspondant à Avira (Guard et Scheduler) sont bien en l'état "Démarré" et en type "Automatique" et en plus du centre de sécurité en rouge je reçois périodiquement un "pop-up" d'Avira précisant que ma mise à jour date de + de 1 jour alors que je la mets à jour manuellement chaque jour !
- le 28 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Je ne trouve rien dans Démarrer/Tous les programmes/Démarrage ... la boite est vide
- le 27 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

Pour le fix en .reg, il s'est bien incorporé au registre, mais riçen n'a changé au redémarrage Pour les lenteurs à l'arrêt, ça ne le fait plus pour le moment mais j'irais vérifier plus tard les différentes pistes recommandées dans le lien que tu m'a transmis Pour les autres PC sous UBUNTU, je savais que eux ne risquaient rien, mais j'avais un doute sur leur comportement en tant que "porteur sain" à savoir s'ils pouvaient juste propager le "virus" sans pour autant en "souffrir" eux-m^me !? (au m^me titre que certains humains peuvent être immunisé contre certaines maladies mais rester un vecteur de transmission à d'autres !) Pour le dernier PC sous Windows XP, voici le log de USBFix : ############################## | UsbFix V6.036 | User : Cecile (Administrateurs) # ZOE-2 Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 10:56:35 | 27/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html AMD Athlon processor Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : avast! antivirus 4.8.1351 [VPS 090926-1] 4.8.1351 [ Enabled | Updated ] A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 128 Go (111,33 Go free) # NTFS D:\ -> Disque CD-ROM E:\ -> Disque amovible # 1009,45 Mo (975,52 Mo free) [uSB EIFFAGE] # FAT ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe ################## | Fichiers # Dossiers infectieux | Supprimé ! E:\autorun.inf ################## | Registre # Clés Run infectieuses | ################## | Registre # Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{17d77090-84e4-11de-8b17-000e2ea6ff6b}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [14/03/2009 21:32|--a------|0] C:\AUTOEXEC.BAT [14/03/2009 21:24|---hs----|212] C:\boot.ini [28/09/2001 14:00|-rahs----|4952] C:\Bootfont.bin [14/03/2009 21:32|--a------|0] C:\CONFIG.SYS [?|?|?] C:\hiberfil.sys [14/03/2009 21:32|-rahs----|0] C:\IO.SYS [14/03/2009 21:32|-rahs----|0] C:\MSDOS.SYS [03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM [14/03/2009 21:49|-rahs----|252240] C:\ntldr [?|?|?] C:\pagefile.sys [27/09/2009 10:59|--a------|2435] C:\UsbFix.txt [28/08/2008 16:36|--a------|64] E:\valkirie-wpa.txt [24/09/2009 18:04|--a------|1232175] E:\UsbFix.exe [01/09/2009 16:12|--a------|19739] E:\AccessEnt6095.rtf [06/09/2009 20:52|--a------|33961728] E:\avira_antivir_personal_en.exe [20/09/2009 13:01|--a------|308160] E:\avast_home_setup.exe ################## | Vaccination | # C:\autorun.inf -> Folder created by UsbFix. # E:\autorun.inf -> Folder created by UsbFix. ################## | Upload | Veuillez envoyer le fichier : C:\DOCUME~1\Cecile\Bureau\UsbFix_Upload_Me_ZOE-2.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.036 ! | Ce qui me semble étonnant à lire ce rapport, c'est que c'est de nouveau une de mes clefs précédement nettoyée par USBFix qui semble infectée !!! Je n'ai pas su envoyé le rapport directement à l'adresse indiquée car la connection WiFi n'était pas opérationnelle suite au reboot via USBFix ! Dois-je l'envoyer d'ici ?
- le 27 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

OK pour la désinstallation de UsbFix Pour le reste, je vois encore 2 "petits" soucis : 1. L'alerte sécurité Windows qyui m'indique qu'antivir ne se met pas à jour automatiquement ! En fait il est à jour suite à une demande de mise à jour "manuelle" de ma part mais je ne sais pas ce que ça va donner les prochains jours !? 2. la fermeture de Windows est tres tres longue et ce n'était pas le cas dans le courant de la semaine Le mode sans échec refonctionne correctement J'aimerais aussi savoir la suite à donner (si nécessaire) sur les autres machines de mon réseau où les scan antivirus et malwarebytes n'indiquent rien d'anormal sachant que mes clefs USB son passée d'une à l'autre dont certaines machines sous UBUNTU
- le 26 septembre 2009
- 62 réponses
[Résolu] Infections multiples

PatOtj a répondu à un(e) sujet de PatOtj dans Analyses et éradication malwares

j'avais déjà l'option "activer les fichiers caché" J'ai repassé une couche de USBFix avec ma clef du taf connactée et il n'a plus rien trouvé J'ai relancé Kapersky online et il n'a plus rien, trouvé non plus voic son rapport : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, September 26, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, September 25, 2009 17:48:50 Records in database: 2919464 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ K:\ Scan statistics: Objects scanned: 204078 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 08:41:31 No threats found. Scanned area is clean. Selected area has been scanned.
- le 26 septembre 2009
- 62 réponses

Connexion

PatOtj

Compteur de contenus

Inscription

Dernière visite

Contact Methods

Autres informations

PatOtj's Achievements

Member (4/12)

Réputation sur la communauté

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

[Résolu] Infections multiples

Zebulon

Outils en ligne

Naviguer