Michael75

Opérations effectuées ! Log RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by F86SYH at 2009-09-15 17:21:14 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 8 GB (22%) free of 38 GB Total RAM: 1022 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:21:48, on 15/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\Program Files\Citrix\Client ICA\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\stsystra.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Documents and Settings\F86SYH\Bureau\RSIT.exe C:\Documents and Settings\F86SYH\Bureau\F86SYH.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = squid.cegedim.fr:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: WinBar.lnk = C:\Qoobox\Quarantine\C\Program Files\WinBar\WinBar.exe.vir O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154765218234 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pyrenees.net O17 - HKLM\Software\..\Telephony: DomainName = pyrenees.net O17 - HKLM\System\CCS\Services\Tcpip\..\{29844E54-7345-4116-9267-C6D009F71889}: NameServer = 172.17.124.61,172.17.124.62 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pyrenees.net O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10335 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784] "Document Manager"=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2006-03-09 98304] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182] "WinVNC"=C:\Program Files\RealVNC\WinVNC\WinVNC.exe [2003-03-05 335872] "vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2002-09-02 77824] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-19 7401472] "nwiz"=nwiz.exe /installquiet [] "NVHotkey"=nvHotkey.dll,Start [] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712] "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-08-23 968696] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480] "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-08-09 288048] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\Démarrage WinBar.lnk - C:\Qoobox\Quarantine\C\Program Files\WinBar\WinBar.exe.vir [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2002-07-30 45056] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HomePlayer\bin\HomePlayer.exe"="C:\Program Files\HomePlayer\bin\HomePlayer.exe:*:Enabled:HomePlayer" "C:\Documents and Settings\F86SYH\Mes documents\Programmes et Mises à jour\Freeplayer-Win32-20050905\Freeplayer\vlc\vlc.exe"="C:\Documents and Settings\F86SYH\Mes documents\Programmes et Mises à jour\Freeplayer-Win32-20050905\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe"="C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO" ======List of files/folders created in the last 1 months====== 2009-09-15 17:21:14 ----D---- C:\rsit 2009-09-15 17:08:55 ----SD---- C:\ComboFix 2009-09-15 10:49:22 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL 2009-09-15 10:49:22 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL 2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudPlayer.dll 2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudioVisu.dll 2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudioRecord.dll 2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudioInfos.dll 2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL 2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\TABCTFR.DLL 2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\inetfr.DLL 2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\AudFile.dll 2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\AudDisplay.dll 2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\AudDesign.dll 2009-09-15 10:49:13 ----D---- C:\Program Files\Free Audio Pack 2009-09-15 10:49:13 ----A---- C:\WINDOWS\system32\lame_enc.dll 2009-09-15 10:49:13 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL 2009-09-13 21:51:02 ----SHD---- C:\RECYCLER 2009-09-13 17:10:42 ----A---- C:\ComboFix.txt 2009-09-13 17:03:34 ----D---- C:\WINDOWS\temp 2009-09-13 13:36:54 ----A---- C:\Boot.bak 2009-09-13 13:36:38 ----RASHD---- C:\cmdcons 2009-09-12 13:12:51 ----D---- C:\ComboTestFix 2009-09-09 20:09:06 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll 2009-09-09 20:09:03 ----A---- C:\WINDOWS\system32\vsregexp.dll 2009-09-09 20:09:03 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll 2009-09-09 20:09:01 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2009-09-09 20:09:01 ----A---- C:\WINDOWS\system32\zlcomm.dll 2009-09-09 20:08:55 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-09-09 20:08:55 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-09-09 20:08:54 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-09-09 20:08:54 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-09-09 20:08:54 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-09-09 20:08:19 ----D---- C:\Program Files\Zone Labs 2009-09-09 20:08:04 ----A---- C:\WINDOWS\system32\vsutil.dll 2009-09-09 20:08:04 ----A---- C:\WINDOWS\system32\vsinit.dll 2009-09-07 22:23:02 ----A---- C:\WINDOWS\system32\vsdata.dll 2009-09-07 22:22:19 ----D---- C:\WINDOWS\Internet Logs 2009-09-06 00:59:08 ----D---- C:\WINDOWS\ERDNT 2009-09-05 13:00:15 ----D---- C:\WINDOWS\Minidump 2009-09-05 11:36:53 ----A---- C:\avenger.txt 2009-09-02 23:21:39 ----A---- C:\List'em.txt 2009-09-02 23:17:07 ----D---- C:\Documents and Settings\F86SYH\Application Data\Malwarebytes 2009-09-02 23:16:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-02 23:16:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes ======List of files/folders modified in the last 1 months====== 2009-09-15 17:21:27 ----D---- C:\WINDOWS\Prefetch 2009-09-15 17:21:26 ----D---- C:\Documents and Settings\F86SYH\Application Data\uTorrent 2009-09-15 17:20:48 ----SHD---- C:\System Volume Information 2009-09-15 17:20:48 ----D---- C:\WINDOWS\system32\Restore 2009-09-15 17:20:33 ----SHD---- C:\WINDOWS\Installer 2009-09-15 17:20:32 ----D---- C:\Config.Msi 2009-09-15 17:20:31 ----D---- C:\WINDOWS\system32 2009-09-15 17:20:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-15 17:20:00 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-09-15 17:19:54 ----D---- C:\WINDOWS\WinSxS 2009-09-15 17:19:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-09-15 17:19:29 ----D---- C:\Program Files\Adobe 2009-09-15 17:17:29 ----HD---- C:\WINDOWS\inf 2009-09-15 17:17:21 ----D---- C:\WINDOWS 2009-09-15 17:16:47 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-09-15 17:16:26 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-15 17:16:26 ----A---- C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt 2009-09-15 17:16:20 ----A---- C:\WINDOWS\ModemLog_Dell Wireless 5505 Mobile Broadband (3G HSDPA) Minicard Modem.txt 2009-09-15 17:16:20 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 2009-09-15 17:15:19 ----D---- C:\WINDOWS\security 2009-09-15 17:15:16 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-15 10:49:13 ----RD---- C:\Program Files 2009-09-15 10:00:43 ----D---- C:\Program Files\Mozilla Firefox 2009-09-14 19:14:35 ----D---- C:\WINDOWS\system32\drivers 2009-09-13 22:15:53 ----D---- C:\Program Files\RealVNC 2009-09-13 21:53:37 ----D---- C:\WINDOWS\Help 2009-09-13 17:07:05 ----A---- C:\WINDOWS\system.ini 2009-09-13 17:03:56 ----D---- C:\WINDOWS\system32\config 2009-09-13 17:03:12 ----SD---- C:\Documents and Settings\F86SYH\Application Data\Microsoft 2009-09-13 16:57:09 ----D---- C:\WINDOWS\AppPatch 2009-09-13 16:57:04 ----D---- C:\Program Files\Fichiers communs 2009-09-13 16:07:44 ----D---- C:\Program Files\SpywareBlaster 2009-09-13 15:07:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-09-13 13:36:54 ----RASH---- C:\boot.ini 2009-09-12 13:11:07 ----SHD---- C:\WINDOWS\CSC 2009-09-10 14:17:31 ----A---- C:\WINDOWS\AviSplitter.INI 2009-09-06 14:12:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 12:52:55 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-08-23 392824] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-25 21275] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544] R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS [] R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 eDataVideoCap;eDataVideoCap; C:\WINDOWS\system32\DRIVERS\eDataVideoCap.sys [2007-12-13 25600] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NAVAP;NAVAP; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys [] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070124.024\NAVENG.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070124.024\NAVEX15.sys [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-19 3595296] R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-14 155264] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver; C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-03-08 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-03-08 77952] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-22 47104] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-04 32128] S3 BCOREUSB;BCOREUSB.Sys CSR test driver; C:\WINDOWS\System32\Drivers\BCOREUSB.sys [2005-10-03 86867] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274944] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760] S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-30 18560] S3 RDID1046;EDIROL UA-25; C:\WINDOWS\system32\Drivers\rdwm1046.sys [2004-04-02 163390] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648] S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\system32\Drivers\SYMIDSCO.SYS [] S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712] S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928] S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480] S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848] S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048] S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-03-25 315392] R2 DefWatch;DefWatch; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [2002-09-02 32768] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753] R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928] R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [2002-09-03 581632] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-19 143428] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745] R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.7 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe [2005-11-30 180224] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-08-23 75768] R2 winvnc;VNC Server; C:\Program Files\RealVNC\WinVNC\WinVNC.exe [2003-03-05 335872] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- Info RSIT info.txt logfile of random's system information tool 1.06 2009-09-15 17:21:52 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Access Companion-->C:\WINDOWS\system32\DmUninst.exe -dm Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Advanced Office Password Recovery (remove only)-->C:\Program Files\Elcomsoft\AOPR\uninstall.exe ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE Any Video Converter 2.5.8-->"C:\Program Files\Any Video Converter\unins000.exe" Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5} Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643} Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE} Cakewalk VST Adapter 4-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG Client MetaFrame Presentation Server-->MsiExec.exe /I{2C42ED1E-6315-4E63-89E6-057EA114EBB8} Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28} Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel Document Manager Lite-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1036 DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2 EMBASSY Security Center-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88} EMBASSY Trust Suite by Wave Systems-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9 ETS Launch Pad-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3} FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe" Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Documents and Settings\F86SYH\Bureau\HijackThis.exe" /uninstall HomePlayer-->C:\WINDOWS\iun6002.exe "C:\Program Files\HomePlayer\irunin.ini" Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logiciel Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} MediaInfo 0.7.7.6-->C:\Program Files\MediaInfo\uninst.exe mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} MKVtoolnix 1.6.5-->C:\Program Files\MKVtoolnix\uninst.exe mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB} Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe Mozilla Firefox (2.0.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Multimedia Conference version 3.2.0.3-->RunDll32 C:\WINDOWS\system32\advpack.dll,LaunchINFSection C:\WINDOWS\INF\eDataV3_3_2_0_3.inf,DefaultUninstall mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel NTRU Hybrid TSS v2.0.7-->MsiExec.exe /I{D1183FA8-AA29-4C82-B998-9593D7AF42FE} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1036 Paint.NET v3.10-->MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE PowerDVD 5.7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerPaint 2.50-->"C:\Program Files\FLISoft\PowerPaint\unins000.exe" Preboot Manager-->MsiExec.exe /I{AE765884-4770-4A92-82D9-AB3192512B31} Private Information Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809} QuickSet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x40c APPDRVNT4 QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe Secure Update-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} Security Wizards-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1036 SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe SONAR LE-->C:\PROGRA~1\Cakewalk\SONARL~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONARL~1\INSTALL.LOG SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe" Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E} TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui" VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} VNC 3.3.7-->"C:\Program Files\RealVNC\unins000.exe" Wave Infrastructure Installer-->MsiExec.exe /I{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F} Wave Support Software-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6CDAED1C-5B60-4818-88A7-E4A90CD367AF} /l1036 Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== FW: ZoneAlarm Firewall ======System event log====== Computer Name: FRPRN236 Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 9306 Source Name: MRxSmb Time Written: 20090908165401.000000+120 Event Type: Avertissement User: Computer Name: FRPRN236 Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 9305 Source Name: MRxSmb Time Written: 20090908165357.000000+120 Event Type: Avertissement User: Computer Name: FRPRN236 Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 9304 Source Name: MRxSmb Time Written: 20090908165355.000000+120 Event Type: Avertissement User: Computer Name: FRPRN236 Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 9303 Source Name: MRxSmb Time Written: 20090908165354.000000+120 Event Type: Avertissement User: Computer Name: FRPRN236 Event Code: 3019 Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion. Record Number: 9302 Source Name: MRxSmb Time Written: 20090908165353.000000+120 Event Type: Avertissement User: =====Application event log===== Computer Name: FRPRN236 Event Code: 14 Message: Le démarrage des services Symantec AntiVirus a réussi. Record Number: 13705 Source Name: Norton AntiVirus Time Written: 20090719221411.000000+120 Event Type: Informations User: Computer Name: FRPRN236 Event Code: 23 Message: Protection temps réel Symantec AntiVirus chargée. Record Number: 13704 Source Name: Norton AntiVirus Time Written: 20090719221409.000000+120 Event Type: Informations User: Computer Name: FRPRN236 Event Code: 1000 Message: Impossible d'exécuter le script suivant \\pyrenees.net\SysVol\pyrenees.net\scripts\AddLocalAdmins.vbs.L'emplacement réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution des problèmes du réseau, consultez l'aide de Windows. Record Number: 13703 Source Name: UserInit Time Written: 20090719221401.000000+120 Event Type: erreur User: Computer Name: FRPRN236 Event Code: 1000 Message: Impossible d'exécuter le script suivant \\pyrenees.net\SysVol\pyrenees.net\scripts\AddLocalAdmins.vbs.L'emplacement réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution des problèmes du réseau, consultez l'aide de Windows. Record Number: 13702 Source Name: UserInit Time Written: 20090719221401.000000+120 Event Type: erreur User: Computer Name: FRPRN236 Event Code: 0 Message: Record Number: 13701 Source Name: RegSrvc Time Written: 20090719221401.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0e08 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "tvdumpflags"=8 -----------------EOF-----------------

Et un petit dernier pour la route... Aucun élément nuisible détecté ! Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2796 Windows 5.1.2600 Service Pack 2 14/09/2009 23:22:34 mbam-log-2009-09-14 (23-22-34).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 173703 Temps écoulé: 34 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Nouveau rapport après reboot : Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2796 Windows 5.1.2600 Service Pack 2 14/09/2009 22:29:59 mbam-log-2009-09-14 (22-29-59).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 173508 Temps écoulé: 59 minute(s), 2 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 10 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047913.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047914.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047915.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047916.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047917.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047918.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047919.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047920.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047921.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP105\A0047922.dll (Rogue.Installer) -> Quarantined and deleted successfully.

Nouvel épisode (le final ?). Rapport MBAM : Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2796 Windows 5.1.2600 Service Pack 2 14/09/2009 21:20:13 mbam-log-2009-09-14 (21-20-13).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 173430 Temps écoulé: 33 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 28 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\Total Security (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\14328754\14328754.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\15350624\15350624.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\16236254\16236254.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\htmlayout.dll.vir (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\Uninstall.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0035243.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0035288.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0038353.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0038362.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0038368.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0038390.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0039739.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104\A0047442.exe (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\POD\PI9\pibase.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\POD\PI9\piview.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\POD\COMMON\MSSHARED\PI\pibase.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\PI9\cutout.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\PI9\pibase.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\PI9\piedit.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\PI9\piservr5.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\PI9\pitask.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\PI9\1036\pitres.dll (Rogue.Installer) -> Quarantined and deleted successfully. E:\Disque FREECOM Michaël\Back Up - Ordi fixe Mic\Programmes et mises à jour\Photo Pro 9 - CD1\PIP\COMMON\MSSHARED\PI\pibase.dll (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (Trojan.Agent) -> Delete on reboot. J'ai fait le reboot préconisé après la première analyse, j'en relance une pour vérifier !!

Rapport après étape 4 (DrWeb) : vncviewer.exe C:\Program Files\RealVNC Program.RemoteAdmin cru629.dat.vir C:\Qoobox\Quarantine\C\WINDOWS\system32 Trojan.Proxy.1739 Supprimé. A0047272.sys C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104 Trojan.NtRootKit.3206 Supprimé. esebpiip.piw C:\WINDOWS\system32 Win32.HLLW.Autoruner.5555 Supprimé.

Rapport après etape 3 (avec Fichier) : ComboFix 09-09-12.A0 - F86SYH 13/09/2009 16:54.8.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.603 [GMT 2:00] Lancé depuis: c:\documents and settings\F86SYH\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\F86SYH\Bureau\CFScript.txt FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe" "c:\documents and settings\F86SYH\Application Data\Microsoft\vovoowyvy.exe" "c:\documents and settings\F86SYH\Menu Démarrer\Programmes\Démarrage\ikowin32.exe" "c:\documents and settings\F86SYH\reader_s.exe" "c:\documents and settings\F86SYH\sys32_nov.exe" "c:\windows\giqyriz.com" "c:\windows\system32\jeluwydor.exe" "c:\windows\system32\reader_s.exe" "c:\windows\system32\sys32_nov.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe c:\documents and settings\F86SYH\Application Data\Microsoft\vovoowyvy.exe c:\documents and settings\F86SYH\Application Data\wiaserva.log c:\documents and settings\F86SYH\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\giqyriz.com c:\windows\system32\cru629.dat c:\windows\system32\jeluwydor.exe c:\windows\system32\wisdstr.exe Une copie infectée de c:\windows\system32\drivers\AGP440.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\AGP440.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACBEDLEIN6AYM -------\Service_acbedlein6aym ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-13 au 2009-09-13 )))))))))))))))))))))))))))))))))))) . 2009-09-13 12:55 . 2009-09-13 13:14 -------- d-----w- c:\documents and settings\F86SYH\DoctorWeb 2009-09-12 11:12 . 2009-09-12 11:18 -------- d-----w- C:\ComboTestFix 2009-09-09 18:45 . 2009-09-13 12:16 182912 ----a-w- c:\windows\system32\dllcache\ndis.sys 2009-09-09 18:09 . 2006-08-23 21:39 42920 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-09-09 18:09 . 2006-08-23 21:38 83960 ----a-w- c:\windows\system32\zlcomm.dll 2009-09-09 18:09 . 2006-08-23 21:38 71672 ----a-w- c:\windows\system32\zlcommdb.dll 2009-09-09 18:08 . 2009-09-09 18:09 -------- d-----w- c:\windows\system32\ZoneLabs 2009-09-09 18:08 . 2009-09-09 18:08 -------- d-----w- c:\program files\Zone Labs 2009-09-07 20:25 . 2009-09-09 18:11 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-09-07 20:22 . 2009-09-13 15:06 -------- d-----w- c:\windows\Internet Logs 2009-09-05 13:15 . 2004-08-05 11:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-05 13:15 . 2004-08-05 11:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys 2009-09-02 21:17 . 2009-09-02 21:17 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 21:16 . 2009-09-02 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 21:16 . 2009-09-02 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 15:07 . 2008-01-20 12:42 -------- d-----w- c:\documents and settings\F86SYH\Application Data\uTorrent 2009-09-13 15:04 . 2007-01-09 04:10 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-13 14:55 . 2004-08-19 12:03 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-13 14:55 . 2004-08-19 12:03 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-13 14:07 . 2006-08-05 06:54 -------- d-----w- c:\program files\SpywareBlaster 2009-09-13 12:16 . 2004-08-19 12:03 182912 ------w- c:\windows\system32\drivers\ndis.sys 2009-09-09 18:06 . 2007-01-09 04:41 194760 ----a-w- c:\windows\system32\nvModes.dat 2009-09-06 12:12 . 2008-03-20 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-10 01:51 . 2008-12-01 17:13 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Any Video Converter 2009-07-15 17:27 . 2007-01-29 10:01 -------- d-----w- c:\documents and settings\F86SYH\Application Data\ICAClient 2009-06-15 16:50 . 2007-01-30 16:26 50888 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 13:42 . 2007-02-19 13:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot_2009-09-12_11.15.36 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-19 12:03 . 2009-09-13 14:55 71974 c:\windows\system32\perfc009.dat - 2004-08-19 12:03 . 2009-09-12 11:06 71974 c:\windows\system32\perfc009.dat + 2004-08-19 12:11 . 2004-08-03 22:07 42368 c:\windows\system32\drivers\AGP440.sys + 2004-08-19 12:03 . 2004-08-05 11:00 68096 c:\windows\system32\dllcache\sti.dll + 2004-08-19 12:03 . 2009-09-13 14:55 440940 c:\windows\system32\perfh009.dat - 2004-08-19 12:03 . 2009-09-12 11:06 440940 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-09 288048] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=rddv1046.dll "midi2"=rddv1046.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\1] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Maladeta.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Push Config Maladeta Paris.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\1\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\bin\\HomePlayer.exe"= "c:\\Documents and Settings\\F86SYH\\Mes documents\\Programmes et Mises à jour\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20609:TCP"= 20609:TCP:MediaMicrosoft ExplorerResources "32809:TCP"= 32809:TCP:MediaMicrosoft winsxsBoot "18423:UDP"= 18423:UDP:MediaMicrosoft AgentIntel "27712:UDP"= 27712:UDP:MediaMicrosoft SoftwareZx R3 eDataVideoCap;eDataVideoCap;c:\windows\system32\drivers\eDataVideoCap.sys [13/12/2007 03:20 25600] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [08/03/2006 20:53 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [08/03/2006 20:53 77952] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/02/2007 15:46 29744] S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [13/03/2007 20:47 163390] . Contenu du dossier 'Tâches planifiées' 2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = squid.cegedim.fr:3128 uInternet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {29844E54-7345-4116-9267-C6D009F71889} = 172.17.124.61,172.17.124.62 FF - ProfilePath - c:\documents and settings\F86SYH\Application Data\Mozilla\Firefox\Profiles\lnz3nfzw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cegedim-activ.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataConf.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataDiagnostics.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataExporter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataInstall.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 17:05 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(960) c:\windows\system32\rddv1046.dll c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\scardsvr.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Wave Systems Corp\common\DataServer.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe . ************************************************************************** . Heure de fin: 2009-09-13 17:10 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-13 15:10 ComboFix2.txt 2009-09-13 12:39 ComboFix3.txt 2009-09-13 11:57 ComboFix4.txt 2009-09-12 11:18 ComboFix5.txt 2009-09-13 14:52 Avant-CF: 3 926 024 192 octets libres Après-CF: 3 863 117 824 octets libres 235

Mais c'est que j'ai fait !!! Enfin je crois... Bon je retente.

Rapport ComboFix après étape 3 ComboFix 09-09-12.A0 - F86SYH 13/09/2009 14:16.7.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.531 [GMT 2:00] Lancé depuis: c:\documents and settings\F86SYH\Bureau\ComboFix.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\F86SYH\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\F86SYH\sys32_nov.exe c:\windows\system32\braviax.exe c:\windows\system32\dllcache\figaro.sys Une copie infectée de c:\windows\system32\drivers\beep.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\beep.sys Une copie infectée de c:\windows\system32\drivers\AGP440.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\i386\AGP440.SYS . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-13 au 2009-09-13 )))))))))))))))))))))))))))))))))))) . 2009-09-13 11:53 . 2009-09-13 11:53 27648 ----a-w- c:\windows\system32\dllcache\beep.sys 2009-09-12 11:12 . 2009-09-12 11:18 -------- d-----w- C:\ComboTestFix 2009-09-09 18:45 . 2009-09-13 12:16 182912 ----a-w- c:\windows\system32\dllcache\ndis.sys 2009-09-09 18:09 . 2006-08-23 21:39 42920 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-09-09 18:09 . 2006-08-23 21:38 83960 ----a-w- c:\windows\system32\zlcomm.dll 2009-09-09 18:09 . 2006-08-23 21:38 71672 ----a-w- c:\windows\system32\zlcommdb.dll 2009-09-09 18:08 . 2009-09-09 18:09 -------- d-----w- c:\windows\system32\ZoneLabs 2009-09-09 18:08 . 2009-09-09 18:08 -------- d-----w- c:\program files\Zone Labs 2009-09-07 20:25 . 2009-09-09 18:11 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-09-07 20:22 . 2009-09-13 12:33 -------- d-----w- c:\windows\Internet Logs 2009-09-05 23:59 . 2009-09-05 23:59 13124 ----a-w- c:\windows\giqyriz.com 2009-09-05 13:15 . 2004-08-05 11:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-02 21:17 . 2009-09-02 21:17 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 21:16 . 2009-09-02 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 21:16 . 2009-09-02 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 12:33 . 2008-01-20 12:42 -------- d-----w- c:\documents and settings\F86SYH\Application Data\uTorrent 2009-09-13 12:29 . 2007-01-09 04:10 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-13 12:16 . 2004-08-19 12:03 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-09-13 11:56 . 2004-08-19 12:03 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-13 11:56 . 2004-08-19 12:03 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-09 18:06 . 2007-01-09 04:41 194760 ----a-w- c:\windows\system32\nvModes.dat 2009-09-06 12:12 . 2008-03-20 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-10 01:51 . 2008-12-01 17:13 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Any Video Converter 2009-07-15 17:27 . 2007-01-29 10:01 -------- d-----w- c:\documents and settings\F86SYH\Application Data\ICAClient 2009-06-15 16:50 . 2007-01-30 16:26 50888 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 13:42 . 2007-02-19 13:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot_2009-09-12_11.15.36 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-19 12:03 . 2009-09-13 11:56 71974 c:\windows\system32\perfc009.dat - 2004-08-19 12:03 . 2009-09-12 11:06 71974 c:\windows\system32\perfc009.dat + 2004-08-19 12:11 . 2004-08-03 22:07 42368 c:\windows\system32\drivers\AGP440.sys + 2004-08-19 12:03 . 2004-08-05 11:00 68096 c:\windows\system32\dllcache\sti.dll + 2004-08-19 12:03 . 2009-09-13 11:56 440940 c:\windows\system32\perfh009.dat - 2004-08-19 12:03 . 2009-09-12 11:06 440940 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-09 288048] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [bU] "foomoqu"="c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe" [2009-09-07 271360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "foomoqu"="c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe" [2009-09-07 271360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] "foomoqu"="c:\documents and settings\LocalService\Application Data\Microsoft\jeluwydor.exe" [2009-09-07 271360] c:\documents and settings\F86SYH\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 25600] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=rddv1046.dll "midi2"=rddv1046.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\1] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Maladeta.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Push Config Maladeta Paris.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\1\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\bin\\HomePlayer.exe"= "c:\\Documents and Settings\\F86SYH\\Mes documents\\Programmes et Mises à jour\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20609:TCP"= 20609:TCP:MediaMicrosoft ExplorerResources "32809:TCP"= 32809:TCP:MediaMicrosoft winsxsBoot "18423:UDP"= 18423:UDP:MediaMicrosoft AgentIntel "27712:UDP"= 27712:UDP:MediaMicrosoft SoftwareZx R3 eDataVideoCap;eDataVideoCap;c:\windows\system32\drivers\eDataVideoCap.sys [13/12/2007 03:20 25600] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [08/03/2006 20:53 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [08/03/2006 20:53 77952] S2 acbedlein6aym;C-DillaSrv;c:\documents and settings\F86SYH\Application Data\Microsoft\vovoowyvy.exe [12/09/2009 13:11 271360] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/02/2007 15:46 29744] S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [13/03/2007 20:47 163390] . Contenu du dossier 'Tâches planifiées' 2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = squid.cegedim.fr:3128 uInternet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {29844E54-7345-4116-9267-C6D009F71889} = 172.17.124.61,172.17.124.62 FF - ProfilePath - c:\documents and settings\F86SYH\Application Data\Mozilla\Firefox\Profiles\lnz3nfzw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cegedim-activ.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataConf.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataDiagnostics.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataExporter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataInstall.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 14:31 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(960) c:\windows\system32\rddv1046.dll c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\scardsvr.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Wave Systems Corp\common\DataServer.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Citrix\Client ICA\ssonsvr.exe c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\documents and settings\F86SYH\Application Data\Microsoft\tejouk.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Heure de fin: 2009-09-13 14:39 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-13 12:39 ComboFix2.txt 2009-09-13 11:57 ComboFix3.txt 2009-09-12 11:18 ComboFix4.txt 2009-09-07 20:19 ComboFix5.txt 2009-09-13 12:16 Avant-CF: 4 009 828 352 octets libres Après-CF: 3 951 194 112 octets libres 231 A noter l'apparition de message type "Windows is infected...." dans la barre des tâches en bas à droite. Je passe à l'étape 4 avec Dr Web

Rapport ComboFix après étape 2 ComboFix 09-09-12.A0 - F86SYH 13/09/2009 13:38.6.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.483 [GMT 2:00] Lancé depuis: c:\documents and settings\F86SYH\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\F86SYH\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\F86SYH\Application Data\wiaserva.log c:\documents and settings\F86SYH\Cookies\cejuwo.db c:\documents and settings\F86SYH\reader_s.exe c:\windows\system32\sys32_nov.exe Une copie infectée de c:\windows\system32\drivers\AGP440.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\i386\AGP440.SYS Une copie infectée de c:\windows\system32\drivers\ndis.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\ndis.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-13 au 2009-09-13 )))))))))))))))))))))))))))))))))))) . 2009-09-13 11:53 . 2009-09-13 11:53 9728 ----a-w- c:\windows\system32\braviax.exe 2009-09-13 11:53 . 2009-09-13 11:53 27648 ----a-w- c:\windows\system32\dllcache\figaro.sys 2009-09-13 11:53 . 2009-09-13 11:53 27648 ----a-w- c:\windows\system32\dllcache\beep.sys 2009-09-13 11:53 . 2009-09-13 11:53 94272 ----a-w- c:\windows\system32\dllcache\agp440.sys 2009-09-13 11:52 . 2009-09-13 11:52 29516 ----a-w- c:\documents and settings\F86SYH\sys32_nov.exe 2009-09-12 11:12 . 2009-09-12 11:18 -------- d-----w- C:\ComboTestFix 2009-09-09 18:45 . 2009-09-09 18:45 182912 ----a-w- c:\windows\system32\dllcache\ndis.sys 2009-09-09 18:09 . 2006-08-23 21:39 42920 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-09-09 18:09 . 2006-08-23 21:38 83960 ----a-w- c:\windows\system32\zlcomm.dll 2009-09-09 18:09 . 2006-08-23 21:38 71672 ----a-w- c:\windows\system32\zlcommdb.dll 2009-09-09 18:08 . 2009-09-09 18:09 -------- d-----w- c:\windows\system32\ZoneLabs 2009-09-09 18:08 . 2009-09-09 18:08 -------- d-----w- c:\program files\Zone Labs 2009-09-07 20:25 . 2009-09-09 18:11 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-09-07 20:22 . 2009-09-13 11:51 -------- d-----w- c:\windows\Internet Logs 2009-09-05 23:59 . 2009-09-05 23:59 13124 ----a-w- c:\windows\giqyriz.com 2009-09-05 13:15 . 2009-09-13 11:53 27648 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-02 21:17 . 2009-09-02 21:17 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 21:16 . 2009-09-02 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 21:16 . 2009-09-02 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 11:53 . 2008-01-20 12:42 -------- d-----w- c:\documents and settings\F86SYH\Application Data\uTorrent 2009-09-13 11:53 . 2004-08-19 12:11 94272 ----a-w- c:\windows\system32\drivers\AGP440.sys 2009-09-13 11:49 . 2007-01-09 04:10 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-12 11:16 . 2004-08-19 12:03 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-12 11:16 . 2004-08-19 12:03 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-09 18:45 . 2004-08-19 12:03 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-09-09 18:06 . 2007-01-09 04:41 194760 ----a-w- c:\windows\system32\nvModes.dat 2009-09-06 12:12 . 2008-03-20 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-10 01:51 . 2008-12-01 17:13 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Any Video Converter 2009-07-15 17:27 . 2007-01-29 10:01 -------- d-----w- c:\documents and settings\F86SYH\Application Data\ICAClient 2009-06-15 16:50 . 2007-01-30 16:26 50888 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 13:42 . 2007-02-19 13:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ------- Sigcheck ------- [-] 2009-09-13 11:53 . AED3803EFA4993D85290AABCA192D45B . 27648 . . [------] . . c:\windows\system32\dllcache\beep.sys [-] 2009-09-13 11:53 . AED3803EFA4993D85290AABCA192D45B . 27648 . . [------] . . c:\windows\system32\drivers\beep.sys [7] 2004-08-05 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys [-] 2009-09-09 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2009-09-09 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys [7] 2004-08-05 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys [-] 2009-09-13 11:53 . 8849F4991629B94F35536564FA166E32 . 94272 . . [------] . . c:\windows\system32\dllcache\agp440.sys [-] 2009-09-13 11:53 . 8849F4991629B94F35536564FA166E32 . 94272 . . [------] . . c:\windows\system32\drivers\AGP440.sys . ((((((((((((((((((((((((((((( SnapShot_2009-09-12_11.15.36 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-13 11:52 . 2009-09-13 11:52 10752 c:\windows\temp\wpv141252482203.exe + 2009-09-13 11:52 . 2009-09-13 11:52 29516 c:\windows\temp\wpv091252625374.exe + 2004-08-19 12:03 . 2009-09-12 11:16 71974 c:\windows\system32\perfc009.dat - 2004-08-19 12:03 . 2009-09-12 11:06 71974 c:\windows\system32\perfc009.dat + 2004-08-19 12:03 . 2004-08-05 11:00 68096 c:\windows\system32\dllcache\sti.dll + 2004-08-19 12:03 . 2009-09-12 11:16 440940 c:\windows\system32\perfh009.dat - 2004-08-19 12:03 . 2009-09-12 11:06 440940 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-09 288048] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [bU] "foomoqu"="c:\documents and settings\F86SYH\Application Data\Microsoft\tejouk.exe" [2009-09-07 271360] "sys32_nov"="c:\documents and settings\F86SYH\sys32_nov.exe" [2009-09-13 29516] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "foomoqu"="c:\documents and settings\F86SYH\Application Data\Microsoft\tejouk.exe" [2009-09-07 271360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\F86SYH\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 25600] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=rddv1046.dll "midi2"=rddv1046.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\1] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Maladeta.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Push Config Maladeta Paris.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\1\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\bin\\HomePlayer.exe"= "c:\\Documents and Settings\\F86SYH\\Mes documents\\Programmes et Mises à jour\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20609:TCP"= 20609:TCP:MediaMicrosoft ExplorerResources "32809:TCP"= 32809:TCP:MediaMicrosoft winsxsBoot "18423:UDP"= 18423:UDP:MediaMicrosoft AgentIntel "27712:UDP"= 27712:UDP:MediaMicrosoft SoftwareZx R3 eDataVideoCap;eDataVideoCap;c:\windows\system32\drivers\eDataVideoCap.sys [13/12/2007 03:20 25600] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [08/03/2006 20:53 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [08/03/2006 20:53 77952] S2 acbedlein6aym;C-DillaSrv;c:\documents and settings\F86SYH\Application Data\Microsoft\vovoowyvy.exe [12/09/2009 13:11 271360] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/02/2007 15:46 29744] S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [13/03/2007 20:47 163390] . Contenu du dossier 'Tâches planifiées' 2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = squid.cegedim.fr:3128 uInternet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {29844E54-7345-4116-9267-C6D009F71889} = 172.17.124.61,172.17.124.62 FF - ProfilePath - c:\documents and settings\F86SYH\Application Data\Mozilla\Firefox\Profiles\lnz3nfzw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cegedim-activ.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataConf.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataDiagnostics.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataExporter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataInstall.dll . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-braviax - (no file) HKLM-Run-foomoqu - c:\windows\system32\jeluwydor.exe HKLM-Run-sys32_nov - c:\windows\system32\sys32_nov.exe HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe HKLM-Run-braviax - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 13:52 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\braviax.exe 9728 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(956) c:\windows\system32\rddv1046.dll c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\scardsvr.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Wave Systems Corp\common\DataServer.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\rundll32.exe c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\windows\temp\wpv141252482203.exe c:\windows\system32\braviax.exe . ************************************************************************** . Heure de fin: 2009-09-13 13:57 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-13 11:57 ComboFix2.txt 2009-09-12 11:18 ComboFix3.txt 2009-09-07 20:19 ComboFix4.txt 2009-09-06 12:26 ComboFix5.txt 2009-09-13 11:35 Avant-CF: 3 383 668 736 octets libres Après-CF: 4 047 822 848 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 270 Je passe à l'étape 3

Les virus c'est un peu comme PAIC Citron: "quand il y en a plus, il y en a encore" !!! Je crois que j'ai choppé le reader_s.exe en cours de route !!! Je viens de rejouer ComboFix, voilà le rapport : ComboFix 09-09-04.02 - F86SYH 12/09/2009 13:13.5.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.561 [GMT 2:00] Running from: c:\documents and settings\F86SYH\Mes documents\Programmes et Mises à jour\ComboTestFix.exe FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\reader_s.exe E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-09 18:45 . 2009-09-09 18:45 212480 ----a-w- c:\windows\system32\dllcache\ndis.sys 2009-09-09 18:45 . 2009-09-09 18:45 39424 ----a-w- c:\documents and settings\F86SYH\reader_s.exe 2009-09-09 18:09 . 2006-08-23 21:39 42920 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-09-09 18:09 . 2006-08-23 21:38 83960 ----a-w- c:\windows\system32\zlcomm.dll 2009-09-09 18:09 . 2006-08-23 21:38 71672 ----a-w- c:\windows\system32\zlcommdb.dll 2009-09-09 18:08 . 2009-09-09 18:09 -------- d-----w- c:\windows\system32\ZoneLabs 2009-09-09 18:08 . 2009-09-09 18:08 -------- d-----w- c:\program files\Zone Labs 2009-09-07 20:25 . 2009-09-09 18:11 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-09-07 20:22 . 2009-09-12 11:06 -------- d-----w- c:\windows\Internet Logs 2009-09-07 20:11 . 2009-09-07 19:29 271360 ----a-w- c:\windows\system32\jeluwydor.exe 2009-09-06 10:43 . 2009-09-06 10:43 29212 ----a-w- c:\windows\system32\sys32_nov.exe 2009-09-05 23:59 . 2009-09-05 23:59 13124 ----a-w- c:\windows\giqyriz.com 2009-09-05 13:15 . 2004-08-05 11:00 4224 ------w- c:\windows\system32\drivers\beep.sys 2009-09-02 21:17 . 2009-09-02 21:17 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 21:16 . 2009-09-02 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 21:16 . 2009-09-02 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 19:39 . 2009-09-12 11:05 94272 ----a-w- c:\windows\system32\dllcache\agp440.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 11:12 . 2008-01-20 12:42 -------- d-----w- c:\documents and settings\F86SYH\Application Data\uTorrent 2009-09-12 11:06 . 2004-08-19 12:03 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-12 11:06 . 2004-08-19 12:03 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-12 11:05 . 2004-08-19 12:11 94272 ----a-w- c:\windows\system32\drivers\AGP440.SYS 2009-09-11 16:29 . 2007-01-09 04:10 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-09 18:45 . 2004-08-19 12:03 212480 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-09-09 18:06 . 2007-01-09 04:41 194760 ----a-w- c:\windows\system32\nvModes.dat 2009-09-06 12:12 . 2008-03-20 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-10 01:51 . 2008-12-01 17:13 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Any Video Converter 2009-07-15 17:27 . 2007-01-29 10:01 -------- d-----w- c:\documents and settings\F86SYH\Application Data\ICAClient 2009-06-15 16:50 . 2007-01-30 16:26 50888 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 13:42 . 2007-02-19 13:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ------- Sigcheck ------- [7] 2004-08-05 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ERDNT\cache\ndis.sys [-] 2009-09-09 18:45 212480 C1FCC3C9E3548A97C6C84EE960C2D7D2 c:\windows\system32\dllcache\ndis.sys [-] 2009-09-09 18:45 212480 C1FCC3C9E3548A97C6C84EE960C2D7D2 c:\windows\system32\drivers\ndis.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-05_23.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-09 18:09 . 2006-08-23 21:39 22440 c:\windows\system32\ZoneLabs\zlsre_loc040c.dll + 2009-09-09 18:09 . 2006-08-23 21:39 18344 c:\windows\system32\ZoneLabs\zlquarantine_loc040c.dll + 2009-09-09 18:09 . 2006-08-23 21:38 79872 c:\windows\system32\ZoneLabs\zlquarantine.dll + 2009-09-09 18:09 . 2006-08-23 21:39 18344 c:\windows\system32\ZoneLabs\vsvault_loc040c.dll + 2009-09-09 18:09 . 2006-08-23 21:39 47016 c:\windows\system32\ZoneLabs\vsmon_loc040c.dll + 2009-09-09 18:08 . 2006-08-23 21:38 75768 c:\windows\system32\ZoneLabs\vsmon.exe + 2009-09-09 18:09 . 2006-08-23 21:39 18344 c:\windows\system32\ZoneLabs\vsdb_loc040c.dll + 2009-09-07 20:23 . 2006-08-23 21:38 79864 c:\windows\system32\ZoneLabs\vsdb.dll + 2009-09-09 18:09 . 2006-08-23 21:39 75688 c:\windows\system32\ZoneLabs\updClient_loc040c.dll + 2009-09-09 18:09 . 2006-08-02 23:53 29680 c:\windows\system32\ZoneLabs\srescan.sys + 2009-09-09 18:09 . 2006-08-23 21:39 18344 c:\windows\system32\ZoneLabs\scheduler_loc040c.dll + 2009-09-09 18:08 . 2006-08-23 21:40 30744 c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2009-09-09 18:08 . 2006-08-23 21:40 30720 c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll + 2009-09-09 18:08 . 2006-08-23 21:38 26536 c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll + 2009-09-09 18:09 . 2006-08-23 21:37 38912 c:\windows\system32\ZoneLabs\featuremap.dll + 2009-09-09 18:09 . 2006-08-23 21:39 18344 c:\windows\system32\ZoneLabs\camupd_loc040c.dll + 2009-09-09 18:08 . 2006-08-23 21:38 59384 c:\windows\system32\vswmi.dll + 2009-09-09 18:09 . 2006-08-23 21:38 71672 c:\windows\system32\vsregexp.dll + 2009-09-07 20:23 . 2006-08-23 21:37 83960 c:\windows\system32\vsdata.dll + 2004-08-19 12:03 . 2009-09-12 11:06 71974 c:\windows\system32\perfc009.dat - 2004-08-19 12:03 . 2009-09-05 23:01 71974 c:\windows\system32\perfc009.dat + 2009-09-09 18:09 . 2006-08-23 21:38 124920 c:\windows\system32\ZoneLabs\zlupdate.dll + 2009-09-09 18:09 . 2006-08-23 21:38 251896 c:\windows\system32\ZoneLabs\zlsre.dll + 2009-09-09 18:09 . 2006-08-23 21:38 178168 c:\windows\system32\ZoneLabs\zlparser.dll + 2009-09-09 18:09 . 2006-08-23 21:38 243704 c:\windows\system32\ZoneLabs\vsvault.dll + 2009-09-09 18:09 . 2006-08-23 21:39 198568 c:\windows\system32\ZoneLabs\vsruledb_loc040c.dll + 2009-09-07 20:23 . 2006-08-23 21:37 104440 c:\windows\system32\ZoneLabs\vsavpro.dll + 2009-09-09 18:09 . 2006-08-23 21:38 124920 c:\windows\system32\ZoneLabs\updclient.exe + 2009-09-09 18:09 . 2006-07-13 00:42 866288 c:\windows\system32\ZoneLabs\updating.dll + 2009-09-09 18:09 . 2006-08-23 21:40 206864 c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2009-09-09 18:08 . 2006-08-23 21:37 456696 c:\windows\system32\ZoneLabs\ssleay32.dll + 2009-09-09 18:09 . 2006-08-23 21:37 169976 c:\windows\system32\ZoneLabs\scheduler.dll + 2009-09-09 18:09 . 2006-08-02 23:53 641008 c:\windows\system32\ZoneLabs\qrsrecl.dll + 2009-09-09 18:09 . 2006-08-02 23:53 677872 c:\windows\system32\ZoneLabs\qrbase.dll + 2009-09-09 18:09 . 2006-08-23 21:37 129016 c:\windows\system32\ZoneLabs\fbl.dll + 2009-09-09 18:09 . 2004-01-30 10:35 813568 c:\windows\system32\ZoneLabs\dbghelp.dll + 2009-09-09 18:09 . 2006-08-23 21:37 112632 c:\windows\system32\ZoneLabs\camupd.dll + 2009-09-09 18:08 . 2006-08-23 21:38 100344 c:\windows\system32\vsxml.dll + 2009-09-09 18:08 . 2006-08-23 21:38 440312 c:\windows\system32\vsutil.dll + 2009-09-09 18:08 . 2006-08-23 21:38 268280 c:\windows\system32\vspubapi.dll + 2009-09-09 18:08 . 2006-08-23 21:38 104440 c:\windows\system32\vsmonapi.dll + 2009-09-09 18:08 . 2006-08-23 21:38 157688 c:\windows\system32\vsinit.dll + 2009-09-09 18:08 . 2006-08-23 21:38 392824 c:\windows\system32\vsdatant.sys + 2007-07-13 15:39 . 2007-03-09 09:03 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL + 2007-07-13 15:39 . 2007-03-09 09:03 740864 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL + 2007-07-13 15:39 . 2007-03-09 09:03 372736 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL + 2007-07-13 15:39 . 2006-11-02 04:32 207872 c:\windows\system32\spool\drivers\w32x86\3\pclxl.dll - 2007-01-25 12:56 . 2006-11-29 15:26 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.DLL + 2007-01-25 12:56 . 2008-02-04 14:23 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll - 2004-08-19 12:03 . 2009-09-05 23:01 440940 c:\windows\system32\perfh009.dat + 2004-08-19 12:03 . 2009-09-12 11:06 440940 c:\windows\system32\perfh009.dat + 2009-09-09 18:09 . 2006-08-23 21:37 796584 c:\windows\system32\libeay32_0.9.6l.dll + 2009-09-09 18:08 . 2006-08-23 21:38 1087480 c:\windows\system32\ZoneLabs\zpy.dll + 2009-09-09 18:09 . 2006-05-31 13:51 1228606 c:\windows\system32\ZoneLabs\zlasdbup.dat + 2009-09-09 18:08 . 2006-08-23 21:38 1316856 c:\windows\system32\ZoneLabs\vsruledb.dll + 2009-09-09 18:08 . 2006-08-23 21:38 2013176 c:\windows\system32\ZoneLabs\vsmondll.dll + 2009-09-09 18:09 . 2006-08-02 23:53 1308656 c:\windows\system32\ZoneLabs\srescan.dll + 2009-09-09 18:09 . 2006-05-31 13:51 1228606 c:\windows\system32\ZoneLabs\spyware.dat + 2009-09-09 18:08 . 2006-08-23 21:38 1361832 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll + 2007-01-25 12:56 . 2007-05-14 08:05 2920960 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-09 288048] "sys32_nov"="c:\documents and settings\F86SYH\sys32_nov.exe" [bU] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [bU] "foomoqu"="c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe" [2009-09-07 271360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "foomoqu"="c:\documents and settings\F86SYH\Application Data\Microsoft\jeluwydor.exe" [2009-09-07 271360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "sys32_nov"="c:\windows\system32\sys32_nov.exe" [2009-09-06 29212] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "foomoqu"="c:\windows\system32\jeluwydor.exe" [2009-09-07 271360] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] "foomoqu"="c:\documents and settings\LocalService\Application Data\Microsoft\jeluwydor.exe" [2009-09-07 271360] c:\documents and settings\F86SYH\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 25600] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=rddv1046.dll "midi2"=rddv1046.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\1] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Maladeta.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Push Config Maladeta Paris.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\1\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\bin\\HomePlayer.exe"= "c:\\Documents and Settings\\F86SYH\\Mes documents\\Programmes et Mises à jour\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20609:TCP"= 20609:TCP:MediaMicrosoft ExplorerResources "32809:TCP"= 32809:TCP:MediaMicrosoft winsxsBoot "18423:UDP"= 18423:UDP:MediaMicrosoft AgentIntel "27712:UDP"= 27712:UDP:MediaMicrosoft SoftwareZx R3 eDataVideoCap;eDataVideoCap;c:\windows\system32\drivers\eDataVideoCap.sys [13/12/2007 03:20 25600] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [08/03/2006 20:53 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [08/03/2006 20:53 77952] S2 acbedlein6aym;C-DillaSrv;c:\documents and settings\F86SYH\Application Data\Microsoft\vovoowyvy.exe [12/09/2009 13:11 271360] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/02/2007 15:46 29744] S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [13/03/2007 20:47 163390] . Contents of the 'Scheduled Tasks' folder 2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = squid.cegedim.fr:3128 uInternet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {29844E54-7345-4116-9267-C6D009F71889} = 172.17.124.61,172.17.124.62 FF - ProfilePath - c:\documents and settings\F86SYH\Application Data\Mozilla\Firefox\Profiles\lnz3nfzw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cegedim-activ.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataConf.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataDiagnostics.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataExporter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataInstall.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-12 13:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(980) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . Completion time: 2009-09-12 13:18 ComboFix-quarantined-files.txt 2009-09-12 11:17 ComboFix2.txt 2009-09-07 20:19 ComboFix3.txt 2009-09-06 12:26 ComboFix4.txt 2009-09-06 10:44 ComboFix5.txt 2009-09-12 11:13 Pre-Run: 1 662 730 240 octets libres Post-Run: 2 439 585 792 octets libres 265

Script lancé et ZoneAlarm installé. Plus aucune trace des petits morpions. Je te remercie pour l'assistance, tu m'as bien aidé sur ce coup.

Merci pour la réponse je viens de percuter sur mon problème Il s'agit de mon PC portable professionnel et je bénéficie d'un part-feu uniquement lorsque je suis connecté au bureau. De chez moi je suis en tête à tête avec ma freebox, c'est pourquoi le virus est revenu dès que je me suis connecté de la maison pyrenees.net est le nom de domaine du réseau de mon entreprise. Mon PC a été configuré pour que je m'y connecte Je vais suivre ton conseil en téléchargeant un part feu pour l'utilisation hors réseau entreprise. Je te tiens au courant. Merci pour tout.

Salut et merci à toi pour cette réponse rapide !! J'ai fait la manip avec le script, voilà le nouveau log Combo Fix : ComboFix 09-09-04.02 - F86SYH 06/09/2009 12:31.2.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.560 [GMT 2:00] Running from: c:\documents and settings\F86SYH\Bureau\ComboTestFix.exe Command switches used :: c:\documents and settings\F86SYH\Bureau\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Application Data\juci.dat" "c:\documents and settings\All Users\Application Data\obufe.dat" "c:\documents and settings\F86SYH\Local Settings\Application Data\kirure.dat" "c:\documents and settings\F86SYH\Menu D‚marrer\Programmes\D‚marrage\ikowin32.exe" "c:\program files\Fichiers communs\ekihom._sy" "c:\program files\Fichiers communs\jedybokago.dat" "c:\program files\Fichiers communs\uduh.dat" "c:\program files\Fichiers communs\umidukatev._sy" "c:\program files\Fichiers communs\vajyr.dat" "c:\windows\ofohihihi.dat" "c:\windows\peli.com" "c:\windows\system32\asuzigagos.dat" "c:\windows\system32\covatuhe.dat" "c:\windows\system32\fqxmkqck.dll" "c:\windows\system32\sys32_nov.exe" "c:\windows\xidusoveh.com" "c:\windows\yqujup.com" file zipped: c:\windows\system32\sys32_nov.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\15350624 c:\documents and settings\All Users\Application Data\15350624\15350624 c:\documents and settings\All Users\Application Data\15350624\15350624.exe c:\documents and settings\All Users\Application Data\15350624\pc15350624ins c:\documents and settings\All Users\Application Data\adogoza.vbs c:\documents and settings\All Users\Application Data\ewufi.dll c:\documents and settings\All Users\Application Data\juci.dat c:\documents and settings\All Users\Application Data\obufe.dat c:\documents and settings\All Users\Documents\inisofunog.vbs c:\documents and settings\All Users\Documents\ojixihypyk._dl c:\documents and settings\F86SYH\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\F86SYH\Application Data\tybanuli._dl c:\documents and settings\F86SYH\Application Data\wiaserva.log c:\documents and settings\F86SYH\Bureau\Total Security 2009.lnk c:\documents and settings\F86SYH\Cookies\nozecucy.pif c:\documents and settings\F86SYH\Local Settings\Application Data\axyfimig.pif c:\documents and settings\F86SYH\Local Settings\Application Data\ikog.dl c:\documents and settings\F86SYH\Local Settings\Application Data\kirure.dat c:\documents and settings\F86SYH\Local Settings\Application Data\tyvamo._dl c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\osiw.inf c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\pejujenem.com c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\uxuquqyh.pif c:\documents and settings\F86SYH\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\F86SYH\sys32_nov.exe c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\AntivirusPro_2010\AVEngn.dll c:\program files\AntivirusPro_2010\data\daily.cvd c:\program files\AntivirusPro_2010\htmlayout.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro_2010\pthreadVC2.dll c:\program files\AntivirusPro_2010\Uninstall.exe c:\program files\AntivirusPro_2010\wscui.cpl c:\program files\AskBarDis c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\askPopStp.dll c:\program files\AskBarDis\bar\bin\AskSplash.exe c:\program files\AskBarDis\bar\bin\AskTBApp.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe c:\program files\AskBarDis\bar\bin\psvince.dll c:\program files\AskBarDis\bar\Cache\0001AD23.bin c:\program files\AskBarDis\bar\Cache\0001B215.bin c:\program files\AskBarDis\bar\Cache\0001D78E.bin c:\program files\AskBarDis\bar\Cache\0001D992.bin c:\program files\AskBarDis\bar\Cache\0001DBB5.bin c:\program files\AskBarDis\bar\Cache\0001DD4B.bin c:\program files\AskBarDis\bar\Cache\0017E37A c:\program files\AskBarDis\bar\Cache\files.ini c:\program files\AskBarDis\bar\History\search c:\program files\AskBarDis\bar\Settings\AskLogo.ico c:\program files\AskBarDis\bar\Settings\config.dat c:\program files\AskBarDis\bar\Settings\config.dat.bak c:\program files\AskBarDis\bar\Settings\prevcfg.htm c:\program files\AskBarDis\bar\Settings\prevCfg2.htm c:\program files\AskBarDis\PopSwatter\History\notallow c:\program files\AskBarDis\unins000.dat c:\program files\AskBarDis\unins000.exe c:\program files\Fichiers communs\ekihom._sy c:\program files\Fichiers communs\jedybokago.dat c:\program files\Fichiers communs\uduh.dat c:\program files\Fichiers communs\umidukatev._sy c:\program files\Fichiers communs\vajyr.dat c:\program files\WinBar c:\program files\WinBar\Uninstall.exe c:\program files\WinBar\Update.exe c:\program files\WinBar\WinBar.cfg c:\program files\WinBar\WinBar.chm c:\program files\WinBar\WinBar.exe c:\windows\adaf.pif c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\domuqiwu.scr c:\windows\ofohihihi.dat c:\windows\peli.com c:\windows\qyremyd.sys c:\windows\system32\_scui.cpl c:\windows\system32\asuzigagos.dat c:\windows\system32\braviax.exe c:\windows\system32\covatuhe.dat c:\windows\system32\cru629.dat c:\windows\system32\dllcache\beep.sys c:\windows\system32\dllcache\figaro.sys c:\windows\system32\fqxmkqck.dll c:\windows\system32\sys32_nov.exe c:\windows\system32\wisdstr.exe c:\windows\uqodaw.sys c:\windows\xidusoveh.com c:\windows\yqujup.com Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected Restored copy from - c:\system volume information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP101\A0035391.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASKUPGRADE -------\Legacy_TAPISYSTEM -------\Service_ASKUpgrade -------\Service_TapiSystem ((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 ))))))))))))))))))))))))))))))) . 2009-09-05 23:59 . 2009-09-05 23:59 13124 ----a-w- c:\windows\giqyriz.com 2009-09-05 13:15 . 2004-08-05 11:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-02 21:17 . 2009-09-02 21:17 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 21:16 . 2009-09-02 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 21:16 . 2009-09-02 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 19:39 . 2009-09-06 10:19 94272 ----a-w- c:\windows\system32\dllcache\agp440.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-06 10:36 . 2007-01-09 04:10 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-06 10:29 . 2008-01-20 12:42 -------- d-----w- c:\documents and settings\F86SYH\Application Data\uTorrent 2009-09-06 10:20 . 2004-08-19 12:03 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-06 10:20 . 2004-08-19 12:03 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-06 10:20 . 2007-01-09 04:41 188600 ----a-w- c:\windows\system32\nvModes.dat 2009-09-06 10:19 . 2004-08-19 12:11 94272 ----a-w- c:\windows\system32\drivers\AGP440.SYS 2009-08-10 01:51 . 2008-12-01 17:13 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Any Video Converter 2009-07-15 17:27 . 2007-01-29 10:01 -------- d-----w- c:\documents and settings\F86SYH\Application Data\ICAClient 2009-06-15 16:50 . 2007-01-30 16:26 50888 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 13:42 . 2007-02-19 13:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-05_23.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-19 12:03 . 2009-09-06 10:20 71974 c:\windows\system32\perfc009.dat - 2004-08-19 12:03 . 2009-09-05 23:01 71974 c:\windows\system32\perfc009.dat + 2004-08-19 12:03 . 2009-09-06 10:20 440940 c:\windows\system32\perfh009.dat - 2004-08-19 12:03 . 2009-09-05 23:01 440940 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-09 288048] "sys32_nov"="c:\documents and settings\F86SYH\sys32_nov.exe" [bU] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\F86SYH\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 25600] WinBar.lnk - c:\qoobox\Quarantine\C\Program Files\WinBar\WinBar.exe.vir [2002-2-25 155136] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=rddv1046.dll "midi2"=rddv1046.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\1] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Maladeta.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Push Config Maladeta Paris.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\1\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\bin\\HomePlayer.exe"= "c:\\Documents and Settings\\F86SYH\\Mes documents\\Programmes et Mises à jour\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20609:TCP"= 20609:TCP:MediaMicrosoft ExplorerResources "32809:TCP"= 32809:TCP:MediaMicrosoft winsxsBoot "18423:UDP"= 18423:UDP:MediaMicrosoft AgentIntel "27712:UDP"= 27712:UDP:MediaMicrosoft SoftwareZx R3 eDataVideoCap;eDataVideoCap;c:\windows\system32\drivers\eDataVideoCap.sys [13/12/2007 03:20 25600] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [08/03/2006 20:53 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [08/03/2006 20:53 77952] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/02/2007 15:46 29744] S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [13/03/2007 20:47 163390] . Contents of the 'Scheduled Tasks' folder 2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = squid.cegedim.fr:3128 uInternet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {29844E54-7345-4116-9267-C6D009F71889} = 172.17.124.61,172.17.124.62 FF - ProfilePath - c:\documents and settings\F86SYH\Application Data\Mozilla\Firefox\Profiles\lnz3nfzw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cegedim-activ.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataConf.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataDiagnostics.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataExporter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataInstall.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 12:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(932) c:\windows\system32\rddv1046.dll c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\scardsvr.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Wave Systems Corp\common\DataServer.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe c:\program files\Citrix\Client ICA\ssonsvr.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe . ************************************************************************** . Completion time: 2009-09-06 12:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-06 10:43 ComboFix2.txt 2009-09-05 23:11 Pre-Run: 4 346 359 808 octets libres Post-Run: 4 305 850 368 octets libres 321 Upload was successful Les symptômes sont bien plus légers mais il reste des traces. Dois-je effacer certains fichiers restants (braviax.exe et ce genre de truc...) ? Edit : PC Antispyware 2010 est effacé mais Total Security est toujours là.

Bonjour, Ma vie n'était que calme et volupté jusqu'à l'apparition de ce malware. Je m'adresse aux spécialistes pour tenter une réparation... Merci pour votre aide Description : Apparitions de fenêtres intempestives (votre PC est infecté, tout ça....) lorsque je navigue sur le web Débit de la connexion internet très aléatoire Tentative désespérée de désinstaller avec Malwarebytes Pour la blague, il s'agit de mon portable professionnel... Rapport HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:20, on 05/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\Program Files\Citrix\Client ICA\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\stsystra.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\sys32_nov.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\F86SYH\sys32_nov.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinBar\WinBar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\F86SYH\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = squid.xxxxxx.fr:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = xxxxxactiv;*.om;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\F86SYH\sys32_nov.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: WinBar.lnk = C:\Program Files\WinBar\WinBar.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154765218234 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pyrenees.net O17 - HKLM\Software\..\Telephony: DomainName = pyrenees.net O17 - HKLM\System\CCS\Services\Tcpip\..\{29844E54-7345-4116-9267-C6D009F71889}: NameServer = 172.17.124.61,172.17.124.62 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pyrenees.net O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = pyrenees.net O20 - AppInit_DLLs: cru629.dat O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10288 bytes Rapport COMBOFIX (Symantec et Spybot désactivés) : ComboFix 09-09-04.02 - F86SYH 06/09/2009 1:00.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.642 [GMT 2:00] Running from: c:\documents and settings\F86SYH\Bureau\ComboTestFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\16236254 c:\documents and settings\All Users\Application Data\16236254\16236254 c:\documents and settings\All Users\Application Data\16236254\16236254.exe c:\documents and settings\All Users\Application Data\16236254\pc16236254ins c:\documents and settings\All Users\Application Data\alewedun.inf c:\documents and settings\All Users\Application Data\azosevo.vbs c:\documents and settings\All Users\Application Data\behogylon.vbs c:\documents and settings\All Users\Application Data\ehizan.exe c:\documents and settings\All Users\Application Data\esekobeq.dl c:\documents and settings\All Users\Application Data\evycajip.scr c:\documents and settings\All Users\Application Data\fyjukavuqa._dl c:\documents and settings\All Users\Application Data\gejoj.dll c:\documents and settings\All Users\Application Data\gotima._dl c:\documents and settings\All Users\Application Data\heqep.com c:\documents and settings\All Users\Application Data\hysokiqefy._sy c:\documents and settings\All Users\Application Data\irufo.dl c:\documents and settings\All Users\Application Data\moxadocot.inf c:\documents and settings\All Users\Application Data\onavyb.exe c:\documents and settings\All Users\Application Data\opibycigem.dll c:\documents and settings\All Users\Documents\bosynup.ban c:\documents and settings\All Users\Documents\ejykefybic.ban c:\documents and settings\All Users\Documents\fybajawocy.reg c:\documents and settings\All Users\Documents\isyhi.bat c:\documents and settings\All Users\Documents\ixoq.inf c:\documents and settings\All Users\Documents\kazozimewe.ban c:\documents and settings\All Users\Documents\ocomizeqy.com c:\documents and settings\All Users\Documents\ogoj.ban c:\documents and settings\All Users\Documents\tivuqanaw.reg c:\documents and settings\All Users\Documents\ywusopu.pif c:\documents and settings\F86SYH\Application Data\durem.bin c:\documents and settings\F86SYH\Application Data\ipypijih.ban c:\documents and settings\F86SYH\Application Data\irebelilo.pif c:\documents and settings\F86SYH\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\F86SYH\Application Data\nemuxuly.bin c:\documents and settings\F86SYH\Application Data\nyfu.sys c:\documents and settings\F86SYH\Application Data\oveva.lib c:\documents and settings\F86SYH\Application Data\pikozob.com c:\documents and settings\F86SYH\Application Data\raro.exe c:\documents and settings\F86SYH\Application Data\ugas.scr c:\documents and settings\F86SYH\Application Data\umefe.vbs c:\documents and settings\F86SYH\Application Data\vuhop.dl c:\documents and settings\F86SYH\Application Data\wiaserva.log c:\documents and settings\F86SYH\Application Data\ybiryp.scr c:\documents and settings\F86SYH\Application Data\yjol.ban c:\documents and settings\F86SYH\Application Data\ypinu.sys c:\documents and settings\F86SYH\Cookies\adozy.ban c:\documents and settings\F86SYH\Cookies\afigydi.reg c:\documents and settings\F86SYH\Cookies\ajyzihex.bat c:\documents and settings\F86SYH\Cookies\apyf._dl c:\documents and settings\F86SYH\Cookies\bamycu.dl c:\documents and settings\F86SYH\Cookies\bogihone.com c:\documents and settings\F86SYH\Cookies\cykuki.com c:\documents and settings\F86SYH\Cookies\nyjamunym.bin c:\documents and settings\F86SYH\Cookies\qizojo.sys c:\documents and settings\F86SYH\Cookies\qogodajaq.com c:\documents and settings\F86SYH\Local Settings\Application Data\atuxeru.bin c:\documents and settings\F86SYH\Local Settings\Application Data\bopamo.dl c:\documents and settings\F86SYH\Local Settings\Application Data\ejulavyna.dl c:\documents and settings\F86SYH\Local Settings\Application Data\myhajinowo.ban c:\documents and settings\F86SYH\Local Settings\Application Data\nogyde.com c:\documents and settings\F86SYH\Local Settings\Application Data\ufew.sys c:\documents and settings\F86SYH\Local Settings\Application Data\ybyjedyme.scr c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\adakidib._dl c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\hajok.ban c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\ocipozez.pif c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\runidol.sys c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\ujez._sy c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\wijigy.vbs c:\documents and settings\F86SYH\Local Settings\Temporary Internet Files\yciku.db c:\documents and settings\F86SYH\sys32_nov.exe c:\program files\Fichiers communs\jaqa.scr c:\program files\Fichiers communs\koxa.ban c:\program files\Fichiers communs\vyhynobeq.com c:\program files\Fichiers communs\wykij.dl c:\program files\Fichiers communs\ycyrylamef.bat c:\program files\Fichiers communs\ywavule.bat c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\recycler\S-1-5-21-54819612-3682430695-4060650763-500 c:\windows\akolyp._dl c:\windows\braviax.exe c:\windows\buzysadur.dl c:\windows\cru629.dat c:\windows\dizod.reg c:\windows\edasefe.dl c:\windows\ixoguro.bat c:\windows\kopun.reg c:\windows\mosisacevo.dll c:\windows\mozodimu.pif c:\windows\nigyrezusu.reg c:\windows\nubysiwuga.sys c:\windows\opukybed._dl c:\windows\simygazape.dll c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\iviju.bin c:\windows\system32\iwatax.ban c:\windows\system32\iweco._dl c:\windows\system32\jiqopumeb.inf c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wisdstr.exe c:\windows\system32\wpcap.dll c:\windows\system32\xopowynyz.sys c:\windows\uryzuzux.ban c:\windows\uzygypod.vbs c:\windows\vicod.bat c:\windows\yfidozixy.inf c:\windows\zobymy.inf Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected Restored copy from - c:\system volume information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP100\A0034103.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))))) . 2009-09-05 13:15 . 2004-08-05 11:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-05 09:53 . 2009-09-05 09:53 11514 ----a-w- c:\windows\system32\asuzigagos.dat 2009-09-05 09:53 . 2009-09-05 09:53 10775 ----a-w- c:\windows\peli.com 2009-09-05 09:52 . 2009-09-05 09:55 -------- d-----w- c:\program files\AntivirusPro_2010 2009-09-03 21:40 . 2009-09-03 21:40 19820 ----a-w- c:\program files\Fichiers communs\jedybokago.dat 2009-09-03 21:40 . 2009-09-03 21:40 18421 ----a-w- c:\program files\Fichiers communs\uduh.dat 2009-09-02 21:17 . 2009-09-02 21:17 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-02 21:16 . 2009-09-02 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-02 21:16 . 2009-09-02 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-02 21:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 21:03 . 2009-09-02 21:03 19159 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\kirure.dat 2009-09-02 21:03 . 2009-09-02 21:03 18736 ----a-w- c:\windows\xidusoveh.com 2009-09-02 21:03 . 2009-09-02 21:03 18142 ----a-w- c:\windows\system32\covatuhe.dat 2009-09-02 21:03 . 2009-09-02 21:03 13619 ----a-w- c:\windows\yqujup.com 2009-09-02 20:52 . 2009-09-02 20:52 16272 ----a-w- c:\windows\ofohihihi.dat 2009-09-02 20:52 . 2009-09-02 20:52 13129 ----a-w- c:\program files\Fichiers communs\vajyr.dat 2009-09-02 19:39 . 2009-09-05 20:49 94272 ----a-w- c:\windows\system32\dllcache\agp440.sys 2009-09-02 19:39 . 2009-09-02 19:39 29216 ----a-w- c:\windows\system32\sys32_nov.exe 2009-08-09 11:21 . 2009-08-10 10:59 -------- d-----w- c:\program files\AskBarDis . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-05 23:07 . 2008-01-20 12:42 -------- d-----w- c:\documents and settings\F86SYH\Application Data\uTorrent 2009-09-05 23:05 . 2007-01-09 04:10 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-05 23:01 . 2004-08-19 12:03 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-05 23:01 . 2004-08-19 12:03 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-05 20:49 . 2004-08-19 12:11 94272 ----a-w- c:\windows\system32\drivers\AGP440.SYS 2009-09-05 11:15 . 2007-01-09 04:41 188600 ----a-w- c:\windows\system32\nvModes.dat 2009-09-02 21:03 . 2009-09-02 21:03 14486 ----a-w- c:\documents and settings\All Users\Application Data\juci.dat 2009-09-02 21:03 . 2009-09-02 21:03 11354 ----a-w- c:\program files\Fichiers communs\ekihom._sy 2009-09-02 21:03 . 2009-09-02 21:03 11129 ----a-w- c:\program files\Fichiers communs\umidukatev._sy 2009-09-02 20:52 . 2009-09-02 20:52 14163 ----a-w- c:\documents and settings\All Users\Application Data\obufe.dat 2009-08-10 01:51 . 2008-12-01 17:13 -------- d-----w- c:\documents and settings\F86SYH\Application Data\Any Video Converter 2009-08-03 17:52 . 2007-03-16 09:00 -------- d-----w- c:\program files\WinBar 2009-07-15 17:27 . 2007-01-29 10:01 -------- d-----w- c:\documents and settings\F86SYH\Application Data\ICAClient 2009-06-15 16:50 . 2007-01-30 16:26 50888 ----a-w- c:\documents and settings\F86SYH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-09-24 13:42 . 2007-02-19 13:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-09 288048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "sys32_nov"="c:\windows\system32\sys32_nov.exe" [2009-09-02 29216] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\F86SYH\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 25600] WinBar.lnk - c:\program files\WinBar\WinBar.exe [2002-2-25 155136] c:\docume~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=rddv1046.dll "midi2"=rddv1046.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-7676\Scripts\Logon\0\1] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Maladeta.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\0\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Push Config Maladeta Paris.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2125796797-1009727983-1190612905-9539\Scripts\Logon\1\0] "Script"=\\pyrenees.net\SysVol\pyrenees.net\scripts\Lecteurs Reseau Globaux.vbs SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\bin\\HomePlayer.exe"= "c:\\Documents and Settings\\F86SYH\\Mes documents\\Programmes et Mises à jour\\Freeplayer-Win32-20050905\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20609:TCP"= 20609:TCP:MediaMicrosoft ExplorerResources "32809:TCP"= 32809:TCP:MediaMicrosoft winsxsBoot "18423:UDP"= 18423:UDP:MediaMicrosoft AgentIntel "27712:UDP"= 27712:UDP:MediaMicrosoft SoftwareZx R3 eDataVideoCap;eDataVideoCap;c:\windows\system32\drivers\eDataVideoCap.sys [13/12/2007 03:20 25600] R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [08/03/2006 20:53 77952] R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [08/03/2006 20:53 77952] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [09/08/2009 13:21 234888] S2 TapiSystem;Logon Discovery;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14:03 14336] S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 12:35 18848] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/02/2007 15:46 29744] S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [13/03/2007 20:47 163390] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs TapiSystem . Contents of the 'Scheduled Tasks' folder 2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe HKCU-Run-sys32_nov - c:\documents and settings\F86SYH\sys32_nov.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = squid.cegedim.fr:3128 uInternet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172. 18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {29844E54-7345-4116-9267-C6D009F71889} = 172.17.124.61,172.17.124.62 FF - ProfilePath - c:\documents and settings\F86SYH\Application Data\Mozilla\Firefox\Profiles\lnz3nfzw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cegedim-activ.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataConf.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataDiagnostics.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataExporter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npeDataInstall.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 01:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSystem] "ServiceDll"="c:\windows\system32\fqxmkqck.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(932) c:\windows\system32\rddv1046.dll c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll - - - - - - - > 'explorer.exe'(2564) c:\windows\system32\browselc.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\program files\WinRAR\rarext.dll c:\program files\PowerArchiver\PASHLEXT.DLL c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\scardsvr.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Wave Systems Corp\common\DataServer.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe c:\program files\Citrix\Client ICA\ssonsvr.exe c:\program files\Apoint\ApntEx.exe c:\program files\Apoint\hidfind.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\windows\system32\notepad.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\wmiadap.exe . ************************************************************************** . Completion time: 2009-09-05 1:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-05 23:10 Pre-Run: 4 266 954 752 octets libres Post-Run: 4 345 987 072 octets libres 371