Virus malware rapport Hijackthis

[pubwebmaster]

voilà:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:28:41, on 05.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/search?sourceid=navcl...08&q=sanpar

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: {5f08bd6d-6d22-d05b-ac34-3428309de9e8} - {8e9ed903-8243-43ca-b50d-22d6d6db80f5} - C:\WINDOWS\system32\vuqpkirc.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169557079879

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

 

--

End of file - 4646 bytes

[oGu]

Tu as un Vundo récalcitrant: c'est pénible ces trucs!

 

On va utiliser un outil plus puissant:

 

 

COMBOFIX

• Télécharge ComboFix de sUBs SUR TON BUREAU (il est impératif de le mettre sur le Bureau) en cliquant sur cette image:
  

 

 

• Télécharge ensuite les fichiers de Console de Récupération
  
  
• Ici si tu disposes de XP Home/Familial
  
• Là si tu disposes de XP Pro
  

 

Comme indiqué sur l'image, déplace le fichier Microsoft que tu viens de télécharger et dépose-le sur ComboFix:

 

• ComboFix va maintenant installer automatiquement la Console de Récupération Windows sur votre ordinateur, et celle-ci s'affichera en tant que nouvelle option au démarrage de votre ordinateur. La Console pourra être utile en cas de coup dur. C'est une simple précaution, qui a déjà sauvé nombre de machines!
  
• Scanne enfin ta machine avec ComboFix de sUBs en suivant rigoureusement ce tuto (sauf la partie Console de récupération que l'on a déjà effectuée !!):
   
  http://www.bleepingcomputer.com/combofix/f...iliser-combofix
   
  jusqu'à arriver à la création du rapport que tu posteras.
  

 

 

Modifié le 5 juin 2008 par oGu

[pubwebmaster]

ComboFix 08-06-05.2 - Top-D Marin SA 2008-06-05 19:47:44.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.633 [GMT 2:00]

Endroit: C:\Documents and Settings\Top-D Marin SA\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Top-D Marin SA\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM4b59b667.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bugyvfeu.dll

C:\WINDOWS\system32\dqhkbmtn.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\guwlbuxt.ini

C:\WINDOWS\system32\hslstfcn.ini

C:\WINDOWS\system32\hxlsaxjc.dll

C:\WINDOWS\system32\lboslxmf.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\ncftslsh.dll

C:\WINDOWS\system32\nfewplro.ini

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\sigfcpcl.dll

C:\WINDOWS\system32\taimcyms.dll

C:\WINDOWS\system32\tiwqnxkx.ini

C:\WINDOWS\system32\ugqvmqex.dll

C:\WINDOWS\system32\vuqpkirc.dll

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\xkxnqwit.dll

C:\WINDOWS\system32\YGNTCJlm.ini

C:\WINDOWS\system32\YGNTCJlm.ini2

C:\WINDOWS\system32\ylmwqbfu.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Legacy_NWSAPAGENT

-------\Service_NPF

-------\Service_NwSapAgent

ac

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-05 17:24 . 2008-06-05 17:24 <REP> d-------- C:\WINDOWS\system32\fr

2008-06-05 17:24 . 2008-06-05 17:24 <REP> d-------- C:\WINDOWS\system32\bits

2008-06-05 17:24 . 2008-06-05 17:24 <REP> d-------- C:\WINDOWS\l2schemas

2008-06-05 17:22 . 2008-06-05 17:22 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-06-05 16:41 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys

2008-06-05 16:41 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-06-05 16:41 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2008-06-05 16:41 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys

2008-06-05 16:41 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2008-06-05 16:41 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-06-05 16:41 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys

2008-06-05 16:41 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

2008-06-05 16:41 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys

2008-06-05 15:00 . 2008-06-05 15:00 <REP> d-------- C:\Program Files\Alwil Software

2008-06-05 14:52 . 2008-06-05 14:52 1,160 --a------ C:\WINDOWS\mozver.dat

2008-06-05 14:34 . 2008-06-05 14:35 <REP> d-------- C:\WINDOWS\ERUNT

2008-06-05 13:36 . 2008-06-05 14:45 <REP> d-------- C:\SDFix

2008-06-05 13:33 . 2008-06-05 13:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-05 13:33 . 2008-06-05 13:33 <REP> d-------- C:\Documents and Settings\Top-D Marin SA\Application Data\Malwarebytes

2008-06-05 13:33 . 2008-06-05 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-05 13:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-05 13:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-05 12:37 . 2008-06-05 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-06-05 12:36 . 2008-06-05 12:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-06-05 12:17 . 2008-06-05 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-06-05 11:27 . 2008-06-05 12:24 <REP> d-------- C:\fixwareout

2008-06-05 10:52 . 2008-06-05 10:52 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-05 10:50 . 2008-06-05 15:20 <REP> d-------- C:\Program Files\Navilog1

2008-06-04 22:08 . 2008-06-04 22:08 <REP> d-------- C:\Program Files\Trend Micro

2008-06-03 17:17 . 2008-06-03 17:17 <REP> d-------- C:\Program Files\CCleaner

2008-06-03 17:17 . 2008-06-05 11:17 1,682 --a------ C:\WINDOWS\system32\tmp.reg

2008-06-03 17:16 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-06-03 17:16 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-06-03 17:16 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-06-03 17:16 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-06-03 17:16 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-06-03 17:16 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-06-03 17:16 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-27 14:40 . 2008-05-27 14:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 07:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:58 273,664 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys

2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys

2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys

2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys

2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys

2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys

2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys

2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys

2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys

2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys

2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]

@={E4000AC4-5E5F-4956-807A-C5854405D64F}

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Top-D Marin SA^Menu Démarrer^Programmes^Démarrage^VirtualExpander.lnk]

path=C:\Documents and Settings\Top-D Marin SA\Menu Démarrer\Programmes\Démarrage\VirtualExpander.lnk

backup=C:\WINDOWS\pss\VirtualExpander.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\486a85fb]

C:\WINDOWS\system32\ncftslsh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afksdfks1]

C:\WINDOWS\system32\asdls1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afskfask8]

C:\WINDOWS\system32\fsfjasj8.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\akgkagaksad9]

C:\WINDOWS\system32\fsakfask9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apadslasla13]

C:\WINDOWS\system32\alsdlaslx13.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asdsaxcxz13]

C:\WINDOWS\system32\dasxcsx13.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asfkafsk4]

C:\WINDOWS\system32\fdaolfdos4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asgfdjs2]

C:\WINDOWS\system32\vbsdaas2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\askasdkcl3]

C:\WINDOWS\system32\faskflxld3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aslgflsdakgsl1]

C:\WINDOWS\system32\ogdflsd1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aslkgadlkgsl1]

C:\WINDOWS\system32\oigdfgdfl1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonTrayIcon]

--a------ 2005-09-05 17:51 45056 C:\WINDOWS\BisonCam\BisonTrayIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4b59b667]

C:\WINDOWS\system32\taimcyms.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

--a------ 2001-12-26 15:12 472576 C:\WINDOWS\mHotkey.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dasa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\daso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daskaskfsak6]

C:\WINDOWS\system32\dsfids6.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daskgfkkcx15]

C:\WINDOWS\system32\dasdsaads15.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dsadlsa14]

C:\WINDOWS\system32\dsakfsak14.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\faslkakj11]

C:\WINDOWS\system32\kjgagklj11.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fysa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\fyso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadkgak12]

C:\WINDOWS\system32\fsafsakx12.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gajklgasjlkga]

C:\WINDOWS\system32\aglajgkd16.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-ra------ 2006-02-07 02:36 77824 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-ra------ 2006-02-07 02:40 118784 C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-ra------ 2006-02-07 02:39 94208 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jtsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\jtso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTPWare]

-ra------ 2005-10-27 05:50 512000 C:\Program Files\Elantech\ktp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\mhso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\qjso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-01-11 11:23 15961088 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rxsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\rxso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sakdasj6ksd5]

C:\WINDOWS\system32\e656lklfs5.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sakdasksd5]

C:\WINDOWS\system32\eksdlfs5.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

-ra------ 2005-11-09 21:44 557056 C:\WINDOWS\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-03 10:26 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-08-10 13:00 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\tlso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wdso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wgso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wlsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wlso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wmso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\woso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xcxdsaa7]

C:\WINDOWS\system32\slcskxsdl7.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xzkadsfk10]

C:\WINDOWS\system32\afslkfasl10.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ztsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\ztso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zxsa]

C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\zxso.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2005-11-28 13:33]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe82db40-bd9f-11db-b281-00030d000001}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-05 19:50:40

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-05 19:53:48 - machine was rebooted [Top-D Marin SA]

ComboFix-quarantined-files.txt 2008-06-05 17:53:45

 

Pre-Run: 44,654,092,288 octets libres

Post-Run: 44,573,478,912 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

355 --- E O F --- 2008-06-02 08:01:41

[oGu]

Bon, y'a un max de saloperie au premier coup d'oeil.

 

Suite des aventures demain !

Modifié le 5 juin 2008 par oGu

[pubwebmaster]

Quoi comme "saloperie"... ?

 

je n'aurais plus le temps non plus avant la semaine prochaine !

 

je n'ai pas eu d'autre pop up il me semble !

[oGu]

Des fichiers inconnus, probablement du VirtuMonde.

 

On attend la semaine prochaine alors! Quand tu es prêt, fais-moi signe !