infection backdoor.win32.bifrose (Resolu)

alfa128 · le 15 février 2009

Bonjour,

et tout dabord pour tous les bons conseils de ce site, vraiment pratique.

Alors voila, je viens a vous car ca va faire un week end entier que je me bat contre le vers backdoor.win32.bifrose qui a maintenant infecté 3 de mes postes.

un LAPTOP LG Centrino equipe de winXP (avast, vous allez me dire cest normal)

un NC10 samsung (virus scan, deja cest moins normal!)

un desktop core2DUO equipe de winxp pro (Kaspersky 7 a jour)

jai suivi la procedure de Malekal a la lettre en utilisant CCLEANER, MBAM, SDFIX,COMBOFIX, AVIRA + desactivation restau systeme)

mais malgres cela des que je redemarre et relance un scan MBAM, il me retrouve 130 infections de la base de registre (security hijack), je les elimine (deja ca prend 30 min) pour finir par une belle erreur winfile32.jpg bs script error et la impossible dacceder a la base de registre ou au gestionnaire des taches.

je me remet en mode sans echec et refais toute la desinfection mais toujours le meme probleme lorsque je retourne en mode normal!!

Je precise que il ny a aucun support de stockage branche ni meme de connexion reseau!

comment peut il revenir sans cesse ca me depasse!

donc jai restaure le NC10 avec backup initial mais le virus revient sans cesse (pour info cest c:/win.exe et c:/systeme34/antivir.exe qui est touche).

jai formatte le LAPTOP LG et la tout semble ok

malheureusement je ne peux pas me permettre de formatter le DESKTOP, jai un maximum de donnee+ serveur virtuel stocke dessus..

Je cherche donc une solution pour eradiquer une fois pour toute ce vers, je sais que la tache n'est pas aisé mais dans l'info rien n'est impossible...

personnelement, j'ai deja combattu bcp de vers (je bosse ds une boite dinfo, chercher l'erreur!!!)

je precise que sur le NC10, je lance INTERNET EXPLORER et jai un magnifique Hacked by proster et une belle page d'accueil en arabe...

sur le desktop, si je tente de telecharger nimporte quel fichier dans IE ou Firefox, ca me met impossible de sauvegarder le fichier, vous n'avez pas les droits...

voila desole pour le monologue, si vous avez besoin de plus de detail , n'hesitez pas, si vous avez une solution je suis preneur!!

Ce qui m'intrigue cest comment fait il pour revenir sans cesse et comment Kaspersky 7 ne l'a pas bloque avant l'infection ???

merci d'avance a la bonne ame qui trouvera la solution

alfa

Modifié le 15 février 2009 par alfa128

Falkra · le 15 février 2009

Bonsoir, ben avec tous ces outils utilisés, ça a dû mettre un beau bazar, et reprendre la machine maintenant ne va pas être une partie de plaisir.

Supprime SDFix, (plus à jour).

Poste le dernier rapport combofix stp (c:\combofix.txt)

Pour les posts suivants, télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Ca fait deux rapports donc.

alfa128 · le 15 février 2009

PS: je precise que tous les systemes XP sont a jour

Falkra · le 15 février 2009

Vu qu'on fait un topic par jour, prends la machine principale pour me sortir les rapports.

Ne touche plus à combofix sans supervision, pour la suite.

alfa128 · le 15 février 2009

rapport pris sur le DESKTOP en MODE SANS ECHEC : info.txt

info.txt logfile of random's system information tool 1.05 2009-02-15 12:38:19

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"

ACDSee 9 Gestionnaire de photos-->MsiExec.exe /I{91A06334-CB8D-422A-9699-251217674FD4}

Acronis Migrate Easy-->C:\Program Files\Acronis\MigrateEasy\MediaBuilder.exe -uninstall

Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}

Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}

Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}

Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}

Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}

Adobe Premiere Pro CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe

Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}

Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}

Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}

Adobe Shockwave Player-->MsiExec.exe /X{43BFB9E2-169C-46A9-BB81-141A37FD9750}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Audio Utilities Collection-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\AEncoder.inf,AEncUninstall

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"

AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"

AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

BitComet 0.85-->C:\Program Files\BitComet\uninst.exe

BMO WORLD 4.4.1-->"C:\Program Files\bmoworld\unins000.exe"

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Call of Duty® - World at War 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409

Call of Duty® - World at War-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c

Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c

Camtasia Studio 5-->MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}

Correctif Lecteur Windows Media 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"

Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE

Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}

DirectX10 RC2 Pre Fix 3-->"C:\WINDOWS\system32\unins000.exe"

DVD Decrypter 3.5.4.0-->MsiExec.exe /I{6406E9DB-A9E0-4DB8-A3A8-ED86959AD481}

DVDFab Platinum 3.0.5.5-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"

EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe

eMule Plus 1.2b-->"C:\Program Files\eMule\unins000.exe"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"

Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly

FAT32 Format-->C:\PROGRAM FILES\FAT32 Format\Uninstall.EXE

Firebird SQL Server - MAGIX Edition (F)-->C:\MAGIX\Common\Database\uninstall.exe

FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u

FlatOut Ultimate Carnage-->C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe

FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"

Free Video to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"

Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"

Free YouTube to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPhone Converter\unins000.exe"

Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly

HashTab Shell Extension 1.11 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe

hp deskjet 5100 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series

ImTOO iPhone Video Converter-->C:\Program Files\ImTOO\iPhone Video Converter 3\Uninstall.exe

iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}

J2SE Development Kit 5.0 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110}

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG

MAGIX Music Manager 2006 (F)-->C:\MAGIX\Music_Manager_2006\instslct.exe

MAGIX Photo Clinic 4.5 (F)-->C:\MAGIX\Photo_Clinic_45\instslct.exe

MAGIX Photo Manager 2006 (F)-->C:\MAGIX\Photo_Manager_2006\instslct.exe

MAGIX Photos sur CD & DVD 5.0 deluxe (F)-->C:\MAGIX\Photos_sur_CD_DVD_5_dlx\instslct.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}

Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe

Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (1.5)-->C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fr)"

MSFN Codec Pack 3.0-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\codec.inf, DefaultUninstall,3

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{025B7033-5D4A-4B72-A1C2-84BE4BE2F72F}

Nero 7 Lite 7.7.5.1-->"C:\Program Files\Nero\unins000.exe"

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}

OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U

Orb-->"C:\Program Files\Orb Networks\Orb\uninstall.exe"

Paint.NET v3.05-->MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}

PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x40c

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}

Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

QuickTime Alternative 1.78-->"C:\Program Files\QuickTime Alternative\unins000.exe"

QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}

Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"

Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"

SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"

Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}

TMPGEnc Plus 2.5-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}

TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

Touchpad Media Server-->MsiExec.exe /I{747FD696-E5F7-4265-AD03-AD9C9F93E796}

TuneAid 3.04-->"C:\Program Files\DigiDNA\TuneAid\unins000.exe"

Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe

VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe"

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Kaspersky Internet Security

FW: Kaspersky Internet Security

System event log

Computer Name: SWEET-AAD6E4A0D

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrB.

Record Number: 5424

Source Name: Service Control Manager

Time Written: 20081126214636.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: SWEET-AAD6E4A0D

Event Code: 7035

Message: Un contrôle Arrêter a correctement été envoyé au service PnkBstrB.

Record Number: 5423

Source Name: Service Control Manager

Time Written: 20081126214635.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: SWEET-AAD6E4A0D

Event Code: 7036

Message: Le service PnkBstrB est entré dans l'état : arrêté.

Record Number: 5422

Source Name: Service Control Manager

Time Written: 20081126214635.000000+060

Event Type: Informations

User:

Computer Name: SWEET-AAD6E4A0D

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrK.

Record Number: 5421

Source Name: Service Control Manager

Time Written: 20081126214622.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: SWEET-AAD6E4A0D

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrB.

Record Number: 5420

Source Name: Service Control Manager

Time Written: 20081126214616.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Application event log

Computer Name: SWEET-AAD6E4A0D

Event Code: 701

Message: msnmsgr (980) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db'.

Record Number: 7904

Source Name: ESENT

Time Written: 20081224000018.000000+060

Event Type: Informations

User:

Computer Name: SWEET-AAD6E4A0D

Event Code: 700

Message: msnmsgr (980) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db'.

Record Number: 7903

Source Name: ESENT

Time Written: 20081224000018.000000+060

Event Type: Informations

User:

Computer Name: SWEET-AAD6E4A0D

Event Code: 102

Message: msnmsgr (980) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 7902

Source Name: ESENT

Time Written: 20081223163840.000000+060

Event Type: Informations

User:

Computer Name: SWEET-AAD6E4A0D

Event Code: 100

Message: msnmsgr (980) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 7901

Source Name: ESENT

Time Written: 20081223163840.000000+060

Event Type: Informations

User:

Computer Name: SWEET-AAD6E4A0D

Event Code: 101

Message: msnmsgr (980) Le moteur de base de données est arrêté.

Record Number: 7900

Source Name: ESENT

Time Written: 20081223163818.000000+060

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime Alternative\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"RGSCLauncher"=D:\Rockstar Games\Rockstar Games Social Club

"RGSC"=D:\Rockstar Games\Rockstar Games Social Club\1_0_0_0

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

log.txt

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrateur at 2009-02-15 20:17:32

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 19 GB (15%) free of 130 GB

Total RAM: 2047 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:17:58, on 15/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 8008 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]

FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0124123D-61B4-456f-AF86-78C53A0790C5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264]

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216]

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640]

"nwiz"=nwiz.exe /install []

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016]

"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648]

"regdiit"=C:\WINDOWS\system32\win.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

"Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184]

"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"

"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"

"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"

"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"

"D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"

"D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"

"D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"

"D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"

"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War "

"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War "

"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b237bbb6-03cb-11dd-ba26-001bfca3cfa9}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}]

shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fccf6042-e620-11dc-b5ee-001bfca3cfa9}]

shell\AutoRun\command - xeekrd.exe

shell\explore\command - xeekrd.exe

shell\open\command - xeekrd.exe

======List of files/folders created in the last 1 months======

2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-15 19:25:37 ----SHD---- C:\RECYCLER

2009-02-15 19:22:38 ----A---- C:\ComboFix.txt

2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store#

2009-02-15 17:48:40 ----SHD---- C:\Config.Msi

2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR

2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT

2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA

2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA

2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA

2009-02-15 15:09:14 ----D---- C:\SDFix

2009-02-15 14:57:36 ----D---- C:\WINDOWS\temp

2009-02-15 14:40:07 ----D---- C:\VundoFix Backups

2009-02-15 14:40:07 ----A---- C:\VundoFix.txt

2009-02-15 12:38:11 ----D---- C:\rsit

2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro

2009-02-15 12:29:48 ----A---- C:\Boot.bak

2009-02-15 12:29:38 ----RASHD---- C:\cmdcons

2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe

2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe

2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT

2009-02-15 12:27:07 ----D---- C:\Qoobox

2009-02-15 12:06:43 ----D---- C:\WINDOWS\system32\systeme34

2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU

2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia

2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU

2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts

2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games

2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid

2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA

======List of files/folders modified in the last 1 months======

2009-02-15 19:33:56 ----D---- C:\WINDOWS

2009-02-15 19:22:43 ----D---- C:\WINDOWS\system32\drivers

2009-02-15 19:22:43 ----D---- C:\WINDOWS\system32

2009-02-15 19:22:43 ----D---- C:\WINDOWS\Prefetch

2009-02-15 19:21:38 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-15 19:18:04 ----A---- C:\WINDOWS\system.ini

2009-02-15 19:17:11 ----SHD---- C:\WINDOWS\CSC

2009-02-15 19:17:00 ----D---- C:\Program Files\SuperCopier2

2009-02-15 19:15:35 ----D---- C:\WINDOWS\system32\config

2009-02-15 19:15:13 ----D---- C:\WINDOWS\AppPatch

2009-02-15 19:15:11 ----D---- C:\Program Files\Fichiers communs

2009-02-15 19:14:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-02-15 18:32:22 ----SHD---- C:\WINDOWS\Installer

2009-02-15 18:32:01 ----HD---- C:\WINDOWS\inf

2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab

2009-02-15 17:41:22 ----SHD---- C:\System Volume Information

2009-02-15 17:41:22 ----D---- C:\WINDOWS\system32\Restore

2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache

2009-02-15 16:50:44 ----D---- C:\Program Files\Mozilla Firefox

2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-15 16:16:39 ----D---- C:\Program Files\eMule

2009-02-15 15:48:44 ----RD---- C:\Program Files

2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini

2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump

2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug

2009-02-15 12:29:48 ----RASH---- C:\boot.ini

2009-02-15 11:53:44 ----D---- C:\Downloads

2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft

2009-02-11 18:45:16 ----D---- C:\Temp

2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet

2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI

2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP

2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX

2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly

2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS

2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft

2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]

S1 FNETDEVI;FNETDEVI; \??\C:\WINDOWS\system32\drivers\FNETDEVI.SYS []

S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []

S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]

S2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264]

S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]

S3 arly6d5y;arly6d5y; C:\WINDOWS\system32\drivers\arly6d5y.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944]

S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]

S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []

S3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360]

S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv []

S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]

S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908]

S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]

S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

merci pour la rapidite de la reponse tes un robot ou quoi ?? lol

Falkra · le 15 février 2009

Ok, on s'occupe du desktop.

merci pour la rapidite de la reponse tes un robot ou quoi ?? lol

Je suis un humain rapide. Lol.

Pfiou, il y a 50 bestioles là dedans.

On va prendre combofix, mais aller au bout. Normalement un utilisateur sans supervision ne doit pas l'utiliser, et pour une raison simple : il n'est pas conçu pour venir à bout seul des bestioles.

Il faut une nouvelle copie de combofix, donc tu oublies l'ancienne ou tu l'effaces sans remords.

Suis la procédure à la lettre, notamment pour le fait de mettre sur le bureau, etc... tout.

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

Assure toi que tous les programmes sont fermés avant de commencer.
Double-clique combofix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
Le bureau disparaît, c'est normal, et il va revenir.
Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).

alfa128 · le 15 février 2009

jai deja utilise combo fix max de fois ten fais pas je suis conscient des risques! dans mon boulot je passe mon temps a depanner des gens, cest le comble non ??

mais y ma pas resolu le probleme!

par contre lorsque je vais redemarrer apres lavoir lance je le redemarre en mode sans echec ou en mode normal ?

car si meme apres avoir lance combofix, lorsque il redemarre en mode normal im le met installation des nouveaux programmes (systeme34/antivir.exe)..

si tu savais combien de fois je lai lance ce soft, cest fou, il me les elimine bien mais tout revient tt de suite apres...

Modifié le 15 février 2009 par alfa128

alfa128 · le 15 février 2009

rapport combo.log :

ComboFix 09-02-14.01 - Administrateur 2009-02-15 20:45:25.6 - NTFSx86 MINIMAL

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1647 [GMT 1:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)

FW: Kaspersky Internet Security *disabled*

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

G:\autorun.inf

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))

.

2009-02-15 20:43 . 2009-02-15 20:43 <REP> d-------- C:\32788R22FWJFW

2009-02-15 18:03 . 2009-02-15 18:03 96,976 --a------ c:\windows\system32\drivers\klin.dat

2009-02-15 18:03 . 2009-02-15 18:03 87,855 --a------ c:\windows\system32\drivers\klick.dat

2009-02-15 17:57 . 2009-02-15 17:57 <REP> d--hs---- C:\#GDATA.Trash.Store#

2009-02-15 17:15 . 2009-02-15 17:15 579,584 --a------ c:\windows\system32\dllcache\user32.dll

2009-02-15 17:13 . 2009-02-15 17:13 <REP> d-------- c:\windows\ERUNT

2009-02-15 16:07 . 2009-02-15 16:29 1,105,952 --ahs---- c:\windows\system32\drivers\fidbox.dat

2009-02-15 16:07 . 2009-02-15 16:24 12,064 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox.idx

2009-02-15 16:02 . 2009-02-15 16:02 68,296 --a------ c:\windows\system32\drivers\GRD.sys

2009-02-15 15:51 . 2009-02-15 15:51 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys

2009-02-15 15:49 . 2009-02-15 15:49 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys

2009-02-15 15:49 . 2009-02-15 15:49 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\G DATA

2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\Fichiers communs\G DATA

2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA

2009-02-15 14:40 . 2009-02-15 14:40 <REP> d-------- C:\VundoFix Backups

2009-02-15 12:38 . 2009-02-15 12:38 <REP> d-------- C:\rsit

2009-02-15 12:38 . 2009-02-15 20:17 <REP> d-------- c:\program files\trend micro

2009-02-15 12:33 . 2009-02-15 12:33 0 --a------ C:\OrbPVR.db

2009-02-15 12:06 . 2009-02-15 17:00 <REP> d-------- c:\windows\system32\systeme34

2009-02-14 20:50 . 2009-02-15 17:06 412,906 -rahs---- c:\windows\system32\winjpg.jpg

2009-02-14 20:50 . 2009-02-15 17:06 412,902 -rahs---- C:\winfile.jpg

2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU

2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AVS4YOU

2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\Fichiers communs\AVSMedia

2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\AVS4YOU

2009-02-05 18:51 . 2009-02-05 18:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-02-03 19:37 . 2009-02-03 19:37 <REP> d-------- c:\program files\EA Games

2009-01-20 20:54 . 2009-01-20 20:54 8,192 --a------ c:\windows\REGLOCS.OLD

2009-01-18 13:07 . 2009-01-18 13:07 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss

2009-01-17 16:00 . 2009-01-17 16:00 <REP> d-------- c:\program files\DigiDNA

2009-01-17 16:00 . 2009-01-23 21:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneAid

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-15 18:17 --------- d-----w c:\program files\SuperCopier2

2009-02-15 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-02-15 17:03 --------- d-----w c:\program files\Kaspersky Lab

2009-02-15 16:36 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-15 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-15 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-15 15:16 --------- d-----w c:\program files\eMule

2009-02-11 17:11 --------- d-----w c:\program files\BitComet

2009-02-04 17:52 --------- d-----w c:\program files\WinSCP

2009-01-17 17:41 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft

2009-01-17 17:39 --------- d-----w c:\program files\DVDVideoSoft

2009-01-11 12:00 --------- d-----w c:\program files\iTunes

2009-01-11 12:00 --------- d-----w c:\program files\iPod

2009-01-11 12:00 --------- d-----w c:\program files\Fichiers communs\Apple

2009-01-11 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-11 11:59 --------- d-----w c:\program files\QuickTime Alternative

2009-01-11 11:57 --------- d-----w c:\program files\Bonjour

2009-01-11 11:54 --------- d-----w c:\program files\Apple Software Update

2009-01-10 16:55 --------- d-----w c:\program files\Empire Interactive

2009-01-09 20:17 --------- d-----w c:\program files\DxO Labs

2009-01-07 17:40 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-01-03 13:53 --------- d-----w c:\program files\Everest Poker

2009-01-03 03:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-03 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-03 03:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes

2008-12-21 13:46 --------- d-----w c:\program files\Java

2008-12-21 13:34 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-21 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard

2008-12-21 13:30 --------- d-----w c:\program files\AGEIA Technologies

2008-12-21 12:43 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-16 19:40 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys

2008-03-09 06:25 236 ----a-w c:\program files\Fichiers communs\dx.reg

2008-02-24 18:15 87,608 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe

2008-02-24 18:15 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys

.

------- Sigcheck -------

2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\icon_TMP\wuauclt.exe

2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe

2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\system32\wuauclt.exe

2007-04-02 11:56 124376 5e5a6af2d6ff2d289414c53025fe2337 c:\windows\system_backup\wuauclt.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]

"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"CTFMON"="c:\windows\system32\wscript.exe" [2008-04-13 155648]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2007-04-02 c:\windows\system32\advpack.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"msacm.imc"= imc32.acm

"msacm.l3codecp"= l3codecp.acm

"VIDC.i263"= i263_32.drv

"VIDC.ACDV"= ACDV.dll

"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com]