[Résolu]Trojan.tdss.fm, de l'aide svp

[Tharox]

Bonjour à tous pour commencer.

J'ai un problème avec mon pc depuis hier. Ma suite antivirus (bitdefender 2009) trouve un trojan.tdss.fm tous les 10 secondes. Il m'indique que le fichier est supprimé mais il revient en permanance.

Il s'agit de C:\Windows\System32\drivers\ovfsthxonpiiqfs.sys.

Je poste mon hijack. Merci pour votre futur aide.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:33:27, on 24/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\REVOLTEC\FightPad v1.00\FightPad.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [FightPad] "C:\Program Files\REVOLTEC\FightPad v1.00\FightPad.exe" -1

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

O4 - Global Startup: QuickSet.lnk = ?

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUpldfr-fr.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Gestion de l'alimentation de l'adaptateur réseau interne Dell (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

 

--

End of file - 5995 bytes

Modifié le 29 avril 2009 par Tharox

[Falkra]

Bonjour, bienvenue sur le forum.

 

Messages : 1

Si jamais tu as besoin de quelques infos ou dun peu d'aide pour retrouver tes posts :

• Comment participer à un forum
  
• Retrouver ses messages
  

 

c'est une grosse bête ça, mais on va en venir à bout.

Par contre, méfie toi des cracks et sites douteux, elle a pu venir par là, très probablement.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[Tharox]

Merci a toi de te pencher sur mon problème.

Catchme trouve bien les fichiers qui posent problème, mais ne les supprimes pas.

Voici le rapport:

 

ComboFix 09-04-24.01 - Tharox 24/04/2009 10:48.5 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1048 [GMT 2:00]

Lancé depuis: c:\users\Tharox\Desktop\ffffff.exe

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

FW: BitDefender Firewall *enabled*

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-4-24 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\users\Tharox\AppData\Roaming\Malwarebytes

2009-04-23 19:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-23 19:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\programdata\Malwarebytes

2009-04-23 18:16 . 2009-04-23 18:16 -------- d-----w c:\program files\Trend Micro

2009-04-23 11:54 . 2009-04-23 22:13 346465133 ----a-w c:\windows\MEMORY.DMP

2009-04-21 18:44 . 2009-04-21 18:44 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools Pro

2009-04-21 18:43 . 2009-04-21 18:43 -------- d-----w c:\users\All Users\DAEMON Tools Lite

2009-04-21 18:43 . 2009-04-21 18:43 -------- d-----w c:\programdata\DAEMON Tools Lite

2009-04-21 18:40 . 2009-04-21 18:44 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools Lite

2009-04-20 18:59 . 2009-04-20 18:59 -------- d-sh--w c:\windows\ftpcache

2009-04-19 10:58 . 2009-04-19 10:58 -------- d-----w c:\users\Tharox\AppData\Roaming\vlc

2009-04-18 19:14 . 2009-04-18 19:14 -------- d-----w c:\program files\SystemRequirementsLab

2009-04-18 19:14 . 2009-04-18 19:14 -------- d-----w c:\users\Tharox\AppData\Roaming\SystemRequirementsLab

2009-04-15 13:59 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll

2009-04-15 13:59 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-04-15 13:59 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll

2009-04-15 13:59 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll

2009-04-15 13:59 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 13:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 13:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-15 13:58 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-04-15 13:58 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-04-15 13:58 . 2009-03-03 04:39 551424 ------w c:\windows\system32\rpcss.dll

2009-04-15 13:58 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-04-15 13:58 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-04-15 13:58 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-04-15 13:58 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-04-15 13:58 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll

2009-04-15 13:58 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-04-15 13:58 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe

2009-04-12 15:30 . 2009-04-12 15:31 -------- d-----w C:\temp

2009-03-31 09:49 . 2009-04-24 08:21 -------- d-----w c:\users\Tharox\Tracing

2009-03-31 09:47 . 2009-03-31 09:47 -------- d-----w c:\program files\Microsoft

2009-03-31 09:47 . 2009-03-31 09:47 -------- d-----w c:\program files\Windows Live SkyDrive

2009-03-25 12:31 . 2008-10-27 09:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll

2009-03-25 12:31 . 2008-10-27 09:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2009-03-25 12:31 . 2008-10-10 03:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll

2009-03-25 12:31 . 2008-10-10 03:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll

2009-03-25 12:31 . 2008-10-10 03:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll

2009-03-25 12:31 . 2008-10-27 09:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll

2009-03-25 12:31 . 2008-10-27 09:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll

2009-03-25 11:29 . 2009-03-25 11:31 -------- d--h--w c:\windows\msdownld.tmp

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-24 07:41 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat

2009-04-24 07:41 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat

2009-04-24 07:35 . 2008-11-19 21:46 232422 ----a-w c:\users\All Users\nvModes.dat

2009-04-24 07:35 . 2008-11-19 21:46 232422 ----a-w c:\programdata\nvModes.dat

2009-04-24 07:34 . 2008-06-26 01:12 81984 ----a-w c:\windows\System32\bdod.bin

2009-04-24 06:57 . 2009-04-24 06:56 4096 ----a-w c:\windows\System32\winglsetup.exe

2009-04-24 06:12 . 2008-05-05 08:50 151496 ----a-w c:\windows\system32\drivers\systormrfp.pkg

2009-04-22 05:21 . 2008-07-22 16:39 -------- d-----w c:\users\Tharox\AppData\Roaming\TeraCopy

2009-04-21 20:23 . 2007-12-17 10:40 -------- d-----w c:\programdata\Media Center Programs

2009-04-21 19:11 . 2007-12-18 07:44 -------- d-----w c:\program files\DAEMON Tools Lite

2009-04-21 18:44 . 2007-12-18 07:45 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools

2009-04-21 18:40 . 2007-12-18 07:42 717296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-21 11:21 . 2007-12-17 12:58 -------- d-----w c:\program files\Google

2009-04-20 19:50 . 2007-12-23 17:54 -------- d-----w c:\users\Tharox\AppData\Roaming\uTorrent

2009-04-20 16:59 . 2007-12-16 15:47 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-18 18:46 . 2008-01-22 17:35 -------- d-----w c:\users\Tharox\AppData\Roaming\dvdcss

2009-04-15 15:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-07 16:06 . 2008-08-14 16:54 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys

2009-04-05 17:41 . 2008-09-24 12:18 -------- d---a-w c:\programdata\TEMP

2009-04-03 17:29 . 2007-12-17 06:36 -------- d-----w c:\program files\Java

2009-03-31 09:46 . 2007-12-17 09:52 -------- d-----w c:\program files\Windows Live

2009-03-17 03:38 . 2009-04-15 13:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-09 03:19 . 2008-12-01 09:54 410984 ----a-w c:\windows\System32\deploytk.dll

2009-03-08 11:34 . 2009-03-25 11:30 914944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 . 2009-03-25 11:30 43008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 . 2009-03-25 11:30 18944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 . 2009-03-25 11:30 109056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 . 2009-03-25 11:30 109568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 . 2009-03-25 11:30 132608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 . 2009-03-25 11:30 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-03-25 11:30 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-03-25 11:30 103936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:33 . 2009-03-25 11:30 420352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:32 . 2009-03-25 11:30 72704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 . 2009-03-25 11:30 71680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 . 2009-03-25 11:30 66560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 . 2009-03-25 11:30 169472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 . 2009-03-25 11:30 34816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:31 . 2009-03-25 11:30 48128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 . 2009-03-25 11:30 45568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:22 . 2009-03-25 11:30 156160 ----a-w c:\windows\System32\msls31.dll

2009-03-08 08:57 . 2009-03-08 08:57 -------- d-----w c:\users\Tharox\AppData\Roaming\LiveCAD2

2009-03-08 08:43 . 2009-03-08 08:43 -------- d-----w c:\program files\A9Tech

2009-02-26 15:46 . 2008-03-12 07:42 -------- d-----w c:\program files\Microsoft Silverlight

2009-02-09 03:10 . 2009-03-11 09:46 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2008-12-28 17:45 . 2007-12-16 14:30 81040 ----a-w c:\users\Tharox\AppData\Local\GDIPFONTCACHEV1.DAT

2008-07-26 20:35 . 2007-12-16 17:32 185390 ----a-w c:\users\Tharox\AppData\Roaming\nvModes.dat

2008-05-14 17:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-03-11 07:44 . 2008-03-11 07:38 680 ----a-w c:\users\Tharox\AppData\Local\d3d9caps.dat

2008-01-12 18:46 . 2008-01-12 18:46 22328 ----a-w c:\users\Tharox\AppData\Roaming\PnkBstrK.sys

2009-04-07 16:2008-08-13 17:02 07:05 . c:\program files\mozilla firefox\components\FFComm.dll

2008-01-07 11:22 . 2008-01-07 11:22 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-07 11:22 . 2008-01-07 11:22 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-07 11:22 . 2008-01-07 11:22 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-23_20.37.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-16 14:40 . 2009-04-24 07:37 47322 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2007-12-16 14:40 . 2009-04-23 20:29 47322 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-12-16 14:31 . 2009-04-24 07:37 12358 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2046195620-2010614916-518472352-1000_UserData.bin

+ 2006-11-02 13:02 . 2009-04-24 07:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:02 . 2009-04-24 07:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:02 . 2009-04-24 07:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-23 20:27 . 2009-04-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-04-24 07:35 . 2009-04-24 07:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-04-23 20:27 . 2009-04-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-04-24 07:35 . 2009-04-24 07:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 13:05 . 2009-04-24 07:37 102384 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2006-11-02 10:33 . 2009-04-23 20:32 587178 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-04-24 07:41 587178 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-04-23 20:32 101250 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-04-24 07:41 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 12:47 . 2009-04-23 18:32 300200 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:47 . 2009-04-24 07:35 300200 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:43 . 2009-04-24 07:45 262144 c:\windows\System32\config\systemprofile\ntuser.dat

- 2006-11-02 12:43 . 2009-04-23 20:32 262144 c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-03-25 11:38 . 2009-04-24 05:49 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-03-25 11:38 . 2009-04-15 18:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2006-11-02 12:47 . 2009-04-24 07:36 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-23 20:28 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-24 07:36 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-23 20:28 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-06-12 214288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"FightPad"="c:\program files\REVOLTEC\FightPad v1.00\FightPad.exe" [2007-05-09 4767744]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-16 778240]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-07 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-02 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-07-02 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

 

c:\users\Tharox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-12 809488]

Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-3-25 603408]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-16 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2046195620-2010614916-518472352-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F3369DBF-E445-47FD-AF5A-9E47447EC1BE}"= UDP:d:\jeux\Hellgate London\Launcher.exe:Hellgate : London

"{9462AEE1-BF7A-48E3-A421-16E2EFFE63EE}"= TCP:d:\jeux\Hellgate London\Launcher.exe:Hellgate : London

"{D0608197-5484-4687-BAEB-099009134DC9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{A7D97A3C-C7CD-4520-8DF2-0E1FF6006A0A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{4D6BACE1-9205-4E85-BFCA-AA3947ED8FC0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{6ED6B80D-8522-45F3-B697-FDF241E81148}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AD558FB5-F728-4383-9F79-05BCAA633062}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A2218FE5-730F-4396-841F-5265B1491263}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{32E3DEAD-63D4-45DC-9F94-7A28E3E2189A}"= UDP:d:\jeux\GRID\GRID.exe:GRID

"{4989B4C1-FF64-4B2F-BF47-9426F07826BC}"= TCP:d:\jeux\GRID\GRID.exe:GRID

"{EA9ADE11-234D-4880-BBA2-83A4DDC03EA8}"= UDP:c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server

"{E08C2B96-F927-4E2B-8DC9-E161BA684696}"= TCP:c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server

"{6B4C3F88-0CC6-435C-92E3-83D3D2445462}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{9A84843D-74D0-48E1-864B-1F9582971356}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{29C28F65-B112-4A33-BDCA-A761526653CB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{EE912911-13F4-41B8-9833-89860CB8DA64}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{2D9E89FD-C191-4763-8B9C-8031C2506490}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{544504A6-6F96-401A-B4C0-E6F31F36ED49}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{F7522841-F6D7-4412-AEF9-D94354BD8E83}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{82F253C2-0342-48CA-BB58-D0F1A7A0ECEA}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{D9A541C1-AB1C-4F87-92A9-6B747342CE39}"= UDP:d:\jeux\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server

"{8ECF82CC-2E5A-4306-BD82-2C00496303D2}"= TCP:d:\jeux\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server

"{73F7FEF8-4393-4A36-BB35-81F56FDD1F65}"= UDP:d:\jeux\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2

"{A193EB84-2796-4BE3-9740-295DA8926B80}"= TCP:d:\jeux\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2

"{EE0E400E-AEDD-43C7-8BC8-603B4E454C66}"= UDP:d:\steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare

"{BE64A282-6DFD-4CF9-9D83-81EA39902D9D}"= TCP:d:\steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare

"{BB1FF48E-C472-46A1-830B-E6CF24CE5517}"= UDP:d:\steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare

"{D009B8BC-F492-41A5-A5ED-D3AC878FBDB8}"= TCP:d:\steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare

"{2C071F24-FBB2-4FA7-BC70-BC05261C9592}"= UDP:d:\jeux\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar

"{864542EC-DD15-4BDE-B33D-98B2DA73B3C4}"= TCP:d:\jeux\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar

"{934ED5C3-C41A-48B8-8185-8BF6B4F37FA8}"= UDP:d:\jeux\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher

"{6018647E-0FC3-44F0-9808-9835D56EF09E}"= TCP:d:\jeux\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher

"{924A9009-F82A-4306-B599-9EB859A846CB}"= UDP:d:\jeux\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{643C4A0E-2700-4379-9CDE-885D5AAA6C45}"= TCP:d:\jeux\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{D32F741B-9DC2-4347-9052-89ABB0A31C15}"= UDP:d:\jeux\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{82656CBB-16C0-4039-AA43-D535C4D75BC0}"= TCP:d:\jeux\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{950DE77F-3853-41A7-B70C-336B8C4062A1}"= UDP:d:\jeux\COH\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{81C713A8-64F5-487F-A397-83283207138B}"= TCP:d:\jeux\COH\RelicCOH.exe:Company of Heroes - Opposing Fronts

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

R3 systormrfp;REVOLTEC FightPad;c:\windows\system32\DRIVERS\systormrfp.sys [2007-03-19 16896]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]

S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-01-19 82696]

S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 179712]

S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-11-18 111112]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-07 104328]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - aujasnkj

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{817813cc-24d9-11dd-ad5d-00188ba1eea7}]

\shell\AutoRun\command - G:\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8620757b-f271-11dc-8338-00188ba1eea7}]

\shell\AutoRun\command - G:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86207585-f271-11dc-8338-00188ba1eea7}]

\shell\AutoRun\command - H:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d75d44c1-abcc-11dc-b320-806e6f6e6963}]

\shell\AutoRun\command - F:\Launch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8736406-2ea3-11de-b0cb-00188ba1eea7}]

\shell\AutoRun\command - E:\Launch.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{F95D2F10-7D67-45A6-8677-F51C6C3CCA01}.job

- c:\windows\system32\msfeedssync.exe [2009-03-25 11:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

FF - ProfilePath - c:\users\Tharox\AppData\Roaming\Mozilla\Firefox\Profiles\n19y3b03.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 10:52

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32\drivers\ovfsthxonpiiqfs.sys 83456 bytes executable

c:\windows\system32\ovfsthxesbotpwr.dat 43 bytes

c:\windows\system32\ovfsthxippgxmce.dll 18432 bytes executable

c:\windows\system32\ovfsthxivnfnoxx.dll 18432 bytes executable

c:\windows\system32\ovfsthxpmxhixed.dat 5418 bytes

c:\windows\system32\ovfsthxptjupwek.dat 43 bytes

c:\windows\system32\ovfsthxqtxwnusp.dat 492314 bytes

c:\windows\system32\ovfsthxvoybwgfx.dll 60928 bytes executable

 

Scan terminé avec succès

Fichiers cachés: 8

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxxffxeonq]

"imagepath"="\systemroot\system32\drivers\ovfsthxonpiiqfs.sys"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(5312)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

.

Heure de fin: 2009-04-24 10:53

ComboFix-quarantined-files.txt 2009-04-24 08:53

ComboFix2.txt 2009-04-24 07:52

ComboFix3.txt 2009-04-24 05:57

ComboFix4.txt 2009-04-23 20:49

ComboFix5.txt 2009-04-24 08:47

 

Avant-CF: 10 651 398 144 octets libres

Après-CF: 10 626 240 512 octets libres

 

295 --- E O F --- 2009-02-26 11:54

[Tharox]

Recgarde ce que je trouve sous catchme!!!

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-24 10:16:48

Windows 6.0.6001 Service Pack 1

 

 

---- System - GMER 1.0.15 ----

 

INT 0x52 ? 8627EBF8

INT 0x72 ? 8468DBF8

INT 0x82 ? 8468DBF8

INT 0xA3 ? 8627EBF8

INT 0xB3 ? 8627EBF8

 

Code 87B7F518 ZwEnumerateKey

Code 87C16F58 ZwFlushInstructionCache

Code \??\C:\Users\Tharox\AppData\Local\Temp\catchme.sys IofCallDriver

Code 87ABD3AE IofCompleteRequest

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!IofCompleteRequest 82082FE2 5 Bytes JMP 87ABD3B3

.text ntkrnlpa.exe!IofCallDriver 82104F6F 5 Bytes JMP 9F09BF84 \??\C:\Users\Tharox\AppData\Local\Temp\catchme.sys

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821FB30B 5 Bytes JMP 87C16F5C

PAGE ntkrnlpa.exe!ZwEnumerateKey 82250BA2 5 Bytes JMP 87B7F51C

? System32\Drivers\spqt.sys Le chemin d'accès spécifié est introuvable. !

.text USBPORT.SYS!DllUnload 8C8A546F 5 Bytes JMP 8627E1D8

.text a2et9s1r.SYS 8C9A2000 22 Bytes [26, D2, 01, 82, 10, D1, 01, ...]

.text a2et9s1r.SYS 8C9A2017 145 Bytes [00, 32, D7, 79, 80, 3D, D5, ...]

.text a2et9s1r.SYS 8C9A20A9 35 Bytes [C0, 09, 82, A0, B7, 09, 82, ...]

.text a2et9s1r.SYS 8C9A20CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]

.text a2et9s1r.SYS 8C9A20DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]

.text ...

.text bridge.sys 8C9E5462 489 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]

.text bridge.sys 8C9E564C 29 Bytes JMP 8C9E55B6 \SystemRoot\system32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation)

? C:\Windows\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

? C:\Users\Tharox\AppData\Local\Temp\catchme.sys Le fichier spécifié est introuvable. !

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806946D2] \SystemRoot\System32\Drivers\spqt.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80694040] \SystemRoot\System32\Drivers\spqt.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806947FC] \SystemRoot\System32\Drivers\spqt.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806940BE] \SystemRoot\System32\Drivers\spqt.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069413C] \SystemRoot\System32\Drivers\spqt.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A4048] \SystemRoot\System32\Drivers\spqt.sys

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortNotification] CC000CC2

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortMoveMemory] 00012284

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0

IAT \SystemRoot\System32\Drivers\a2et9s1r.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 8543F1F8

Device \FileSystem\fastfat \FatCdrom 87DD11F8

Device \FileSystem\udfs \UdfsCdRom 87DCF1F8

Device \FileSystem\udfs \UdfsDisk 87DCF1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{2A8E85A8-7AA6-4D18-9B54-2DE2033E6155} 87CBB458

Device \Driver\volmgr \Device\VolMgrControl 8468F1F8

Device \Driver\usbuhci \Device\USBPDO-0 862CE1F8

Device \Driver\usbuhci \Device\USBPDO-1 862CE1F8

Device \Driver\usbuhci \Device\USBPDO-2 862CE1F8

Device \Driver\sptd \Device\733917530 spqt.sys

Device \Driver\usbuhci \Device\USBPDO-3 862CE1F8

Device \Driver\usbehci \Device\USBPDO-4 862DE1F8

 

AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys

 

Device \Driver\USBSTOR \Device\00000070 8628F378

Device \Driver\USBSTOR \Device\00000070 87CB1878

Device \Driver\volmgr \Device\HarddiskVolume1 8468F1F8

Device \Driver\USBSTOR \Device\00000071 8628F378

Device \Driver\USBSTOR \Device\00000071 87CB1878

Device \Driver\volmgr \Device\HarddiskVolume2 8468F1F8

Device \Driver\cdrom \Device\CdRom0 8639C1F8

Device \Driver\USBSTOR \Device\00000072 8628F378

Device \Driver\USBSTOR \Device\00000072 87CB1878

Device \Driver\volmgr \Device\HarddiskVolume3 8468F1F8

Device \Driver\cdrom \Device\CdRom1 8639C1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8543E1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856262F0

Device \Driver\atapi \Device\Ide\IdePort0 8543E1F8

Device \Driver\atapi \Device\Ide\IdePort0 856262F0

Device \Driver\atapi \Device\Ide\IdePort1 8543E1F8

Device \Driver\atapi \Device\Ide\IdePort1 856262F0

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8543E1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 856262F0

Device \Driver\USBSTOR \Device\00000073 8628F378

Device \Driver\USBSTOR \Device\00000073 87CB1878

Device \Driver\volmgr \Device\HarddiskVolume4 8468F1F8

Device \Driver\prohlp02 \Device\ProHlp02 88DE8D68

Device \Driver\netbt \Device\NetBt_Wins_Export 87CBB458

Device \Driver\Smb \Device\NetbiosSmb 87CC8500

Device \Driver\PCI_PNP7515 \Device\0000005a spqt.sys

Device \Driver\iScsiPrt \Device\RaidPort0 863A61F8

 

AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys

 

Device \Driver\usbuhci \Device\USBFDO-0 862CE1F8

Device \Driver\usbuhci \Device\USBFDO-1 862CE1F8

Device \Driver\usbuhci \Device\USBFDO-2 862CE1F8

Device \Driver\usbuhci \Device\USBFDO-3 862CE1F8

Device \Driver\usbehci \Device\USBFDO-4 862DE1F8

Device \Driver\a2et9s1r \Device\Scsi\a2et9s1r1Port3Path0Target0Lun0 863A21F8

Device \Driver\a2et9s1r \Device\Scsi\a2et9s1r1Port3Path0Target0Lun0 87A48310

Device \Driver\a2et9s1r \Device\Scsi\a2et9s1r1 863A21F8

Device \Driver\a2et9s1r \Device\Scsi\a2et9s1r1 87A48310

Device \FileSystem\fastfat \Fat 87DD11F8

 

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

 

Device \FileSystem\cdfs \Cdfs 87C59500

 

---- Services - GMER 1.0.15 ----

 

Service C:\Windows\system32\drivers\ovfsthxonpiiqfs.sys (*** hidden *** ) [sYSTEM] ovfsthxxffxeonq <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq@imagepath \systemroot\system32\drivers\ovfsthxonpiiqfs.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq@inst 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@ver icv140409

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@cid 01

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@bid 1422896883-2046195620-2010614916-518472352

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@aid 303350

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@sid 4

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@feed 0x22 0x64 0x78 0x36 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main@cmddelay 28801

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\ff

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{2982085F-91B1-497E-917F-F46246DB336F}

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\ff@version 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\injector@iexplore.exe ovfsthxwi.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\injector@explorer.exe ovfsthxff.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules@ovfsthx.sys \systemroot\system32\drivers\ovfsthxonpiiqfs.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules@ovfsthx.dll \systemroot\system32\ovfsthxvoybwgfx.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules@ovfsthxlog.dat \systemroot\system32\ovfsthxpmxhixed.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules@ovfsthxwi.dll \systemroot\system32\ovfsthxivnfnoxx.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules@ovfsthxff.dll \systemroot\system32\ovfsthxippgxmce.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxxffxeonq\modules@ovfsthx.dat \systemroot\system32\ovfsthxesbotpwr.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0x48 0x76 0x96 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x23 0x3C 0x3E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0xA0 0xF7 0xB7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq@imagepath \systemroot\system32\drivers\ovfsthxonpiiqfs.sys

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq@inst 0

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@ver icv140409

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@cid 01

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@bid 1422896883-2046195620-2010614916-518472352

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@aid 303350

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@sid 4

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@feed 0x22 0x64 0x78 0x36 ...

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main@cmddelay 28801

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\delete

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\ff

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{2982085F-91B1-497E-917F-F46246DB336F}

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\ff@version 1

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\injector

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\injector@iexplore.exe ovfsthxwi.dll

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\injector@explorer.exe ovfsthxff.dll

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\main\tasks

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules@ovfsthx.sys \systemroot\system32\drivers\ovfsthxonpiiqfs.sys

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules@ovfsthx.dll \systemroot\system32\ovfsthxvoybwgfx.dll

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules@ovfsthxlog.dat \systemroot\system32\ovfsthxpmxhixed.dat

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules@ovfsthxwi.dll \systemroot\system32\ovfsthxivnfnoxx.dll

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules@ovfsthxff.dll \systemroot\system32\ovfsthxippgxmce.dll

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthxxffxeonq\modules@ovfsthx.dat \systemroot\system32\ovfsthxesbotpwr.dat

[coupé] par moi

 

---- Files - GMER 1.0.15 ----

 

File C:\Windows\System32\drivers\ovfsthxonpiiqfs.sys 83456 bytes executable <-- ROOTKIT !!!

File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 360448/294912 bytes

File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 20480/4096 bytes

File C:\Windows\System32\ovfsthxesbotpwr.dat 43 bytes

File C:\Windows\System32\ovfsthxippgxmce.dll 18432 bytes executable

File C:\Windows\System32\ovfsthxivnfnoxx.dll 18432 bytes executable

File C:\Windows\System32\ovfsthxpmxhixed.dat 5377 bytes

File C:\Windows\System32\ovfsthxptjupwek.dat 43 bytes

File C:\Windows\System32\ovfsthxqtxwnusp.dat 492314 bytes

File C:\Windows\System32\ovfsthxvoybwgfx.dll 60928 bytes executable

---- EOF - GMER 1.0.15 ----

[Falkra]

Attends lâche catchme et l'autre antivirus, là ça empêche de désinfecter, en fait.

Je rappelle au passage que les résultats de CF et Catchme sont à interpréter : ne supprime rien tout seul, ça peut être très dangereux pour ton OS.

 

Je regarde les rapports.

[Tharox]

ok ca marche. C'est bitdefender que tu me demande de stopper complètement?

[Falkra]

Ne t'affole pas, la moitié des lignes de Gmer sont légitimes.

On va traiter ça tranquillement, sans prendre de risques.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

• Télécharge le fichier CFscript.txt depuis ce site :
  http://senduit.com/4f4341
   
  
• Place-le sur le bureau, près de l'icône de combofix.
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix (pouet.exe) comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[Tharox]

voici le log:

 

ComboFix 09-04-24.01 - Tharox 24/04/2009 12:02.6 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.990 [GMT 2:00]

Lancé depuis: c:\users\Tharox\Desktop\ffffff.exe

Commutateurs utilisés :: c:\users\Tharox\Desktop\CFscript.txt

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

FW: BitDefender Firewall *enabled*

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\ovfsthxonpiiqfs.sys

c:\windows\system32\ovfsthxesbotpwr.dat

c:\windows\system32\ovfsthxpmxhixed.dat

c:\windows\system32\ovfsthxptjupwek.dat

c:\windows\system32\ovfsthxqtxwnusp.dat

c:\windows\system32\ovfsthxvoybwgfx.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-4-24 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-24 06:56 . 2009-04-24 06:57 4096 ----a-w c:\windows\system32\winglsetup.exe

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\users\Tharox\AppData\Roaming\Malwarebytes

2009-04-23 19:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-23 19:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\programdata\Malwarebytes

2009-04-23 18:16 . 2009-04-23 18:16 -------- d-----w c:\program files\Trend Micro

2009-04-23 11:54 . 2009-04-23 22:13 346465133 ----a-w c:\windows\MEMORY.DMP

2009-04-21 18:44 . 2009-04-21 18:44 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools Pro

2009-04-21 18:43 . 2009-04-21 18:43 -------- d-----w c:\users\All Users\DAEMON Tools Lite

2009-04-21 18:43 . 2009-04-21 18:43 -------- d-----w c:\programdata\DAEMON Tools Lite

2009-04-21 18:40 . 2009-04-21 18:44 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools Lite

2009-04-20 18:59 . 2009-04-20 18:59 -------- d-sh--w c:\windows\ftpcache

2009-04-19 10:58 . 2009-04-19 10:58 -------- d-----w c:\users\Tharox\AppData\Roaming\vlc

2009-04-18 19:14 . 2009-04-18 19:14 -------- d-----w c:\program files\SystemRequirementsLab

2009-04-18 19:14 . 2009-04-18 19:14 -------- d-----w c:\users\Tharox\AppData\Roaming\SystemRequirementsLab

2009-04-15 13:59 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll

2009-04-15 13:59 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-04-15 13:59 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll

2009-04-15 13:59 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll

2009-04-15 13:59 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 13:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 13:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-15 13:58 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-04-15 13:58 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-04-15 13:58 . 2009-03-03 04:39 551424 ------w c:\windows\system32\rpcss.dll

2009-04-15 13:58 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-04-15 13:58 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-04-15 13:58 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-04-15 13:58 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-04-15 13:58 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll

2009-04-15 13:58 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-04-15 13:58 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe

2009-04-12 15:30 . 2009-04-12 15:31 -------- d-----w C:\temp

2009-03-31 09:49 . 2009-04-24 08:21 -------- d-----w c:\users\Tharox\Tracing

2009-03-31 09:47 . 2009-03-31 09:47 -------- d-----w c:\program files\Microsoft

2009-03-31 09:47 . 2009-03-31 09:47 -------- d-----w c:\program files\Windows Live SkyDrive

2009-03-25 12:31 . 2008-10-27 09:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll

2009-03-25 12:31 . 2008-10-27 09:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2009-03-25 12:31 . 2008-10-10 03:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll

2009-03-25 12:31 . 2008-10-10 03:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll

2009-03-25 12:31 . 2008-10-10 03:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll

2009-03-25 12:31 . 2008-10-27 09:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll

2009-03-25 12:31 . 2008-10-27 09:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll

2009-03-25 11:29 . 2009-03-25 11:31 -------- d--h--w c:\windows\msdownld.tmp

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-24 10:06 . 2008-11-19 21:46 232422 ----a-w c:\users\All Users\nvModes.dat

2009-04-24 10:06 . 2008-11-19 21:46 232422 ----a-w c:\programdata\nvModes.dat

2009-04-24 08:59 . 2008-05-05 08:50 151496 ----a-w c:\windows\system32\drivers\systormrfp.pkg

2009-04-24 07:41 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat

2009-04-24 07:41 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat

2009-04-24 07:34 . 2008-06-26 01:12 81984 ----a-w c:\windows\System32\bdod.bin

2009-04-22 05:21 . 2008-07-22 16:39 -------- d-----w c:\users\Tharox\AppData\Roaming\TeraCopy

2009-04-21 20:23 . 2007-12-17 10:40 -------- d-----w c:\programdata\Media Center Programs

2009-04-21 19:11 . 2007-12-18 07:44 -------- d-----w c:\program files\DAEMON Tools Lite

2009-04-21 18:44 . 2007-12-18 07:45 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools

2009-04-21 18:40 . 2007-12-18 07:42 717296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-21 11:21 . 2007-12-17 12:58 -------- d-----w c:\program files\Google

2009-04-20 19:50 . 2007-12-23 17:54 -------- d-----w c:\users\Tharox\AppData\Roaming\uTorrent

2009-04-20 16:59 . 2007-12-16 15:47 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-18 18:46 . 2008-01-22 17:35 -------- d-----w c:\users\Tharox\AppData\Roaming\dvdcss

2009-04-15 15:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-07 16:06 . 2008-08-14 16:54 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys

2009-04-05 17:41 . 2008-09-24 12:18 -------- d---a-w c:\programdata\TEMP

2009-04-03 17:29 . 2007-12-17 06:36 -------- d-----w c:\program files\Java

2009-03-31 09:46 . 2007-12-17 09:52 -------- d-----w c:\program files\Windows Live

2009-03-17 03:38 . 2009-04-15 13:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-09 03:19 . 2008-12-01 09:54 410984 ----a-w c:\windows\System32\deploytk.dll

2009-03-08 11:34 . 2009-03-25 11:30 914944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 . 2009-03-25 11:30 43008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 . 2009-03-25 11:30 18944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 . 2009-03-25 11:30 109056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 . 2009-03-25 11:30 109568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 . 2009-03-25 11:30 132608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 . 2009-03-25 11:30 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-03-25 11:30 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-03-25 11:30 103936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:33 . 2009-03-25 11:30 420352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:32 . 2009-03-25 11:30 72704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 . 2009-03-25 11:30 71680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 . 2009-03-25 11:30 66560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 . 2009-03-25 11:30 169472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 . 2009-03-25 11:30 34816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:31 . 2009-03-25 11:30 48128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 . 2009-03-25 11:30 45568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:22 . 2009-03-25 11:30 156160 ----a-w c:\windows\System32\msls31.dll

2009-03-08 08:57 . 2009-03-08 08:57 -------- d-----w c:\users\Tharox\AppData\Roaming\LiveCAD2

2009-03-08 08:43 . 2009-03-08 08:43 -------- d-----w c:\program files\A9Tech

2009-02-26 15:46 . 2008-03-12 07:42 -------- d-----w c:\program files\Microsoft Silverlight

2009-02-09 03:10 . 2009-03-11 09:46 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2008-12-28 17:45 . 2007-12-16 14:30 81040 ----a-w c:\users\Tharox\AppData\Local\GDIPFONTCACHEV1.DAT

2008-07-26 20:35 . 2007-12-16 17:32 185390 ----a-w c:\users\Tharox\AppData\Roaming\nvModes.dat

2008-05-14 17:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-03-11 07:44 . 2008-03-11 07:38 680 ----a-w c:\users\Tharox\AppData\Local\d3d9caps.dat

2008-01-12 18:46 . 2008-01-12 18:46 22328 ----a-w c:\users\Tharox\AppData\Roaming\PnkBstrK.sys

2009-04-07 16:2008-08-13 17:02 07:05 . c:\program files\mozilla firefox\components\FFComm.dll

2008-01-07 11:22 . 2008-01-07 11:22 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-07 11:22 . 2008-01-07 11:22 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-07 11:22 . 2008-01-07 11:22 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-23_20.37.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-16 14:40 . 2009-04-24 07:37 47322 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2007-12-16 14:40 . 2009-04-23 20:29 47322 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-12-16 14:31 . 2009-04-24 07:37 12358 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2046195620-2010614916-518472352-1000_UserData.bin

+ 2006-11-02 13:02 . 2009-04-24 07:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2006-11-02 13:02 . 2009-04-24 07:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 13:02 . 2009-04-24 07:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 13:05 . 2009-04-24 07:37 102384 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 10:33 . 2009-04-24 07:41 587178 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-04-23 20:32 587178 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-04-24 07:41 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-04-23 20:32 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 12:47 . 2009-04-23 18:32 300200 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:47 . 2009-04-24 07:35 300200 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:43 . 2009-04-24 07:45 262144 c:\windows\System32\config\systemprofile\ntuser.dat

- 2006-11-02 12:43 . 2009-04-23 20:32 262144 c:\windows\System32\config\systemprofile\ntuser.dat

- 2009-03-25 11:38 . 2009-04-15 18:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-03-25 11:38 . 2009-04-24 05:49 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2006-11-02 12:47 . 2009-04-24 10:06 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-23 20:28 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-23 20:28 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-24 10:06 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-06-12 214288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"FightPad"="c:\program files\REVOLTEC\FightPad v1.00\FightPad.exe" [2007-05-09 4767744]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-16 778240]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-07 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-02 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-07-02 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

 

c:\users\Tharox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-12 809488]

Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-3-25 603408]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-16 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2046195620-2010614916-518472352-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F3369DBF-E445-47FD-AF5A-9E47447EC1BE}"= UDP:d:\jeux\Hellgate London\Launcher.exe:Hellgate : London

"{9462AEE1-BF7A-48E3-A421-16E2EFFE63EE}"= TCP:d:\jeux\Hellgate London\Launcher.exe:Hellgate : London

"{D0608197-5484-4687-BAEB-099009134DC9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{A7D97A3C-C7CD-4520-8DF2-0E1FF6006A0A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{4D6BACE1-9205-4E85-BFCA-AA3947ED8FC0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{6ED6B80D-8522-45F3-B697-FDF241E81148}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AD558FB5-F728-4383-9F79-05BCAA633062}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A2218FE5-730F-4396-841F-5265B1491263}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{32E3DEAD-63D4-45DC-9F94-7A28E3E2189A}"= UDP:d:\jeux\GRID\GRID.exe:GRID

"{4989B4C1-FF64-4B2F-BF47-9426F07826BC}"= TCP:d:\jeux\GRID\GRID.exe:GRID

"{EA9ADE11-234D-4880-BBA2-83A4DDC03EA8}"= UDP:c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server

"{E08C2B96-F927-4E2B-8DC9-E161BA684696}"= TCP:c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server

"{6B4C3F88-0CC6-435C-92E3-83D3D2445462}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{9A84843D-74D0-48E1-864B-1F9582971356}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{29C28F65-B112-4A33-BDCA-A761526653CB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{EE912911-13F4-41B8-9833-89860CB8DA64}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{2D9E89FD-C191-4763-8B9C-8031C2506490}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{544504A6-6F96-401A-B4C0-E6F31F36ED49}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{F7522841-F6D7-4412-AEF9-D94354BD8E83}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{82F253C2-0342-48CA-BB58-D0F1A7A0ECEA}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{D9A541C1-AB1C-4F87-92A9-6B747342CE39}"= UDP:d:\jeux\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server

"{8ECF82CC-2E5A-4306-BD82-2C00496303D2}"= TCP:d:\jeux\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server

"{73F7FEF8-4393-4A36-BB35-81F56FDD1F65}"= UDP:d:\jeux\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2

"{A193EB84-2796-4BE3-9740-295DA8926B80}"= TCP:d:\jeux\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2

"{EE0E400E-AEDD-43C7-8BC8-603B4E454C66}"= UDP:d:\steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare

"{BE64A282-6DFD-4CF9-9D83-81EA39902D9D}"= TCP:d:\steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare

"{BB1FF48E-C472-46A1-830B-E6CF24CE5517}"= UDP:d:\steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare

"{D009B8BC-F492-41A5-A5ED-D3AC878FBDB8}"= TCP:d:\steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare

"{2C071F24-FBB2-4FA7-BC70-BC05261C9592}"= UDP:d:\jeux\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar

"{864542EC-DD15-4BDE-B33D-98B2DA73B3C4}"= TCP:d:\jeux\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar

"{934ED5C3-C41A-48B8-8185-8BF6B4F37FA8}"= UDP:d:\jeux\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher

"{6018647E-0FC3-44F0-9808-9835D56EF09E}"= TCP:d:\jeux\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher

"{924A9009-F82A-4306-B599-9EB859A846CB}"= UDP:d:\jeux\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{643C4A0E-2700-4379-9CDE-885D5AAA6C45}"= TCP:d:\jeux\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{D32F741B-9DC2-4347-9052-89ABB0A31C15}"= UDP:d:\jeux\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{82656CBB-16C0-4039-AA43-D535C4D75BC0}"= TCP:d:\jeux\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{950DE77F-3853-41A7-B70C-336B8C4062A1}"= UDP:d:\jeux\COH\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{81C713A8-64F5-487F-A397-83283207138B}"= TCP:d:\jeux\COH\RelicCOH.exe:Company of Heroes - Opposing Fronts

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

R3 systormrfp;REVOLTEC FightPad;c:\windows\system32\DRIVERS\systormrfp.sys [2007-03-19 16896]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]

S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-01-19 82696]

S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 179712]

S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-11-18 111112]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-07 104328]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - sptd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{817813cc-24d9-11dd-ad5d-00188ba1eea7}]

\shell\AutoRun\command - G:\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8620757b-f271-11dc-8338-00188ba1eea7}]

\shell\AutoRun\command - G:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86207585-f271-11dc-8338-00188ba1eea7}]

\shell\AutoRun\command - H:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d75d44c1-abcc-11dc-b320-806e6f6e6963}]

\shell\AutoRun\command - F:\Launch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8736406-2ea3-11de-b0cb-00188ba1eea7}]

\shell\AutoRun\command - E:\Launch.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{F95D2F10-7D67-45A6-8677-F51C6C3CCA01}.job

- c:\windows\system32\msfeedssync.exe [2009-03-25 11:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

FF - ProfilePath - c:\users\Tharox\AppData\Roaming\Mozilla\Firefox\Profiles\n19y3b03.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 12:06

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32\drivers\ovfsthxonpiiqfs.sys 83456 bytes executable

c:\windows\system32\ovfsthxcisvpqow.dll 18432 bytes executable

c:\windows\system32\ovfsthxippgxmce.dll 18432 bytes executable

c:\windows\system32\ovfsthxnsswtiub.dll 18432 bytes executable

c:\windows\system32\ovfsthxpfhykvmf.dll 60928 bytes executable

c:\windows\system32\ovfsthxxnxtcreq.dat 383 bytes

 

Scan terminé avec succès

Fichiers cachés: 6

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxxffxeonq]

"imagepath"="\systemroot\system32\drivers\ovfsthxonpiiqfs.sys"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxxffxeonq]

@DACL=(02 0000)

"start"=dword:00000001

"type"=dword:00000001

"group"="file system"

"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxonpiiqfs.sys"

"inst"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(2140)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2009\vsserv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Dell\QuickSet\quickset.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Dell\QuickSet\NicConfigSvc.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\BitDefender\BitDefender 2009\seccenter.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Heure de fin: 2009-04-24 12:12 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-04-24 10:11

ComboFix2.txt 2009-04-24 08:53

ComboFix3.txt 2009-04-24 07:52

ComboFix4.txt 2009-04-24 05:57

ComboFix5.txt 2009-04-24 10:00

 

Avant-CF: 10 650 472 448 octets libres

Après-CF: 10 606 305 280 octets libres

 

335 --- E O F --- 2009-02-26 11:54

[Falkra]

Très bien ça.

Mais dis donc, tu as djéà utilisé combofix plusieurs fois (ce matin ?), pas étonnant qu'il se passe des choses inhabituelles !

Normalement, tout aurait dû partir d'un coup, je pense que tes manips ont perturbé le processus.

On ne doit jamais utiliser combofix sans supervision... c'est aussi pour ça et pour d'autres raisons.

 

Utilise de la même manière ce 2eme script (CFscript2) :

http://senduit.com/e5d72d

 

Et poste le rapport stp.

 

Ne prends plus d'initiatives, et ne te fais suivre que sur un forum, sinon ça va créer de nouvelles difficultés.

[Tharox]

Oui j'ai tenté de me débrouiller seul. D'habitude en faisant le tour du forum je parviens à m'en sortir.

Je ne voulais pas vous embeter avec mes problèmes, donc j'ai bidouillé. Mais n'arrivant a rien je me suis résolu à m'inscrire et à poster.

Cependant si ca te rassure je n'ai rien creer, rien supprimer avec ces outils. Voila, mais maintenant je me laisse guider. Encore merci!!

 

 

 

 

ComboFix 09-04-24.01 - Tharox 24/04/2009 12:25.7 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1251 [GMT 2:00]

Lancé depuis: c:\users\Tharox\Desktop\ffffff.exe

Commutateurs utilisés :: c:\users\Tharox\Desktop\CFscript2.txt

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

FW: BitDefender Firewall *enabled*

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\ovfsthxonpiiqfs.sys

c:\windows\system32\ovfsthxcisvpqow.dll

c:\windows\system32\ovfsthxippgxmce.dll

c:\windows\system32\ovfsthxnsswtiub.dll

c:\windows\system32\ovfsthxpfhykvmf.dll

c:\windows\system32\ovfsthxxnxtcreq.dat

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-4-24 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\users\Tharox\AppData\Roaming\Malwarebytes

2009-04-23 19:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-23 19:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-23 19:52 . 2009-04-23 19:52 -------- d-----w c:\programdata\Malwarebytes

2009-04-23 18:16 . 2009-04-23 18:16 -------- d-----w c:\program files\Trend Micro

2009-04-23 11:54 . 2009-04-23 22:13 346465133 ----a-w c:\windows\MEMORY.DMP

2009-04-21 18:44 . 2009-04-21 18:44 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools Pro

2009-04-21 18:43 . 2009-04-21 18:43 -------- d-----w c:\users\All Users\DAEMON Tools Lite

2009-04-21 18:43 . 2009-04-21 18:43 -------- d-----w c:\programdata\DAEMON Tools Lite

2009-04-21 18:40 . 2009-04-21 18:44 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools Lite

2009-04-20 18:59 . 2009-04-20 18:59 -------- d-sh--w c:\windows\ftpcache

2009-04-19 10:58 . 2009-04-19 10:58 -------- d-----w c:\users\Tharox\AppData\Roaming\vlc

2009-04-18 19:14 . 2009-04-18 19:14 -------- d-----w c:\program files\SystemRequirementsLab

2009-04-18 19:14 . 2009-04-18 19:14 -------- d-----w c:\users\Tharox\AppData\Roaming\SystemRequirementsLab

2009-04-15 13:59 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll

2009-04-15 13:59 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-04-15 13:59 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll

2009-04-15 13:59 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll

2009-04-15 13:59 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 13:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 13:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-15 13:58 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-04-15 13:58 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-04-15 13:58 . 2009-03-03 04:39 551424 ------w c:\windows\system32\rpcss.dll

2009-04-15 13:58 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-04-15 13:58 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-04-15 13:58 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-04-15 13:58 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-04-15 13:58 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll

2009-04-15 13:58 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-04-15 13:58 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe

2009-04-12 15:30 . 2009-04-12 15:31 -------- d-----w C:\temp

2009-03-31 09:49 . 2009-04-24 08:21 -------- d-----w c:\users\Tharox\Tracing

2009-03-31 09:47 . 2009-03-31 09:47 -------- d-----w c:\program files\Microsoft

2009-03-31 09:47 . 2009-03-31 09:47 -------- d-----w c:\program files\Windows Live SkyDrive

2009-03-25 12:31 . 2008-10-27 09:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll

2009-03-25 12:31 . 2008-10-27 09:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2009-03-25 12:31 . 2008-10-10 03:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll

2009-03-25 12:31 . 2008-10-10 03:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll

2009-03-25 12:31 . 2008-10-10 03:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll

2009-03-25 12:31 . 2008-10-27 09:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll

2009-03-25 12:31 . 2008-10-27 09:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll

2009-03-25 11:29 . 2009-03-25 11:31 -------- d--h--w c:\windows\msdownld.tmp

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-24 10:30 . 2008-11-19 21:46 232422 ----a-w c:\users\All Users\nvModes.dat

2009-04-24 10:30 . 2008-11-19 21:46 232422 ----a-w c:\programdata\nvModes.dat

2009-04-24 10:13 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat

2009-04-24 10:13 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat

2009-04-24 08:59 . 2008-05-05 08:50 151496 ----a-w c:\windows\system32\drivers\systormrfp.pkg

2009-04-24 07:34 . 2008-06-26 01:12 81984 ----a-w c:\windows\System32\bdod.bin

2009-04-24 06:57 . 2009-04-24 06:56 4096 ----a-w c:\windows\System32\winglsetup.exe

2009-04-22 05:21 . 2008-07-22 16:39 -------- d-----w c:\users\Tharox\AppData\Roaming\TeraCopy

2009-04-21 20:23 . 2007-12-17 10:40 -------- d-----w c:\programdata\Media Center Programs

2009-04-21 19:11 . 2007-12-18 07:44 -------- d-----w c:\program files\DAEMON Tools Lite

2009-04-21 18:44 . 2007-12-18 07:45 -------- d-----w c:\users\Tharox\AppData\Roaming\DAEMON Tools

2009-04-21 18:40 . 2007-12-18 07:42 717296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-21 11:21 . 2007-12-17 12:58 -------- d-----w c:\program files\Google

2009-04-20 19:50 . 2007-12-23 17:54 -------- d-----w c:\users\Tharox\AppData\Roaming\uTorrent

2009-04-20 16:59 . 2007-12-16 15:47 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-18 18:46 . 2008-01-22 17:35 -------- d-----w c:\users\Tharox\AppData\Roaming\dvdcss

2009-04-15 15:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-07 16:06 . 2008-08-14 16:54 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys

2009-04-05 17:41 . 2008-09-24 12:18 -------- d---a-w c:\programdata\TEMP

2009-04-03 17:29 . 2007-12-17 06:36 -------- d-----w c:\program files\Java

2009-03-31 09:46 . 2007-12-17 09:52 -------- d-----w c:\program files\Windows Live

2009-03-17 03:38 . 2009-04-15 13:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-09 03:19 . 2008-12-01 09:54 410984 ----a-w c:\windows\System32\deploytk.dll

2009-03-08 11:34 . 2009-03-25 11:30 914944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 . 2009-03-25 11:30 43008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 . 2009-03-25 11:30 18944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 . 2009-03-25 11:30 109056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 . 2009-03-25 11:30 109568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 . 2009-03-25 11:30 132608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 . 2009-03-25 11:30 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-03-25 11:30 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-03-25 11:30 103936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:33 . 2009-03-25 11:30 420352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:32 . 2009-03-25 11:30 72704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 . 2009-03-25 11:30 71680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 . 2009-03-25 11:30 66560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 . 2009-03-25 11:30 169472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 . 2009-03-25 11:30 34816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:31 . 2009-03-25 11:30 48128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 . 2009-03-25 11:30 45568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:22 . 2009-03-25 11:30 156160 ----a-w c:\windows\System32\msls31.dll

2009-03-08 08:57 . 2009-03-08 08:57 -------- d-----w c:\users\Tharox\AppData\Roaming\LiveCAD2

2009-03-08 08:43 . 2009-03-08 08:43 -------- d-----w c:\program files\A9Tech

2009-02-26 15:46 . 2008-03-12 07:42 -------- d-----w c:\program files\Microsoft Silverlight

2009-02-09 03:10 . 2009-03-11 09:46 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2008-12-28 17:45 . 2007-12-16 14:30 81040 ----a-w c:\users\Tharox\AppData\Local\GDIPFONTCACHEV1.DAT

2008-07-26 20:35 . 2007-12-16 17:32 185390 ----a-w c:\users\Tharox\AppData\Roaming\nvModes.dat

2008-05-14 17:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-03-11 07:44 . 2008-03-11 07:38 680 ----a-w c:\users\Tharox\AppData\Local\d3d9caps.dat

2008-01-12 18:46 . 2008-01-12 18:46 22328 ----a-w c:\users\Tharox\AppData\Roaming\PnkBstrK.sys

2009-04-07 16:2008-08-13 17:02 07:05 . c:\program files\mozilla firefox\components\FFComm.dll

2008-01-07 11:22 . 2008-01-07 11:22 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-07 11:22 . 2008-01-07 11:22 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-07 11:22 . 2008-01-07 11:22 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-23_20.37.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-16 14:40 . 2009-04-24 10:08 47588 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-12-16 14:31 . 2009-04-24 10:08 12860 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2046195620-2010614916-518472352-1000_UserData.bin

+ 2006-11-02 13:02 . 2009-04-24 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:02 . 2009-04-24 10:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2006-11-02 13:02 . 2009-04-23 20:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 13:02 . 2009-04-24 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 13:05 . 2009-04-24 10:08 102454 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 10:33 . 2009-04-24 10:13 587178 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-04-23 20:32 587178 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-04-24 10:13 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-04-23 20:32 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 12:47 . 2009-04-23 18:32 300200 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:47 . 2009-04-24 07:35 300200 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:43 . 2009-04-24 07:45 262144 c:\windows\System32\config\systemprofile\ntuser.dat

- 2006-11-02 12:43 . 2009-04-23 20:32 262144 c:\windows\System32\config\systemprofile\ntuser.dat

- 2009-03-25 11:38 . 2009-04-15 18:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-03-25 11:38 . 2009-04-24 05:49 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2006-11-02 12:47 . 2009-04-24 10:30 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-23 20:28 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-23 20:28 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-24 10:30 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-06-12 214288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"FightPad"="c:\program files\REVOLTEC\FightPad v1.00\FightPad.exe" [2007-05-09 4767744]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-16 778240]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-07 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-02 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-07-02 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

 

c:\users\Tharox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-12 809488]

Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-3-25 603408]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-16 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2046195620-2010614916-518472352-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F3369DBF-E445-47FD-AF5A-9E47447EC1BE}"= UDP:d:\jeux\Hellgate London\Launcher.exe:Hellgate : London

"{9462AEE1-BF7A-48E3-A421-16E2EFFE63EE}"= TCP:d:\jeux\Hellgate London\Launcher.exe:Hellgate : London

"{D0608197-5484-4687-BAEB-099009134DC9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{A7D97A3C-C7CD-4520-8DF2-0E1FF6006A0A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{4D6BACE1-9205-4E85-BFCA-AA3947ED8FC0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{6ED6B80D-8522-45F3-B697-FDF241E81148}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AD558FB5-F728-4383-9F79-05BCAA633062}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A2218FE5-730F-4396-841F-5265B1491263}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{32E3DEAD-63D4-45DC-9F94-7A28E3E2189A}"= UDP:d:\jeux\GRID\GRID.exe:GRID

"{4989B4C1-FF64-4B2F-BF47-9426F07826BC}"= TCP:d:\jeux\GRID\GRID.exe:GRID

"{EA9ADE11-234D-4880-BBA2-83A4DDC03EA8}"= UDP:c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server

"{E08C2B96-F927-4E2B-8DC9-E161BA684696}"= TCP:c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server

"{6B4C3F88-0CC6-435C-92E3-83D3D2445462}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{9A84843D-74D0-48E1-864B-1F9582971356}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{29C28F65-B112-4A33-BDCA-A761526653CB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{EE912911-13F4-41B8-9833-89860CB8DA64}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{2D9E89FD-C191-4763-8B9C-8031C2506490}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{544504A6-6F96-401A-B4C0-E6F31F36ED49}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{F7522841-F6D7-4412-AEF9-D94354BD8E83}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{82F253C2-0342-48CA-BB58-D0F1A7A0ECEA}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{D9A541C1-AB1C-4F87-92A9-6B747342CE39}"= UDP:d:\jeux\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server

"{8ECF82CC-2E5A-4306-BD82-2C00496303D2}"= TCP:d:\jeux\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server

"{73F7FEF8-4393-4A36-BB35-81F56FDD1F65}"= UDP:d:\jeux\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2

"{A193EB84-2796-4BE3-9740-295DA8926B80}"= TCP:d:\jeux\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2

"{EE0E400E-AEDD-43C7-8BC8-603B4E454C66}"= UDP:d:\steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare

"{BE64A282-6DFD-4CF9-9D83-81EA39902D9D}"= TCP:d:\steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare

"{BB1FF48E-C472-46A1-830B-E6CF24CE5517}"= UDP:d:\steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare

"{D009B8BC-F492-41A5-A5ED-D3AC878FBDB8}"= TCP:d:\steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare

"{2C071F24-FBB2-4FA7-BC70-BC05261C9592}"= UDP:d:\jeux\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar

"{864542EC-DD15-4BDE-B33D-98B2DA73B3C4}"= TCP:d:\jeux\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar

"{934ED5C3-C41A-48B8-8185-8BF6B4F37FA8}"= UDP:d:\jeux\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher

"{6018647E-0FC3-44F0-9808-9835D56EF09E}"= TCP:d:\jeux\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher

"{924A9009-F82A-4306-B599-9EB859A846CB}"= UDP:d:\jeux\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{643C4A0E-2700-4379-9CDE-885D5AAA6C45}"= TCP:d:\jeux\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{D32F741B-9DC2-4347-9052-89ABB0A31C15}"= UDP:d:\jeux\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{82656CBB-16C0-4039-AA43-D535C4D75BC0}"= TCP:d:\jeux\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{950DE77F-3853-41A7-B70C-336B8C4062A1}"= UDP:d:\jeux\COH\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{81C713A8-64F5-487F-A397-83283207138B}"= TCP:d:\jeux\COH\RelicCOH.exe:Company of Heroes - Opposing Fronts

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

R3 systormrfp;REVOLTEC FightPad;c:\windows\system32\DRIVERS\systormrfp.sys [2007-03-19 16896]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]

S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-01-19 82696]

S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 179712]

S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-11-18 111112]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-07 104328]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - sptd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{817813cc-24d9-11dd-ad5d-00188ba1eea7}]

\shell\AutoRun\command - G:\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8620757b-f271-11dc-8338-00188ba1eea7}]

\shell\AutoRun\command - G:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86207585-f271-11dc-8338-00188ba1eea7}]

\shell\AutoRun\command - H:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d75d44c1-abcc-11dc-b320-806e6f6e6963}]

\shell\AutoRun\command - F:\Launch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8736406-2ea3-11de-b0cb-00188ba1eea7}]

\shell\AutoRun\command - E:\Launch.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{F95D2F10-7D67-45A6-8677-F51C6C3CCA01}.job

- c:\windows\system32\msfeedssync.exe [2009-03-25 11:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

FF - ProfilePath - c:\users\Tharox\AppData\Roaming\Mozilla\Firefox\Profiles\n19y3b03.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 12:30

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxxffxeonq]

"imagepath"="\systemroot\system32\drivers\ovfsthxonpiiqfs.sys"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxxffxeonq]

@DACL=(02 0000)

"start"=dword:00000001

"type"=dword:00000001

"group"="file system"

"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxonpiiqfs.sys"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(1604)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2009\vsserv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Dell\QuickSet\quickset.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Dell\QuickSet\NicConfigSvc.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\BitDefender\BitDefender 2009\seccenter.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Heure de fin: 2009-04-24 12:35 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-04-24 10:35

ComboFix2.txt 2009-04-24 10:12

ComboFix3.txt 2009-04-24 08:53

ComboFix4.txt 2009-04-24 07:52

ComboFix5.txt 2009-04-24 10:24

 

Avant-CF: 10 648 702 976 octets libres

Après-CF: 10 614 226 944 octets libres

 

327 --- E O F --- 2009-02-26 11:54