[Résolu] Infections multiples

Le sioux · le 28 septembre 2009

Re

Autant pour moi, j'ai posté à la hate avant de partir au taff, d'ou je t'écris actuellement pendant ma pause

Il en manque un bout ...

Vérifie via menu Démarrer , Exécuter copie-colle services.msc puis clique sur OK

Et descends jusqu'au service Avira AntiVir Scheduler (AntiVirSchedulerService) soit bien Démarré et que dans Type de démarrage cela soit bien en "Automatique"

@ suivre.

PatOtj · le 28 septembre 2009

Les 2 services correspondant à Avira (Guard et Scheduler) sont bien en l'état "Démarré" et en type "Automatique"

et en plus du centre de sécurité en rouge je reçois périodiquement un "pop-up" d'Avira précisant que ma mise à jour date de + de 1 jour alors que je la mets à jour manuellement chaque jour !

Le sioux · le 28 septembre 2009

Bonjour PatOtj

On va essayer de "creuser" plus profondément :

Télécharge gmer sur ton Bureau et dézippe-le (clic droit et "Extraire ici").
Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
Clique sur l'onglet "rootkit",
A droite, coche "Files" et "Services" puis clique sur scan.
A la fin du scan, clique sur le bouton Copy.
Dans Menu Démarrer/ Tous les programmes / Accessoires : ouvre le bloc-note (WordPad) et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
Copie-colle ce rapport dans ta prochaine réponse.

Merci à Mark

@ suivre.

PatOtj · le 29 septembre 2009

Voilà ! Je n'ai pas eu l'occasion de décocher tout ce qui n'était pas "file" et "services" avant de lancer alors ça a pris un bon moment

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-29 06:42:03

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Babel\LOCALS~1\Temp\awpyqfob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwCreateEvent [0xB4254995]

SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwCreateKey [0xB4252985]

SSDT B86B9944 ZwCreateThread

SSDT B86B9953 ZwDeleteKey

SSDT B86B995D ZwDeleteValueKey

SSDT spgv.sys ZwEnumerateKey [0xB7EC5CA4]

SSDT spgv.sys ZwEnumerateValueKey [0xB7EC6032]

SSDT B86B9962 ZwLoadKey

SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwOpenKey [0xB4252A45]

SSDT B86B9930 ZwOpenProcess

SSDT B86B9935 ZwOpenThread

SSDT spgv.sys ZwQueryKey [0xB7EC610A]

SSDT spgv.sys ZwQueryValueKey [0xB7EC5F8A]

SSDT B86B996C ZwReplaceKey

SSDT B86B9967 ZwRestoreKey

SSDT B86B9958 ZwSetValueKey

SSDT B86B993F ZwTerminateProcess

INT 0x62 ? 8A853BF8

INT 0x63 ? 8A853BF8

INT 0x63 ? 8A669BF8

INT 0x63 ? 8A853BF8

INT 0x82 ? 8A853BF8

INT 0x84 ? 8A669BF8

INT 0x94 ? 8A669BF8

---- Kernel code sections - GMER 1.0.15 ----

? spgv.sys Le fichier spécifié est introuvable. !

.text USBPORT.SYS!DllUnload B6F598AC 5 Bytes JMP 8A6691D8

.text an2q9dft.SYS B6EE4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

.text an2q9dft.SYS B6EE43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text an2q9dft.SYS B6EE43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

.text an2q9dft.SYS B6EE43C9 1 Byte [30]

.text an2q9dft.SYS B6EE43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text ...

? C:\WINDOWS\System32\drivers\4e5fab3d.sys Le fichier spécifié est introuvable.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA8042] spgv.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA813E] spgv.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA80C0] spgv.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA8800] spgv.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA86D6] spgv.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EB7E9C] spgv.sys

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KeGetCurrentIrql] 9E880000

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfRaiseIrql] 00001CA9

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfLowerIrql] 0E798366

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!HalGetInterruptVector] 74AAB000

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!HalTranslateBusAddress] 8186C636

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[WMILIB.SYS!WmiSystemControl] 8800001C

IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 4e5fab3d.sys

Device \FileSystem\Ntfs \Ntfs 8A8521F8

Device \Driver\Tcpip \Device\Ip 4e5fab3d.sys

Device \Driver\sptd \Device\668650070 spgv.sys

Device \Driver\usbuhci \Device\USBPDO-0 8A6681F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7E21F8

Device \Driver\dmio \Device\DmControl\DmConfig 8A7E21F8

Device \Driver\dmio \Device\DmControl\DmPnP 8A7E21F8

Device \Driver\dmio \Device\DmControl\DmInfo 8A7E21F8

Device \Driver\usbuhci \Device\USBPDO-1 8A6681F8

Device \Driver\usbuhci \Device\USBPDO-2 8A6681F8

Device \Driver\usbuhci \Device\USBPDO-3 8A6681F8

Device \Driver\usbehci \Device\USBPDO-4 8A5DE1F8

Device \Driver\Tcpip \Device\Tcp 4e5fab3d.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8541F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8541F8

Device \Driver\Cdrom \Device\CdRom0 8A66C1F8

Device \Driver\Cdrom \Device\CdRom1 8A66C1F8

Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8541F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B2EA5F4E-C4CC-4399-8981-765D0FBFAA9A} 8A52C1F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 8A52C1F8

Device \Driver\NetBT \Device\NetbiosSmb 8A52C1F8

Device \Driver\usbstor \Device\00000086 8A4D11F8

Device \Driver\PCI_PNP6320 \Device\0000004d spgv.sys

Device \Driver\usbstor \Device\00000087 8A4D11F8

Device \Driver\Tcpip \Device\Udp 4e5fab3d.sys

Device \Driver\Tcpip \Device\RawIp 4e5fab3d.sys

Device \Driver\usbuhci \Device\USBFDO-0 8A6681F8

Device \Driver\usbuhci \Device\USBFDO-1 8A6681F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5261F8

Device \Driver\Tcpip \Device\IPMULTICAST 4e5fab3d.sys

Device \Driver\usbuhci \Device\USBFDO-2 8A6681F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5261F8

Device \Driver\usbuhci \Device\USBFDO-3 8A6681F8

Device \Driver\usbehci \Device\USBFDO-4 8A5DE1F8

Device \Driver\Ftdisk \Device\FtControl 8A8541F8

Device \Driver\an2q9dft \Device\Scsi\an2q9dft1Port4Path0Target0Lun0 8A59F408

Device \Driver\an2q9dft \Device\Scsi\an2q9dft1 8A59F408

Device \FileSystem\Cdfs \Cdfs 8A2C3500

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\4e5fab3d.sys (*** hidden *** ) [sYSTEM] 4e5fab3d <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys

Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@Type 1

Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@Start 1

Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@kadfmmqr 1

Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ...

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ...

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@imagepath \systemroot\system32\drivers\rotscxkmotuqpf.sys

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@aid 10001

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@sid 2

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\injector@* rotscxwsp8.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxkmotuqpf.sys

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxcmd.dll \systemroot\system32\rotscxqmobxxrc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxlog.dat \systemroot\system32\rotscxftabuyxm.dat

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxwsp.dll \systemroot\system32\rotscxbnmvtrnv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscx.dat \systemroot\system32\rotscxdjntidqo.dat

Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxwsp8.dll \systemroot\system32\rotscxhxrevsie.dll

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x07 0x84 0x20 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0xAE 0xD5 0x5E ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xD3 0x8F 0xE1 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x91 0x9B 0x16 0x5A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@kadfmmqr 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6

Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys

Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@Type 1

Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@Start 1

Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@ErrorControl 1

Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@kadfmmqr 1

Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6

Reg HKLM\SYSTEM\controlset004\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll

Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8

Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ...

Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ...

Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ...

Reg HKLM\SYSTEM\controlset004\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll

---- EOF - GMER 1.0.15 ----

Le sioux · le 29 septembre 2009

Bonjour

gmer nous montre qu'il reste encore des "copains" du Rootkit.Rustock que MalwareBytes Antimalware avait débusqué ici .

J'hésite entre deux façons "d'attaquer la bête", j'ai demandé conseils, j'attends une réponse.

@ très bientôt.

PatOtj · le 29 septembre 2009

OK pas de soucis, il n'y a pas le feu ! Le PC tourne bien et ces "copains" ne m'empêchent pas de dormir pour le moment

Le sioux · le 29 septembre 2009

Bonsoir PatOtj

On attaque :

Télécharge Combofix depuis l'un des liens ci-dessous:

/!\ Lors du téléchargement, renomme le en bibitte.exe sinon, il risque d’être inutilisable. /!\

Regarde ici comment faire http://forum.pcastuces.com/combofix___reno...ment-f31s22.htm

Lien 1

Lien 2

* IMPORTANT !!! Enregistrez ComboFix.exe sur ton Bureau

Désactive tes applications antivirus et anti-spyware, en général via un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec nos outils.
(aide si besoin : http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm Merci Morgane )
Fais un double clic sur combofix.exe & suis les invites.
Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t’aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.

Ne néglige pas cette étape : dans notre le cas, cela permettra de remplacer via ComboFix les éventuels fichiers patchés.
Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela te sera demandé demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu devrais voir le message suivant:

Clique sur Oui/Yes, pour poursuivre avec la recherche de nuisibles.

Lorsque l'outil aura terminé, il affichera un rapport.

/!\ Ré-active la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\

--> Copie le contenu de ce rapport dans ta prochaine réponse ainsi qu'un nouveau rapport RSIT.

Note : Le rapport de ComboFix est aussi sauvegardé ici C:\ComboFix.txt

@ suivre.

PatOtj · le 29 septembre 2009

ComboFix 09-09-28.01 - Babel 29/09/2009 23:26.1.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1537 [GMT 2:00]

Lancé depuis: c:\documents and settings\Babel\Bureau\bibitte.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Babel\Application Data\Microsoft\Clip Organizer\mstore10.mgc

c:\documents and settings\Babel\Application Data\Microsoft\Clip Organizer\Offic10.MGC

c:\windows\system32\drivers\4e5fab3d.sys

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_4e5fab3d

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-29 ))))))))))))))))))))))))))))))))))))

.

2009-09-23 21:38 . 2009-09-23 21:38 -------- d-----w- C:\_OTM

2009-09-21 21:38 . 2009-09-21 21:38 -------- d-----w- c:\program files\Garmin

2009-09-19 11:22 . 2009-09-19 11:22 -------- d-----w- c:\program files\CCleaner

2009-09-19 11:07 . 2009-09-19 11:07 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-12 12:55 . 2009-06-16 16:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys

2009-09-12 12:55 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll

2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\program files\NVIDIA Corporation

2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2009-09-12 12:06 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys

2009-09-12 12:06 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys

2009-09-12 12:06 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll

2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\program files\ma-config.com

2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2009-09-10 00:54 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-07 15:48 . 2009-09-07 15:48 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2009-09-07 04:43 . 2009-09-07 04:43 -------- d-----w- C:\spoolerlogs

2009-09-06 19:15 . 2009-09-06 19:15 -------- d-----r- c:\documents and settings\LocalService\Favoris

2009-09-06 19:15 . 2009-09-06 19:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-06 19:03 . 2009-09-06 19:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-09-06 18:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-06 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-06 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-06 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\program files\Avira

2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-06 18:42 . 2009-09-06 18:42 -------- d-----w- c:\documents and settings\Babel\Application Data\Malwarebytes

2009-09-06 18:41 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-06 18:41 . 2009-09-18 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-06 18:41 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-06 17:19 . 2009-09-06 17:19 -------- d-sh--w- c:\documents and settings\Babel\IECompatCache

2009-09-06 17:18 . 2009-09-06 17:18 -------- d-sh--w- c:\documents and settings\Babel\PrivacIE

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 08:00 . 2008-12-20 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-27 07:57 . 2002-08-30 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat

2009-09-27 07:57 . 2002-08-30 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat

2009-09-27 07:56 . 2008-04-03 09:09 -------- d-----w- c:\program files\SWAT 4

2009-09-19 20:33 . 2008-05-27 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-09-19 11:19 . 2008-01-16 22:40 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-19 11:15 . 2008-05-29 17:36 -------- d-----w- c:\program files\Lavasoft

2009-09-19 11:06 . 2008-05-31 08:59 -------- d-----w- c:\program files\Java

2009-09-19 08:36 . 2008-08-28 10:23 -------- d-----w- c:\program files\TOPCOM

2009-09-13 21:28 . 2008-08-29 09:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Skype

2009-09-12 12:19 . 2004-08-19 14:10 14336 ----a-w- c:\windows\system32\svchost.exe

2009-09-12 12:18 . 2008-05-29 17:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-09-12 12:18 . 2008-10-31 17:48 -------- d-----w- c:\program files\AGEIA Technologies

2009-09-10 17:41 . 2009-04-12 16:32 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-30 06:22 . 2009-08-30 06:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland

2009-08-30 06:21 . 2009-08-30 06:21 -------- d-----w- c:\program files\Softland

2009-08-18 19:13 . 2009-08-18 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2009-08-18 19:13 . 2008-08-22 09:01 -------- d-----w- c:\program files\CDBurnerXP

2009-08-18 19:08 . 2008-01-16 22:05 69632 ----a-w- c:\documents and settings\Babel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll

2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll

2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin

2009-08-16 22:57 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-16 22:57 . 2008-10-07 12:33 868352 ----a-w- c:\windows\system32\nvapi.dll

2009-08-16 22:57 . 2008-10-07 12:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll

2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcodins.dll

2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcod.dll

2009-08-16 22:57 . 2008-10-07 12:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll

2009-08-16 22:57 . 2007-09-16 17:07 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-08-16 22:57 . 2007-09-16 17:07 5845760 ----a-w- c:\windows\system32\nv4_disp.dll

2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\program files\Fichiers communs\SWF Studio

2009-08-12 10:50 . 2009-08-30 06:21 21192 ----a-w- c:\windows\system32\dopdfmn6.dll

2009-08-12 10:50 . 2009-08-30 06:21 18632 ----a-w- c:\windows\system32\dopdfmi6.dll

2009-08-11 17:57 . 2009-03-22 08:07 -------- d-----w- c:\program files\TomTom HOME

2009-08-11 17:52 . 2008-04-20 14:27 -------- d-----w- c:\program files\American Conquest - Fight Back

2009-08-11 17:51 . 2008-04-20 13:59 -------- d-----w- c:\program files\American Conquest

2009-08-11 10:35 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-05 09:00 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 21:13 . 2009-08-04 21:13 -------- d-----w- c:\program files\The KMPlayer FR

2009-08-04 21:05 . 2009-08-04 21:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Media Player Classic

2009-08-04 21:05 . 2009-08-04 21:04 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll

2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe

2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe

2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll

2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll

2009-07-25 13:54 . 2009-07-25 13:50 24 --sh--w- c:\windows\S96DCFBA0.tmp

2009-07-17 19:03 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-08-19 14:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 16:57 . 2004-08-19 14:09 915456 ----a-w- c:\windows\system32\wininet.dll

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-06-11 . 3F89432724DC5D72689E16F3354BCCFC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

c:\windows\system32\drivers\beep.sys ... manque !!

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk]

path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk

backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk]

path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk

backup=c:\windows\pss\PrintKey 2000 Fr.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=

"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\GUILD WARS\\Gw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8587:TCP"= 8587:TCP:BitComet 8587 TCP

"8587:UDP"= 8587:UDP:BitComet 8587 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/04/2009 08:30 64160]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [17/01/2008 00:38 22168]

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26/10/2008 17:03 2915944]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/09/2009 20:59 108289]

S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]

S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [16/07/2009 12:35 515803]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder Audio Edition\SysInfo.sys --> c:\program files\MediaCoder Audio Edition\SysInfo.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960]

S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [16/07/2009 12:35 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

------- Examen supplémentaire -------

.

Trusted Zone: com.tw\www.msi

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.mediapluspro.com/mediaplus66/download/packages/_Installer/packageinstaller.ocx

FF - ProfilePath - c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)

AddRemove-BitComet - c:\program files\BitComet\uninst.exe

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-29 23:31

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f4,eb,20,be,17,58,fc,a9,f6,4a,94,0c,6c,ed,f0,10,81,68,65,64,6f,c0,38,

65,e0,64,4b,8b,7b,d4,1a,f1,0d,ac,a9,df,3a,52,32,a4,ae,b0,2f,c5,01,29,b3,44,\

"??"=hex:81,d7,06,db,64,1d,a3,ec,b3,e8,5a,c2,80,d2,e7,76

[HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\License information*]

"datasecu"=hex:97,e8,20,42,c5,72,df,d8,5b,4f,89,98,18,e2,df,32,69,8d,09,77,9a,

fd,b9,91,d7,1e,c8,19,fb,9f,d9,c2,1c,7e,ee,ac,cc,6f,be,e8,9c,53,e8,85,dd,96,\

"rkeysecu"=hex:10,ba,3d,de,73,7c,79,e7,59,00,84,3a,45,d0,97,bb

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(924)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\rundll32.exe

c:\program files\Lexmark 1200 Series\lxczbmon.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2009-09-29 23:36 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-09-29 21:35

Avant-CF: 62 513 254 400 octets libres

Après-CF: 62 481 145 856 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

270 --- E O F --- 2009-09-10 05:35

et voici le rapport suivant :

Logfile of random's system information tool 1.06 (written by random/random)

Run by Babel at 2009-09-29 23:43:38

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 60 GB (38%) free of 156 GB

Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:43:43, on 29/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir Desktop\update.exe

C:\Documents and Settings\Babel\Bureau\RSIT.exe

D:\Download\HiJackThis\Babel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [java_sun] Java (Sun)

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 6260 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]

C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]

C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]

C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk]

C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"HonorAutoRunSetting"=1

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"

"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"

"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-09-29 23:43:38 ----D---- C:\rsit

2009-09-29 23:36:01 ----A---- C:\ComboFix.txt

2009-09-29 23:29:01 ----D---- C:\WINDOWS\temp

2009-09-29 23:23:23 ----A---- C:\Boot.bak

2009-09-29 23:23:15 ----RASHD---- C:\cmdcons

2009-09-29 23:22:28 ----A---- C:\WINDOWS\zip.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWSC.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWREG.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\sed.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\PEV.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\NIRCMD.exe

2009-09-29 23:22:28 ----A---- C:\WINDOWS\grep.exe

2009-09-29 23:22:23 ----D---- C:\WINDOWS\ERDNT

2009-09-29 23:21:49 ----D---- C:\Qoobox

2009-09-25 18:35:43 ----RAD---- C:\autorun.inf

2009-09-23 23:38:29 ----D---- C:\_OTM

2009-09-23 00:21:41 ----A---- C:\TCleaner.txt

2009-09-21 23:38:26 ----D---- C:\Program Files\Garmin

2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll

2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation

2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll

2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com

2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-09-07 06:43:17 ----D---- C:\spoolerlogs

2009-09-06 20:59:54 ----D---- C:\Program Files\Avira

2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes

2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll

2009-08-30 08:21:20 ----D---- C:\Program Files\Softland

======List of files/folders modified in the last 1 months======

2009-09-29 23:41:16 ----D---- C:\Program Files\Mozilla Firefox

2009-09-29 23:36:04 ----D---- C:\WINDOWS\system32\drivers

2009-09-29 23:36:04 ----D---- C:\WINDOWS\system32

2009-09-29 23:35:28 ----SD---- C:\WINDOWS\Tasks

2009-09-29 23:31:56 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-29 23:31:51 ----D---- C:\WINDOWS

2009-09-29 23:31:51 ----A---- C:\WINDOWS\system.ini

2009-09-29 23:29:15 ----D---- C:\WINDOWS\system32\config

2009-09-29 23:27:59 ----D---- C:\WINDOWS\AppPatch

2009-09-29 23:27:56 ----D---- C:\Program Files\Fichiers communs

2009-09-29 23:23:23 ----RASH---- C:\boot.ini

2009-09-29 23:22:38 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-29 23:22:25 ----D---- C:\WINDOWS\Prefetch

2009-09-27 15:31:41 ----HD---- C:\WINDOWS\inf

2009-09-27 15:02:00 ----SHD---- C:\WINDOWS\Installer

2009-09-27 15:02:00 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-27 15:01:57 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-09-27 15:01:30 ----D---- C:\WINDOWS\system32\CatRoot

2009-09-27 10:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-09-27 10:00:39 ----RSD---- C:\WINDOWS\assembly

2009-09-27 09:58:01 ----RD---- C:\Program Files

2009-09-27 09:57:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-09-27 09:57:27 ----D---- C:\WINDOWS\system32\inetsrv

2009-09-27 09:56:17 ----D---- C:\Program Files\SWAT 4

2009-09-27 09:48:05 ----A---- C:\WINDOWS\win.ini

2009-09-27 09:48:04 ----D---- C:\WINDOWS\pss

2009-09-26 12:46:08 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-21 23:38:32 ----D---- C:\Garmin

2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information

2009-09-19 13:16:07 ----D---- C:\Warhammer Online - Age of Reckoning

2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft

2009-09-19 13:06:59 ----D---- C:\Program Files\Java

2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM

2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair

2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump

2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype

2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-09-12 14:19:17 ----N---- C:\WINDOWS\system32\svchost.exe

2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help

2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies

2009-09-12 14:16:38 ----D---- C:\NVIDIA

2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight

2009-09-10 07:33:47 ----A---- C:\WINDOWS\imsins.BAK

2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$

2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS

2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888]

R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 catchme;catchme; \??\C:\bibitte\catchme.sys []

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]

S3 a7812lml;a7812lml; C:\WINDOWS\system32\drivers\a7812lml.sys []

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Le sioux · le 30 septembre 2009

Bonjour PatOtj

Bien joué.

Edit : Commence par regarder tes MP stp, merci.

On continue :

ComboFix avec CFScript :

/!\ Note: Le code ci-dessous a été intentionnellement rédigé pour CET utilisateur.

si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système./!\

Sélectionne le texte suivant (en citation) dans son intégralité :

driver::
a7812lml

SRpeek::

C:\windows\system32\drivers\beep.sys

file::

C:\windows\S96DCFBA0.tmp

C:\WINDOWS\system32\drivers\a7812lml.sys

Copie le texte sélectionné (CTRL+C).
Ouvre le Bloc-notes(Démarrer / Tous les Programmes>Accessoires >bloc-notes).
Colle le texte copié dans ce Bloc-notes (CTRL+V).
Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript.txt

/!\Déconnecte toi du net et désactive ton antivirus pour que ComboFix puisse s'exécuter normalement /!\

(Aide si besoin : http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm Merci Morgane )

Fais un Glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix (sur ton Bureau) comme ici :

Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu (si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt ) , ainsi qu’un nouveau rapport HijackThis.

/!\Ré-active la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

@ suivre

/ !\ Avis aux lecteurs : Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil. Ne pas utiliser en dehors de ce cas de figure : dangereux! / !\

Modifié le 30 septembre 2009 par Le sioux

PatOtj · le 30 septembre 2009

MP lu et suivi

ComboFix 09-09-28.01 - Babel 30/09/2009 18:26.2.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1531 [GMT 2:00]

Lancé depuis: c:\documents and settings\Babel\Bureau\bibitte.exe

Commutateurs utilisés :: c:\documents and settings\Babel\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Un nouveau point de restauration a été créé

FILE ::

"c:\windows\S96DCFBA0.tmp"

"c:\windows\system32\drivers\a7812lml.sys"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\S96DCFBA0.tmp . . . . impossible à supprimer

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 ))))))))))))))))))))))))))))))))))))

.

2009-09-30 16:23 . 2009-09-30 16:22 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-09-30 16:23 . 2009-09-30 16:22 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-09-29 21:43 . 2009-09-29 21:43 -------- d-----w- C:\rsit