Analyse HijackThis suite à une infection importante [Résolu]

Ewee · le 11 novembre 2009

Voilà les deux rapports:

- Combofix:

ComboFix 09-11-09.02 - Administrateur 11/11/2009 18:33.6.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2702 [GMT 1:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"C:\imt8.cmd"

"c:\windows\tasks\At1.job"

"c:\windows\tasks\At10.job"

"c:\windows\tasks\At11.job"

"c:\windows\tasks\At12.job"

"c:\windows\tasks\At13.job"

"c:\windows\tasks\At14.job"

"c:\windows\tasks\At15.job"

"c:\windows\tasks\At16.job"

"c:\windows\tasks\At17.job"

"c:\windows\tasks\At18.job"

"c:\windows\tasks\At19.job"

"c:\windows\tasks\At2.job"

"c:\windows\tasks\At20.job"

"c:\windows\tasks\At21.job"

"c:\windows\tasks\At22.job"

"c:\windows\tasks\At23.job"

"c:\windows\tasks\At24.job"

"c:\windows\tasks\At3.job"

"c:\windows\tasks\At4.job"

"c:\windows\tasks\At5.job"

"c:\windows\tasks\At6.job"

"c:\windows\tasks\At7.job"

"c:\windows\tasks\At8.job"

"c:\windows\tasks\At9.job"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\tasks\At1.job

c:\windows\tasks\At10.job

c:\windows\tasks\At11.job

c:\windows\tasks\At12.job

c:\windows\tasks\At13.job

c:\windows\tasks\At14.job

c:\windows\tasks\At15.job

c:\windows\tasks\At16.job

c:\windows\tasks\At17.job

c:\windows\tasks\At18.job

c:\windows\tasks\At19.job

c:\windows\tasks\At2.job

c:\windows\tasks\At20.job

c:\windows\tasks\At21.job

c:\windows\tasks\At22.job

c:\windows\tasks\At23.job

c:\windows\tasks\At24.job

c:\windows\tasks\At3.job

c:\windows\tasks\At4.job

c:\windows\tasks\At5.job

c:\windows\tasks\At6.job

c:\windows\tasks\At7.job

c:\windows\tasks\At8.job

c:\windows\tasks\At9.job

c:\windows\explorer.exe . . . est infecté!!

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 ))))))))))))))))))))))))))))))))))))

.

2009-11-11 11:46 . 2009-11-11 17:36 555040 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-11-11 11:05 . 2009-11-11 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2009-11-11 11:04 . 2009-11-11 11:04 -------- d-----r- c:\documents and settings\NetworkService\Favoris

2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier

2009-11-11 10:57 . 2008-07-09 08:05 42384 ----a-w- c:\windows\zllsputility_loc040c.dll

2009-11-11 10:57 . 2008-07-09 08:05 21904 ----a-w- c:\windows\system32\imsinstall_loc040c.dll

2009-11-11 10:57 . 2008-07-09 08:05 17808 ----a-w- c:\windows\system32\imslsp_install_loc040c.dll

2009-11-11 10:57 . 2008-07-09 08:05 75248 ----a-w- c:\windows\zllsputility.exe

2009-11-11 10:57 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll

2009-11-11 10:57 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll

2009-11-11 10:36 . 2009-11-11 11:00 4212 ---h--w- c:\windows\system32\zllictbl.dat

2009-11-11 10:36 . 2009-11-11 10:36 -------- d-----w- c:\program files\Zone Labs

2009-11-11 10:35 . 2009-11-11 11:46 -------- d-----w- c:\windows\system32\Zonelabs

2009-11-11 10:33 . 2009-11-11 10:33 -------- d-----w- C:\_OTM

2009-11-11 09:53 . 2009-11-11 09:55 -------- d-----w- C:\FR-files

2009-11-11 09:49 . 2009-11-11 09:54 -------- d-----w- C:\WinFileReplace

2009-11-10 22:49 . 2008-07-09 08:05 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll

2009-11-10 22:49 . 2008-07-09 08:05 83432 ----a-w- c:\windows\system32\zlcomm.dll

2009-11-10 22:49 . 2008-07-09 08:05 71144 ----a-w- c:\windows\system32\zlcommdb.dll

2009-11-10 18:20 . 2009-11-10 18:20 -------- d-----w- c:\windows\Nouveau dossier

2009-11-10 12:50 . 2009-11-11 11:57 -------- d-----w- c:\program files\trend micro

2009-11-10 12:50 . 2009-11-10 12:52 -------- d-----w- C:\rsit

2009-11-10 11:34 . 2009-11-10 11:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2009-11-10 11:32 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-10 11:32 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-10 11:32 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\program files\Avira

2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-11-09 23:03 . 2009-11-10 12:20 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-09 21:54 . 2009-11-09 21:54 691712 ----a-w- c:\windows\is-RQG47.exe

2009-11-09 21:47 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-11-09 21:46 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-11-09 21:46 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-11-09 21:46 . 2009-11-09 21:47 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2009-11-09 21:46 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PC Tools

2009-11-09 21:12 . 2009-11-09 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-11-09 21:07 . 2009-03-31 18:20 1221512 ----a-w- c:\windows\system32\zpeng25.dll

2009-11-09 21:03 . 2009-11-11 17:32 -------- d-----w- c:\windows\Internet Logs

2009-11-09 19:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-09 19:46 . 2009-11-09 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-09 19:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-09 19:46 . 2009-11-10 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-09 17:55 . 2009-11-09 17:55 -------- d-----w- c:\program files\Alwil Software

2009-11-09 16:58 . 2009-11-09 16:58 -------- d-----w- c:\program files\Enigma Software Group

2009-11-08 22:27 . 2009-11-08 22:27 442 ---ha-w- C:\aaw7boot.cmd

2009-11-08 22:03 . 2009-11-11 10:31 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-11-08 21:02 . 2009-11-08 21:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Lavasoft

2009-11-08 20:58 . 2009-11-08 20:58 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-08 20:57 . 2009-11-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-08 20:45 . 2009-11-09 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-08 20:21 . 2009-11-08 20:21 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----r- c:\documents and settings\LocalService\Favoris

2009-11-08 20:11 . 2009-11-08 20:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-11-08 20:10 . 2009-11-08 20:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-11-08 19:53 . 2009-11-08 19:53 -------- d-----w- c:\windows\system32\LogFiles

2009-11-08 19:40 . 2009-11-08 19:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Broad Intelligence

2009-11-08 19:16 . 2009-11-08 19:50 -------- d-----w- c:\program files\Total Video Converter

2009-11-06 16:58 . 2009-11-06 16:58 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-02 17:40 . 2009-11-02 17:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp

2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iPod

2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iTunes

2009-10-30 11:47 . 2009-10-30 11:47 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-29 22:28 . 2009-10-30 10:45 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\CutePDF Writer

2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\GPLGS

2009-10-29 22:18 . 2007-07-12 21:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\Acro Software

2009-10-29 07:35 . 2009-10-29 07:35 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe

2009-10-27 20:44 . 2009-10-30 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever

2009-10-27 20:42 . 2009-10-27 20:43 -------- d-----w- c:\program files\TmNationsForever

2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Talkback

2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Thunderbird

2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Thunderbird

2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AVS4YOU

2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\Fichiers communs\AVSMedia

2009-10-18 17:26 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll

2009-10-18 17:26 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll

2009-10-18 17:26 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll

2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\AVS4YOU

2009-10-18 17:26 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2009-10-18 17:26 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll

2009-10-18 17:18 . 2009-10-18 17:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FreeVideoConverter

2009-10-18 10:47 . 2009-10-18 10:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GetRight

2009-10-16 15:33 . 2009-10-16 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Pro

2009-10-15 15:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll

2009-10-15 15:38 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-10-15 15:38 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2009-10-15 15:38 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-15 15:38 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-10-15 15:38 . 2009-10-15 15:38 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-10-15 15:29 . 2009-11-11 12:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc

2009-10-15 15:28 . 2009-10-15 15:28 -------- d-----w- c:\program files\VideoLAN

2009-10-15 14:52 . 2009-10-15 14:52 -------- d-----w- c:\program files\Guitar Pro 5

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-11 15:03 . 2009-08-01 08:48 16608 ----a-w- c:\windows\gdrv.sys

2009-11-11 15:01 . 2009-11-11 11:46 6524 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-11-11 13:42 . 2009-08-18 16:16 -------- d-----w- c:\program files\Free Video Converter

2009-11-11 11:55 . 2009-09-21 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-11 10:35 . 2009-11-11 10:35 75349 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_42_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 75249 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_30_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 75209 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_38_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 52401 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_27_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 75119 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_24_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 74862 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_19_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 74752 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_09_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 73519 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_15_small.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 14903105 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_59_full.dmp.zip

2009-11-11 10:35 . 2009-11-11 10:35 75145 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_56_small.dmp.zip

2009-11-10 12:23 . 2009-07-31 17:12 -------- d-----w- c:\program files\TaskSwitchXP

2009-11-08 21:02 . 2009-07-31 17:11 -------- d-----w- c:\program files\Ad-Aware

2009-11-08 20:41 . 2009-08-09 15:03 95056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-08 20:41 . 2009-11-08 20:41 -------- d-----w- c:\program files\microsoft frontpage

2009-11-08 16:11 . 2009-08-09 15:03 -------- d-----w- c:\program files\Messenger Plus! Live

2009-11-07 13:42 . 2009-08-09 18:29 -------- d-----w- c:\program files\BitComet

2009-11-06 16:58 . 2009-10-02 14:03 -------- d-----w- c:\program files\Java

2009-11-06 16:39 . 2009-08-11 08:56 -------- d-----w- c:\program files\Steam

2009-11-06 15:13 . 2009-09-23 18:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss

2009-11-01 16:19 . 2009-10-04 11:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Bioshock

2009-10-31 00:06 . 2009-09-23 17:44 921512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-30 11:49 . 2009-08-15 15:11 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-10-29 15:14 . 2009-08-09 16:05 -------- d-----w- c:\program files\Warcraft III

2009-10-25 12:27 . 2008-05-02 22:57 83948 ----a-w- c:\windows\system32\perfc00C.dat

2009-10-25 12:27 . 2008-05-02 22:57 510632 ----a-w- c:\windows\system32\perfh00C.dat

2009-10-23 20:27 . 2009-07-31 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-10-17 14:41 . 2009-08-24 13:38 -------- d-----w- c:\program files\abgx360

2009-10-11 21:29 . 2009-10-11 21:29 -------- d-----w- c:\program files\APCS4F

2009-10-11 03:17 . 2009-10-03 10:16 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-04 11:18 . 2009-10-04 11:18 108144 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-10-04 11:11 . 2009-08-01 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-03 10:16 . 2009-10-03 10:16 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-10-02 18:00 . 2009-10-02 18:00 -------- d-----w- c:\program files\Microsoft

2009-10-02 14:09 . 2009-10-02 14:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Graphisoft

2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBUKEY

2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBU-SYSTEMS

2009-10-02 14:04 . 2009-10-02 14:04 -------- d-----w- c:\program files\Graphisoft

2009-10-02 14:03 . 2009-10-02 14:03 -------- d-----w- c:\program files\Fichiers communs\Java

2009-09-28 20:30 . 2009-09-28 20:29 -------- d-----w- c:\program files\Google

2009-09-26 12:44 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Autodesk

2009-09-26 12:05 . 2009-09-26 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\EPSON

2009-09-26 12:02 . 2009-08-24 13:00 -------- d-----w- c:\program files\EPSON

2009-09-24 10:44 . 2009-09-24 09:13 -------- d-----w- c:\program files\FairUse Wizard 2

2009-09-24 09:05 . 2009-09-24 09:05 -------- d-----w- c:\program files\IVCsoft

2009-09-24 08:54 . 2009-09-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2009-09-24 08:53 . 2009-09-24 08:53 -------- d-----w- c:\program files\DVD Shrink

2009-09-23 19:05 . 2009-09-23 19:05 -------- d-----w- c:\program files\VirtualDubMOD

2009-09-23 18:52 . 2009-09-23 18:52 -------- d-----w- c:\program files\Xilisoft

2009-09-23 18:12 . 2009-09-23 18:12 36864 ----a-w- c:\documents and settings\Administrateur\Application Data\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll

2009-09-23 18:01 . 2009-09-23 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared

2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\AutoCAD 2010

2009-09-23 17:48 . 2009-09-23 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared

2009-09-23 17:47 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk

2009-09-23 17:44 . 2009-09-23 17:44 -------- d-----w- c:\program files\Reference Assemblies

2009-09-23 08:53 . 2009-08-15 15:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer

2009-09-23 08:52 . 2009-09-23 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-23 08:52 . 2009-09-23 08:51 -------- d-----w- c:\program files\QuickTime

2009-09-23 08:51 . 2009-08-15 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\AviSynth 2.5

2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\eRightSoft

2009-09-21 21:03 . 2009-09-21 21:02 -------- d-----w- c:\program files\MediaCoder

2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\STOIK

2009-09-16 14:57 . 2009-07-31 17:11 -------- d-----w- c:\program files\Cpu-z

2009-08-28 17:42 . 2009-08-15 15:11 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-28 17:42 . 2009-08-15 15:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-21 23:50 . 2009-08-21 23:50 1924440 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-08-21 00:06 . 2009-08-21 00:06 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat

2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe

2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys

2006-05-03 09:06 . 2009-09-22 19:58 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 . 2009-09-22 19:58 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 . 2009-09-22 19:58 216064 --sh--r- c:\windows\system32\nbDX.dll

.

------- Sigcheck -------

[-] 2008-05-02 . B274CD31CE272AE79CFDB34D19D6B33F . 2013696 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\drivers\beep.sys ... manque !!

c:\windows\system32\regsvc.dll ... manque !!

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2009-11-11 37390]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"DNS7reminder"="c:\program files\Drangon Speaking\Ereg\Ereg.exe" [2007-03-19 259624]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-05-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Electronic Arts\\L'Ave`nement du Roi-sorcier\\game.dat"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24895:TCP"= 24895:TCP:BitComet 24895 TCP

"24895:UDP"= 24895:UDP:BitComet 24895 UDP

"60002:TCP"= 60002:TCP:BitComet 60002 TCP

"60002:UDP"= 60002:UDP:BitComet 60002 UDP

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [02/05/2008 23:57 76208]

R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [02/05/2008 23:57 210224]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2009 12:32 108289]

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [01/08/2009 09:49 80392]

S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [20/08/2007 10:42 1282048]

S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 21:29 133104]

S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [02/10/2009 15:07 16384]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Contenu du dossier 'Tâches planifiées'

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29]

.

------- Examen supplémentaire -------

.

uStart Page = www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

.

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ITBar7Layout - (no file)

Toolbar-ITBar7Position - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-11 18:36

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcg.sys >>UNKNOWN [0x8A8F9938]<<

kernel: MBR read successfully

user & kernel MBR OK

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFAB40 atapi.sys

\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFAB40 atapi.sys

\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFAB40 atapi.sys

\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFAB40 atapi.sys

\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFAB40 atapi.sys

\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFAB40 atapi.sys

\Driver\atapi IRP hooks detected !

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\

[HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\

[HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:06,69,b0,20,2a,9c,a4,37,de,39,5c,c9,3b,3d,dc,99,c9,02,c2,fe,90,3e,2f,

54,5e,c2,b4,ca,72,ac,9d,d5,b3,ce,16,11,9c,23,cc,be,af,ad,bd,9f,b7,40,6b,f4,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\License information*]

"datasecu"=hex:a9,1c,2f,c5,f0,44,3f,2e,47,3a,df,c0,56,83,05,ce,8e,2d,77,dd,d6,

8b,d0,ae,72,ba,85,d9,39,9b,20,32,07,ac,50,df,ce,37,cc,f3,15,f0,bb,4b,c4,49,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1172)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1228)

c:\windows\system32\SETUPAPI.dll

.

Heure de fin: 2009-11-11 18:38

ComboFix-quarantined-files.txt 2009-11-11 17:38

ComboFix2.txt 2009-11-11 15:07

ComboFix3.txt 2009-11-09 17:39

Avant-CF: 112 142 823 424 octets libres

Après-CF: 112 121 806 848 octets libres

- - End Of File - - 576CF4B4942747EC6966268E2A7AB2CE

- RSIT:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrateur at 2009-11-11 18:39:04

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 107 GB (59%) free of 180 GB

Total RAM: 3326 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:39:48, on 11/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab

O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe

--

End of file - 8153 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080]

"57xxSteelVine"=C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe [2009-11-11 37390]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]

"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

"DNS7reminder"=C:\Program Files\Drangon Speaking\Ereg\Ereg.exe [2007-03-19 259624]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Ave`nement du Roi-sorcier™"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"

.scr - install -

.scr - config -

======List of files/folders created in the last 1 months======

2009-11-11 18:38:25 ----A---- C:\ComboFix.txt

2009-11-11 18:32:57 ----D---- C:\ComboFix

2009-11-11 15:56:11 ----A---- C:\WINDOWS\zip.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\SWSC.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\SWREG.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\sed.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\PEV.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\NIRCMD.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\MBR.exe

2009-11-11 15:56:11 ----A---- C:\WINDOWS\grep.exe

2009-11-11 15:55:58 ----D---- C:\Qoobox

2009-11-11 12:04:43 ----A---- C:\WINDOWS\system32\rundll32.exe bthprops.cpl,,bluetoothauthenticationagent

2009-11-11 12:04:34 ----A---- C:\WINDOWS\system32\rthdcpl.exe3009

2009-11-11 11:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier

2009-11-11 11:57:51 ----A---- C:\WINDOWS\zllsputility_loc040c.dll

2009-11-11 11:57:51 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll

2009-11-11 11:57:51 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll

2009-11-11 11:57:47 ----A---- C:\WINDOWS\zllsputility.exe

2009-11-11 11:57:47 ----A---- C:\WINDOWS\system32\SpOrder.dll

2009-11-11 11:57:32 ----A---- C:\WINDOWS\system32\zpeng24.dll

2009-11-11 11:36:38 ----D---- C:\Program Files\Zone Labs

2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vsxml.dll

2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vswmi.dll

2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vspubapi.dll

2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vsmonapi.dll

2009-11-11 11:35:54 ----D---- C:\WINDOWS\system32\Zonelabs

2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsutil.dll

2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsinit.dll

2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsdata.dll

2009-11-11 11:33:43 ----D---- C:\_OTM

2009-11-11 10:54:11 ----A---- C:\WINDOWS\ReplacerUndo.txt

2009-11-11 10:53:57 ----D---- C:\FR-files

2009-11-11 10:53:57 ----A---- C:\rapport-WFR.txt

2009-11-11 10:49:22 ----D---- C:\WinFileReplace

2009-11-10 23:49:25 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll

2009-11-10 23:49:24 ----A---- C:\WINDOWS\system32\vsregexp.dll

2009-11-10 23:49:24 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll

2009-11-10 23:49:23 ----A---- C:\WINDOWS\system32\zlcommdb.dll

2009-11-10 23:49:23 ----A---- C:\WINDOWS\system32\zlcomm.dll

2009-11-10 19:20:39 ----D---- C:\WINDOWS\Nouveau dossier

2009-11-10 13:50:55 ----D---- C:\Program Files\trend micro

2009-11-10 13:50:40 ----D---- C:\rsit

2009-11-10 12:34:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2009-11-10 12:32:38 ----D---- C:\Program Files\Avira

2009-11-10 12:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-11-10 01:27:30 ----D---- C:\Program Files\HijackThis

2009-11-09 23:56:34 ----A---- C:\WINDOWS\ntbtlog.txt

2009-11-09 22:54:06 ----A---- C:\WINDOWS\is-RQG47.exe

2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs\PC Tools

2009-11-09 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools

2009-11-09 22:46:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\PC Tools

2009-11-09 22:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-11-09 22:07:06 ----A---- C:\WINDOWS\system32\zpeng25.dll

2009-11-09 22:03:28 ----D---- C:\WINDOWS\Internet Logs

2009-11-09 21:56:39 ----A---- C:\rapport.txt

2009-11-09 21:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-11-09 20:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-11-09 20:46:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-11-09 18:55:02 ----D---- C:\Program Files\Alwil Software

2009-11-09 17:58:53 ----D---- C:\Program Files\Enigma Software Group

2009-11-08 23:27:02 ----AH---- C:\aaw7boot.cmd

2009-11-08 22:02:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Lavasoft

2009-11-08 21:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-11-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\xircom

2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\oobe

2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\npp

2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\ime

2009-11-08 21:41:04 ----D---- C:\WINDOWS\msagent

2009-11-08 21:41:04 ----D---- C:\Program Files\xerox

2009-11-08 21:41:04 ----D---- C:\Program Files\windows nt

2009-11-08 21:41:04 ----D---- C:\Program Files\netmeeting

2009-11-08 21:41:04 ----D---- C:\Program Files\msn gaming zone

2009-11-08 21:41:04 ----D---- C:\Program Files\movie maker

2009-11-08 21:41:04 ----D---- C:\Program Files\microsoft frontpage

2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\speechengines

2009-11-08 21:32:10 ----A---- C:\Boot.bak

2009-11-08 21:32:03 ----RASHD---- C:\cmdcons

2009-11-08 21:31:18 ----D---- C:\WINDOWS\ERDNT

2009-11-08 20:53:49 ----D---- C:\WINDOWS\system32\LogFiles

2009-11-08 20:53:34 ----D---- C:\Program Files\Adobe

2009-11-08 20:40:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Broad Intelligence

2009-11-08 20:16:45 ----D---- C:\Program Files\Total Video Converter

2009-11-08 20:05:25 ----A---- C:\WINDOWS\#1 Video Converter.INI

2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaws.exe

2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaw.exe

2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\java.exe

2009-10-30 12:50:04 ----D---- C:\Program Files\iPod

2009-10-30 12:50:02 ----D---- C:\Program Files\iTunes

2009-10-29 23:18:40 ----D---- C:\Program Files\GPLGS

2009-10-29 23:18:07 ----A---- C:\WINDOWS\system32\cpwmon2k.dll

2009-10-29 23:18:01 ----D---- C:\Program Files\Acro Software

2009-10-27 21:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever

2009-10-27 21:42:47 ----D---- C:\Program Files\TmNationsForever

2009-10-23 21:27:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Talkback

2009-10-23 21:27:17 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird

2009-10-18 18:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2009-10-18 18:27:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU

2009-10-18 18:26:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia

2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcr70.dll

2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcp70.dll

2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\mfc70.dll

2009-10-18 18:26:34 ----D---- C:\Program Files\AVS4YOU

2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\msxml3a.dll

2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\GdiPlus.dll

2009-10-18 18:18:12 ----D---- C:\Documents and Settings\Administrateur\Application Data\FreeVideoConverter

2009-10-18 11:47:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\GetRight

2009-10-16 16:33:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Pro

2009-10-15 16:38:19 ----A---- C:\WINDOWS\system32\unrar.dll

2009-10-15 16:38:19 ----A---- C:\WINDOWS\avisplitter.ini

2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\xvidcore.dll

2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2009-10-15 16:38:15 ----D---- C:\Program Files\K-Lite Codec Pack

2009-10-15 16:29:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc

2009-10-15 16:28:47 ----D---- C:\Program Files\VideoLAN

2009-10-15 15:52:43 ----D---- C:\Program Files\Guitar Pro 5

2009-10-13 18:23:07 ----D---- C:\WINDOWS\RegisteredPackages

2009-10-13 18:22:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe

======List of files/folders modified in the last 1 months======

2009-11-11 18:38:51 ----D---- C:\Program Files\Mozilla Firefox

2009-11-11 18:36:56 ----D---- C:\WINDOWS

2009-11-11 18:36:56 ----A---- C:\WINDOWS\system.ini

2009-11-11 18:36:55 ----D---- C:\WINDOWS\system32\drivers

2009-11-11 18:36:44 ----SD---- C:\WINDOWS\Tasks

2009-11-11 18:35:16 ----D---- C:\WINDOWS\system32

2009-11-11 18:35:16 ----D---- C:\WINDOWS\AppPatch

2009-11-11 18:35:13 ----D---- C:\Program Files\Fichiers communs

2009-11-11 18:33:27 ----D---- C:\WINDOWS\system32\CatRoot2

2009-11-11 18:32:16 ----D---- C:\WINDOWS\Temp

2009-11-11 14:42:40 ----D---- C:\Program Files\Free Video Converter

2009-11-11 14:42:38 ----A---- C:\WINDOWS\win.ini

2009-11-11 12:56:04 ----D---- C:\Program Files

2009-11-11 12:55:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-11-11 12:52:21 ----SHD---- C:\WINDOWS\Installer

2009-11-11 12:52:11 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-11-11 11:57:43 ----D---- C:\WINDOWS\inf

2009-11-10 17:38:31 ----D---- C:\WINDOWS\RaidTool

2009-11-10 13:23:03 ----D---- C:\Program Files\TaskSwitchXP

2009-11-10 12:32:18 ----D---- C:\WINDOWS\WinSxS

2009-11-09 21:48:22 ----D---- C:\WINDOWS\Debug

2009-11-09 19:12:44 ----D---- C:\WINDOWS\system32\config

2009-11-08 22:02:49 ----D---- C:\Program Files\Ad-Aware

2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\wbem

2009-11-08 21:41:04 ----D---- C:\WINDOWS\pchealth

2009-11-08 21:41:04 ----D---- C:\WINDOWS\ime

2009-11-08 21:41:04 ----D---- C:\WINDOWS\Help

2009-11-08 21:41:04 ----D---- C:\Program Files\Internet Explorer

2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-11-08 21:32:10 ----RASH---- C:\boot.ini

2009-11-08 20:53:15 ----D---- C:\WINDOWS\system32\dllcache

2009-11-08 20:16:47 ----RSD---- C:\WINDOWS\Fonts

2009-11-08 17:11:21 ----D---- C:\Program Files\Messenger Plus! Live

2009-11-07 14:42:29 ----D---- C:\Program Files\BitComet

2009-11-07 14:42:23 ----D---- C:\Downloads

2009-11-06 17:58:45 ----D---- C:\Program Files\Java

2009-11-06 17:39:32 ----D---- C:\Program Files\Steam

2009-11-06 16:13:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

2009-11-01 17:19:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Bioshock

2009-10-30 12:49:59 ----D---- C:\Program Files\Fichiers communs\Apple

2009-10-29 16:14:59 ----D---- C:\Program Files\Warcraft III

2009-10-27 21:44:21 ----RSD---- C:\WINDOWS\assembly

2009-10-27 21:44:02 ----D---- C:\WINDOWS\system32\DirectX

2009-10-25 13:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-23 22:32:28 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-10-23 21:27:28 ----D---- C:\Program Files\Mozilla Thunderbird

2009-10-23 21:27:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla

2009-10-18 11:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-10-17 15:41:53 ----D---- C:\Program Files\abgx360

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-02 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-10 55656]

R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-01 72704]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800]

R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 a40hzvxn;a40hzvxn; C:\WINDOWS\system32\drivers\a40hzvxn.sys []

S3 atapi_2;atapi_2; \??\C:\WINDOWS\system32\drivers\atapi_2.sys []

S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552]

S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552]

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-05-02 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2008-07-01 16384]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-10 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-10 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]

S2 57xx SteelVine Manager;57xx SteelVine; C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe [2007-08-20 1282048]

S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]

S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\Zonelabs\vsmon.exe [2008-07-09 75304]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-23 651720]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Thanos · le 11 novembre 2009

ok encore un dernier script stp >>

A télécharger ici => http://senduit.com/493c00

Fais glisser de la même manière et poste le rapport (juste le rapport ComboFix)

Ewee · le 11 novembre 2009

Ok, voilà le dernier rapport ComboFix:

ComboFix 09-11-09.02 - Administrateur 11/11/2009 19:50.7.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2675 [GMT 1:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\explorer.exe . . . est infecté!!

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 ))))))))))))))))))))))))))))))))))))

.

2009-11-11 11:46 . 2009-11-11 18:54 632864 --sha-w- c:\windows\system32\drivers\fidbox.dat