infection dldr.agent.dfhk

[JIPEHEL]

Un peu angoissant le déroulement de ComboFix mais en tout cas pas de perte de connexion.

 

A+

Jean-pierre.

 

 

 

 

 

ComboFix 10-03-27.04 - LARGE 28/03/2010 17:23:52.1.2 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.159 [GMT 2:00]

Lancé depuis: c:\documents and settings\LARGE\Bureau\panpan.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée

Copie restaurée à partir de - Kitty ate it

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-28 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-28 14:29 . 2010-03-28 14:29 -------- d-----w- c:\program files\trend micro

2010-03-28 14:29 . 2010-03-28 14:29 -------- d-----w- C:\rsit

2010-03-28 12:52 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-28 12:52 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-28 11:37 . 2010-03-28 11:37 -------- d-----w- C:\Ad-Remover

2010-03-27 20:40 . 2010-03-27 20:40 -------- d-s---w- c:\documents and settings\NetworkService\Favoris

2010-03-27 17:53 . 2010-03-27 17:53 -------- d-s---w- c:\documents and settings\LocalService\Favoris

2010-03-27 17:25 . 2010-03-27 17:45 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-27 17:25 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-03-27 17:25 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-03-27 17:25 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-03-27 17:25 . 2010-03-27 17:25 -------- d-----w- c:\program files\Avira

2010-03-27 17:25 . 2010-03-27 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-03-27 16:54 . 2010-03-27 16:54 -------- d-----w- C:\FOUND.024

2010-03-27 16:29 . 2010-03-27 16:29 -------- d-----w- C:\FOUND.023

2010-03-27 08:23 . 2010-03-27 08:23 -------- d-----w- c:\program files\ZHPDiag

2010-03-26 11:46 . 2010-03-26 11:46 -------- d-----w- c:\program files\ExplorerXP

2010-03-26 09:19 . 2010-03-26 09:19 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-26 08:26 . 2010-03-26 08:26 -------- d-----w- c:\documents and settings\LARGE\Application Data\Malwarebytes

2010-03-26 08:25 . 2010-03-26 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-26 08:25 . 2010-03-26 08:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-26 07:41 . 2010-03-26 07:41 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

2010-03-25 00:01 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-10 08:38 . 2009-10-23 14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-26 07:36 . 2010-03-26 07:36 30720 ----a-w- c:\windows\system32\OLD163.tmp

2010-02-21 18:41 . 2010-02-21 18:41 -------- d-----w- c:\program files\PowerQuest

2010-02-21 09:08 . 2010-02-21 09:08 -------- d-----w- c:\documents and settings\LARGE\Application Data\Uniblue

2010-02-21 09:08 . 2010-02-21 09:08 -------- d-----w- c:\program files\Uniblue

2009-12-31 15:50 . 2001-08-28 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eraser"="c:\program files\Eraser\eraser.exe" [2006-04-09 634880]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"KONICA MINOLTA magicolor 2400W STD"="c:\windows\system32\MSTMON_S.EXE" [2005-07-23 184320]

"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 49152]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-6-6 394856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=SMNT40.dll

"mixer"=SMNT40.dll

"wave1"=SMNT40.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\aTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"\\\\Large-05e8krazu\\video1 (d)\\RADIO COMMUNICATION HF\\APRS PACKET RADIO APRS\\AGW\\agwpe\\AGW Packet Engine.exe"=

"d:\\RADIO COMMUNICATION HF\\AGW\\agwpe\\AGW Packet Engine.exe"=

"\\\\Large-05e8krazu\\C (systeme)\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"\\\\Nom-zyoewxtf2dr\\C ASUS\\RADIO COMMUNICATION HF\\AGW\\agwpe\\AGW Packet Engine.exe"=

"c:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"62531:TCP"= 62531:TCP:utorrent

"62531:UDP"= 62531:UDP:utorrent

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/06/2009 18:42 64160]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/03/2010 19:25 108289]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [24/11/2007 08:13 180480]

S2 gupdate1c9c59edef8d988;Service Google Update (gupdate1c9c59edef8d988);c:\program files\Google\Update\GoogleUpdate.exe [25/04/2009 14:10 133104]

S2 ohphrxrs;SmartLink AMR_PCI Helper;c:\windows\System32\svchost.exe -k netsvcs [28/08/2001 12:00 14336]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232]

S4 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [24/11/2007 11:05 11264]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ohphrxrs

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 12:10]

 

2010-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:42]

 

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 12:10]

 

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 12:10]

.

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {758CD569-58B0-458E-ABA5-3C409838897B} = 192.168.1.1

TCP: {8F3A0CE4-19F0-4B0B-8274-9213D311E4FF} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\LARGE\Application Data\Mozilla\Firefox\Profiles\muabnnk8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

ShellIconOverlayIdentifiers-{298E992B-3FB7-40E1-B4DB-6E9C49A81DCF} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-28 17:35

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,5f,e5,6a,00,ba,7d,4d,9d,75,00,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,5f,e5,6a,00,ba,7d,4d,9d,75,00,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\RDD\CLASS*]

"DATA"="3be90095-a424-4d21-943f-97edf4a648ec"

"RPC"="000002ca-07d9-015f-943f-97edf4a648ec"

"CRC"="00001554-086f-303d-943f-97edf4a648ec"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(800)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(488)

c:\program files\ScanSoft\OmniPageSE\ophook32.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\System32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2010-03-28 17:42:33 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-28 15:42

 

Avant-CF: 8 502 935 552 octets libres

Après-CF: 8 527 478 784 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

- - End Of File - - 50EC61F9DF37DEF553AF9E801D932306

[Apollo]

Il ne faut pas t'angoisser avec ComboFix lorsque c'est un conseiller bien formé qui te demande de l'utiliser; je suis prudent par nature et je ne risquerais jamais une maneouvre risquée sur la machine de quelqu'un qui compte sur moi pour la nettoyer.

 

Le danger de ComboFix, c'est de l'utiliser n'importe comment, sans demande spéciale, enregistré n'importe où et surtout exécuté avec les protections activées... Beaucoup trop de gens le font et ils ne savent pas ce qu'ils risquent... ComboFix n'est pas un jouet mais un outil ultra-puissant capable de détruire un système en cas de fausse maneuvre.

 

Il a récupéré d'une infection par le Rootkit TDSS; on va donc faire une vérification supplémentaire pour voir s'il n'en traîne pas encore un bout dans un coin.

 

Télécharge TDSSKiller de Kaspersky. http://senduit.com/b44ee6

 

Enregistrer sur le bureau. (et pas ailleurs). <<<===

 

 

Va dans Démarrer/exécuter (ou touches Windows et R) et copie/colle le contenu du cadre ci-dessous:

 

"%userprofile%\bureau\TDSSKiller.exe" -l TDSSlog.txt -v

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Un fichier TDSSlog.txt va apparaitre sur ton bureau.

Ouvre le et poste l'intégralité de son contenu dans ta prochaine réponse.

 

NB: Si l'outil demande un reboot, accepte en tapant Y (yes).

D'ailleurs, applique tout ce qu'il propose.

 

 

Poste ensuite un nouveau log RSIT après le rapport de TDSSKiller stp.

 

@+tard

[JIPEHEL]

18:06:27:312 2404 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

18:06:27:312 2404 ================================================================================

18:06:27:312 2404 SystemInfo:

 

18:06:27:312 2404 OS Version: 5.1.2600 ServicePack: 3.0

18:06:27:312 2404 Product type: Workstation

18:06:27:312 2404 ComputerName: LARGE-05E8KRAZU

18:06:27:312 2404 UserName: LARGE

18:06:27:312 2404 Windows directory: C:\WINDOWS

18:06:27:312 2404 Processor architecture: Intel x86

18:06:27:312 2404 Number of processors: 2

18:06:27:312 2404 Page size: 0x1000

18:06:27:312 2404 Boot type: Normal boot

18:06:27:312 2404 ================================================================================

18:06:27:312 2404 UnloadDriverW: NtUnloadDriver error 2

18:06:27:312 2404 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

18:06:27:343 2404 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

18:06:27:343 2404 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

18:06:27:343 2404 wfopen_ex: Trying to KLMD file open

18:06:27:343 2404 wfopen_ex: File opened ok (Flags 2)

18:06:27:343 2404 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

18:06:27:343 2404 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

18:06:27:343 2404 wfopen_ex: Trying to KLMD file open

18:06:27:343 2404 wfopen_ex: File opened ok (Flags 2)

18:06:27:343 2404 Initialize success

18:06:27:343 2404

18:06:27:343 2404 Scanning Services ...

18:06:27:640 2404 Raw services enum returned 352 services

18:06:27:640 2404

18:06:27:640 2404 Scanning Kernel memory ...

18:06:27:640 2404 Devices to scan: 7

18:06:27:640 2404

18:06:27:640 2404 Driver Name: Disk

18:06:27:640 2404 IRP_MJ_CREATE : F86DDBB0

18:06:27:640 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:640 2404 IRP_MJ_CLOSE : F86DDBB0

18:06:27:640 2404 IRP_MJ_READ : F86D7D1F

18:06:27:640 2404 IRP_MJ_WRITE : F86D7D1F

18:06:27:640 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:640 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:640 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:640 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:640 2404 IRP_MJ_FLUSH_BUFFERS : F86D82E2

18:06:27:640 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:640 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:640 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:640 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:640 2404 IRP_MJ_DEVICE_CONTROL : F86D83BB

18:06:27:640 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F86DBF28

18:06:27:640 2404 IRP_MJ_SHUTDOWN : F86D82E2

18:06:27:640 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:640 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:640 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:640 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:640 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:640 2404 IRP_MJ_POWER : F86D9C82

18:06:27:640 2404 IRP_MJ_SYSTEM_CONTROL : F86DE99E

18:06:27:640 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:640 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:640 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:687 2404 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

18:06:27:687 2404

18:06:27:687 2404 Driver Name: USBSTOR

18:06:27:687 2404 IRP_MJ_CREATE : F89CC218

18:06:27:687 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:687 2404 IRP_MJ_CLOSE : F89CC218

18:06:27:687 2404 IRP_MJ_READ : F89CC23C

18:06:27:687 2404 IRP_MJ_WRITE : F89CC23C

18:06:27:687 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:687 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:687 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:687 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:687 2404 IRP_MJ_FLUSH_BUFFERS : 804F9759

18:06:27:687 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:687 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:687 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:687 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:687 2404 IRP_MJ_DEVICE_CONTROL : F89CC180

18:06:27:687 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F89C79E6

18:06:27:687 2404 IRP_MJ_SHUTDOWN : 804F9759

18:06:27:687 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:687 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:687 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:687 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:687 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:687 2404 IRP_MJ_POWER : F89CB5F0

18:06:27:687 2404 IRP_MJ_SYSTEM_CONTROL : F89C9A6E

18:06:27:687 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:687 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:687 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:703 2404 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

18:06:27:703 2404

18:06:27:703 2404 Driver Name: Disk

18:06:27:703 2404 IRP_MJ_CREATE : F86DDBB0

18:06:27:703 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:703 2404 IRP_MJ_CLOSE : F86DDBB0

18:06:27:703 2404 IRP_MJ_READ : F86D7D1F

18:06:27:703 2404 IRP_MJ_WRITE : F86D7D1F

18:06:27:703 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:703 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:703 2404 IRP_MJ_FLUSH_BUFFERS : F86D82E2

18:06:27:703 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:703 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:703 2404 IRP_MJ_DEVICE_CONTROL : F86D83BB

18:06:27:703 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F86DBF28

18:06:27:703 2404 IRP_MJ_SHUTDOWN : F86D82E2

18:06:27:703 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:703 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:703 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:703 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:703 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:703 2404 IRP_MJ_POWER : F86D9C82

18:06:27:703 2404 IRP_MJ_SYSTEM_CONTROL : F86DE99E

18:06:27:703 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:703 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:703 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:703 2404 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

18:06:27:703 2404

18:06:27:703 2404 Driver Name: Disk

18:06:27:703 2404 IRP_MJ_CREATE : F86DDBB0

18:06:27:703 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:703 2404 IRP_MJ_CLOSE : F86DDBB0

18:06:27:703 2404 IRP_MJ_READ : F86D7D1F

18:06:27:703 2404 IRP_MJ_WRITE : F86D7D1F

18:06:27:703 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:703 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:703 2404 IRP_MJ_FLUSH_BUFFERS : F86D82E2

18:06:27:703 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:703 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:703 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:703 2404 IRP_MJ_DEVICE_CONTROL : F86D83BB

18:06:27:703 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F86DBF28

18:06:27:703 2404 IRP_MJ_SHUTDOWN : F86D82E2

18:06:27:703 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:703 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:703 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:703 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:703 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:703 2404 IRP_MJ_POWER : F86D9C82

18:06:27:703 2404 IRP_MJ_SYSTEM_CONTROL : F86DE99E

18:06:27:703 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:703 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:703 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:734 2404 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

18:06:27:734 2404

18:06:27:734 2404 Driver Name: Disk

18:06:27:734 2404 IRP_MJ_CREATE : F86DDBB0

18:06:27:734 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:734 2404 IRP_MJ_CLOSE : F86DDBB0

18:06:27:734 2404 IRP_MJ_READ : F86D7D1F

18:06:27:734 2404 IRP_MJ_WRITE : F86D7D1F

18:06:27:734 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:734 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:734 2404 IRP_MJ_FLUSH_BUFFERS : F86D82E2

18:06:27:734 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:734 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:734 2404 IRP_MJ_DEVICE_CONTROL : F86D83BB

18:06:27:734 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F86DBF28

18:06:27:734 2404 IRP_MJ_SHUTDOWN : F86D82E2

18:06:27:734 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:734 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:734 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:734 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:734 2404 IRP_MJ_POWER : F86D9C82

18:06:27:734 2404 IRP_MJ_SYSTEM_CONTROL : F86DE99E

18:06:27:734 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:734 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:734 2404 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

18:06:27:734 2404

18:06:27:734 2404 Driver Name: atapi

18:06:27:734 2404 IRP_MJ_CREATE : F85C36F2

18:06:27:734 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:734 2404 IRP_MJ_CLOSE : F85C36F2

18:06:27:734 2404 IRP_MJ_READ : 804F9759

18:06:27:734 2404 IRP_MJ_WRITE : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:734 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:734 2404 IRP_MJ_FLUSH_BUFFERS : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:734 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:734 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:734 2404 IRP_MJ_DEVICE_CONTROL : F85C3712

18:06:27:734 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85BF852

18:06:27:734 2404 IRP_MJ_SHUTDOWN : 804F9759

18:06:27:734 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:734 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:734 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:734 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:734 2404 IRP_MJ_POWER : F85C373C

18:06:27:734 2404 IRP_MJ_SYSTEM_CONTROL : F85CA336

18:06:27:734 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:734 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:734 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:765 2404 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1

18:06:27:765 2404

18:06:27:765 2404 Driver Name: atapi

18:06:27:765 2404 IRP_MJ_CREATE : F85C36F2

18:06:27:765 2404 IRP_MJ_CREATE_NAMED_PIPE : 804F9759

18:06:27:765 2404 IRP_MJ_CLOSE : F85C36F2

18:06:27:765 2404 IRP_MJ_READ : 804F9759

18:06:27:765 2404 IRP_MJ_WRITE : 804F9759

18:06:27:765 2404 IRP_MJ_QUERY_INFORMATION : 804F9759

18:06:27:765 2404 IRP_MJ_SET_INFORMATION : 804F9759

18:06:27:765 2404 IRP_MJ_QUERY_EA : 804F9759

18:06:27:765 2404 IRP_MJ_SET_EA : 804F9759

18:06:27:765 2404 IRP_MJ_FLUSH_BUFFERS : 804F9759

18:06:27:765 2404 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759

18:06:27:765 2404 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759

18:06:27:765 2404 IRP_MJ_DIRECTORY_CONTROL : 804F9759

18:06:27:765 2404 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759

18:06:27:765 2404 IRP_MJ_DEVICE_CONTROL : F85C3712

18:06:27:765 2404 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85BF852

18:06:27:765 2404 IRP_MJ_SHUTDOWN : 804F9759

18:06:27:765 2404 IRP_MJ_LOCK_CONTROL : 804F9759

18:06:27:765 2404 IRP_MJ_CLEANUP : 804F9759

18:06:27:765 2404 IRP_MJ_CREATE_MAILSLOT : 804F9759

18:06:27:765 2404 IRP_MJ_QUERY_SECURITY : 804F9759

18:06:27:765 2404 IRP_MJ_SET_SECURITY : 804F9759

18:06:27:765 2404 IRP_MJ_POWER : F85C373C

18:06:27:765 2404 IRP_MJ_SYSTEM_CONTROL : F85CA336

18:06:27:765 2404 IRP_MJ_DEVICE_CHANGE : 804F9759

18:06:27:765 2404 IRP_MJ_QUERY_QUOTA : 804F9759

18:06:27:765 2404 IRP_MJ_SET_QUOTA : 804F9759

18:06:27:781 2404 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1

18:06:27:781 2404

18:06:27:781 2404 Completed

18:06:27:781 2404

18:06:27:781 2404 Results:

18:06:27:781 2404 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

18:06:27:781 2404 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

18:06:27:781 2404 File objects infected / cured / cured on reboot: 0 / 0 / 0

18:06:27:781 2404

18:06:27:781 2404 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

18:06:27:781 2404 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

18:06:27:781 2404 KLMD(ARK) unloaded successfully

 

 

Le rapport RSIT arrive............

[JIPEHEL]

Le voila

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by LARGE at 2010-03-28 18:09:41

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 8 GB (33%) free of 25 GB

Total RAM: 511 MB (27% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:09:55, on 28/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Eraser\eraser.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\LARGE\Bureau\Desinfection ordi\RSIT.exe

C:\Program Files\trend micro\LARGE.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.calvados.fr/geoservices/mg65ctr..._activex_ie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{758CD569-58B0-458E-ABA5-3C409838897B}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F3A0CE4-19F0-4B0B-8274-9213D311E4FF}: NameServer = 192.168.1.1

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service Google Update (gupdate1c9c59edef8d988) (gupdate1c9c59edef8d988) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

 

--

End of file - 7981 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-12-09 757760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-12-09 757760]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]

"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]

"KONICA MINOLTA magicolor 2400W STD"=C:\WINDOWS\system32\MSTMON_S.EXE [2005-07-23 184320]

"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-02-20 49152]

"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-01 524632]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Eraser"=C:\Program Files\Eraser\eraser.exe [2006-04-09 634880]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-25 39408]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\aTunes.exe"="C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\aTunes.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"\\Large-05e8krazu\video1 (d)\RADIO COMMUNICATION HF\APRS PACKET RADIO APRS\AGW\agwpe\AGW Packet Engine.exe"="\\Large-05e8krazu\video1 (d)\RADIO COMMUNICATION HF\APRS PACKET RADIO APRS\AGW\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur"

"D:\RADIO COMMUNICATION HF\AGW\agwpe\AGW Packet Engine.exe"="D:\RADIO COMMUNICATION HF\AGW\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur"

"\\Large-05e8krazu\C (systeme)\Program Files\uTorrent\uTorrent.exe"="\\Large-05e8krazu\C (systeme)\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"\\Nom-zyoewxtf2dr\C ASUS\RADIO COMMUNICATION HF\AGW\agwpe\AGW Packet Engine.exe"="\\Nom-zyoewxtf2dr\C ASUS\RADIO COMMUNICATION HF\AGW\agwpe\AGW Packet Engine.exe:*:Enabled:AGW Packet Engine.exe"

"C:\Program Files\K1RFD\EchoLink\EchoLink.exe"="C:\Program Files\K1RFD\EchoLink\EchoLink.exe:*:Enabled:EchoLink"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2010-03-28 17:42:35 ----A---- C:\ComboFix.txt

2010-03-28 17:18:12 ----A---- C:\Boot.bak

2010-03-28 17:18:07 ----RASHD---- C:\cmdcons

2010-03-28 17:15:16 ----A---- C:\WINDOWS\zip.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\SWSC.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\SWREG.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\sed.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\PEV.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\MBR.exe

2010-03-28 17:15:16 ----A---- C:\WINDOWS\grep.exe

2010-03-28 17:14:57 ----D---- C:\WINDOWS\ERDNT

2010-03-28 17:14:29 ----D---- C:\Qoobox

2010-03-28 16:29:13 ----D---- C:\Program Files\trend micro

2010-03-28 16:29:10 ----D---- C:\rsit

2010-03-28 13:45:17 ----A---- C:\Ad-Report-CLEAN[1].txt

2010-03-28 13:38:07 ----A---- C:\Ad-Report-SCAN[1].txt

2010-03-28 13:37:46 ----D---- C:\Ad-Remover

2010-03-27 19:25:17 ----D---- C:\Program Files\Avira

2010-03-27 19:25:17 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2010-03-27 18:54:38 ----D---- C:\FOUND.024

2010-03-27 18:29:06 ----D---- C:\FOUND.023

2010-03-27 10:23:29 ----D---- C:\Program Files\ZHPDiag

2010-03-26 13:46:21 ----D---- C:\Program Files\ExplorerXP

2010-03-26 10:26:02 ----D---- C:\Documents and Settings\LARGE\Application Data\Malwarebytes

2010-03-26 10:25:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-03-26 10:25:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-26 09:36:12 ----A---- C:\WINDOWS\system32\OLD163.tmp

2010-03-25 02:01:49 ----N---- C:\WINDOWS\system32\browserchoice.exe

2010-03-12 19:09:08 ----HD---- C:\WINDOWS\$NtUninstallKB975561$

 

======List of files/folders modified in the last 1 months======

 

2010-03-28 17:33:34 ----A---- C:\WINDOWS\system.ini

2010-03-28 17:22:54 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-28 17:18:14 ----RASH---- C:\boot.ini

2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

2010-03-01 18:42:54 ----A---- C:\WINDOWS\system32\lsdelete.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-03-27 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-27 56816]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-03-22 95936]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]

R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480]

R3 catchme;catchme; \??\C:\panpan\catchme.sys []

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-02-16 210128]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]

R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2001-12-31 390016]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2001-11-29 33028]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-06-19 553384]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []

S2 zntport;ioctrl driver ; \??\C:\WINDOWS\system32\zntport.sys []

S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []

S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 mbr;mbr; \??\C:\DOCUME~1\LARGE\LOCALS~1\Temp\mbr.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-02-16 1293192]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2001-12-11 37087]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-02-05 162136]

S3 QCMerced;Logitech QuickCam Messenger; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2003-06-27 472332]

S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-02-16 85520]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-03-27 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-27 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]

S2 gupdate1c9c59edef8d988;Service Google Update (gupdate1c9c59edef8d988); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-25 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]

S2 ohphrxrs;SmartLink AMR_PCI Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2001-09-27 65536]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

[Apollo]

Désinstalle ComboFix de la manière suivante:

 

Clique sur Démarrer > Exécuter et copie/colle le texte en gras ci-dessous dans la zone de saisie Ouvrir puis cliquer sur OK

 

ComboFix /Uninstall

 

Supprimer les dossiers c:\Qoobox et c:\ComboFix s'ils étaient encore présents sur le C:\

Vider la corbeille.

 

**********************************************

 

Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
   
  Double-clique ATF-Cleaner.exe afin de lancer le programme.
  --> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.
   
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

*****************************************************

ESET ONLINE SCANNER

 

Télécharge ESET Online Scanner sur ton Bureau en cliquant sur ce logo:

http://download.eset.com/special/eos/esets...staller_enu.exe

• Double-clique sur le fichier esetsmartinstaller_enu.exe présent sur ton Bureau pour installer le scanner. Attention: si tu disposes de Windows VISTA, clique droit sur esetsmartinstaller_enu.exe puis sélectionne "exécuter en tant qu'administrateur"
  
• Accepte la licence en cochant la case "YES, i accept the terms of use", puis clique sur le bouton "Start"
  
• Une fois le scanner installé, configure-le en décochant la case "Remove found threats" et en cochant la case "Scan archives"
  
  
• Lance la recherche antivirale en cliquant sur le bouton "Start": l'outil se met à jour puis lance le scan: une barre de progression indique où en est la recherche
  
• Quand le scan est terminé, si des virus ont été détectés, clique sur la ligne "List of found threats":
  
  
• Une nouvelle fenêtre aparaît: clique sur "Export to text file" et enregistre le rapport sur ton Bureau en le nommant logESET.txt
  
• Clique sur le bouton "Back" pour retourner à l'interface précédente, puis coche la case "Uninstall application on close"
  
  
• Clique enfin sur le bouton "Finish" puis ferme la fenêtre du scanner
  
• Ouvre le fichier logESET sur ton Bureau et copie-colle son contenu dans ta prochaine réponse
  

 

Nota : ce scan peut être très long et prendre plusieurs heures.

 

@++

[JIPEHEL]

Mise a part ATF Cleaner est-ce que je garde les progs que tu m'as fait charger?

[Apollo]

Non,

 

je fais toujours désinstaller le outils spéciaux en fin de procédures lorsque je donne mes dernières consignes de fin de topic.

 

pas de souci; de toute façon, il ne faurt jamais garder ce genre d'outils qui évoluent tout le temps because l'activité des pirates très "inventifs"...

 

Un outil se retrouve donc très vite obsolète.

 

@++

[JIPEHEL]

J'ai tout regroupé dans un dossier "Désinfection" sur mon bureau. par contre ESET online scanner au bout de 30 minutes est toujours a 1%. On n'est pas couchés!!!

[Apollo]

Ben oui, c'est plus rapide d'être infecté hein

 

Mais quand ont fait un scan en ligne, il vaut mieux ne rien faire d'autre pendant le temps de l'analyse sinon elle durera ça plus longtemps;

 

je sais pas moi, va faire faire pipi au chien ou va boire une bière au coincoin

 

@++

[JIPEHEL]

Je n'ai plus de chien....Et c'est sur une autre machine que je communique pour l'instant! Un truc me fait marrer : " Junior Member" si tu voyais la tronche du "Junior" !!!

Modifié le 28 mars 2010 par JIPEHEL