Probleme rootkit Ntndis.sys

[kenberal]

Bonjour,

 

voila depuis quelques temps j'ai un méchant virus qui me bouffe en mémoire (charge dédiée)

et ralentit considérablement ma vitesse internet !

 

J'ai appris que c'etai l'oeuvre d'un rootkit et j'ai alors cherché plusieurs démarches sur internet mais aucune

n'a suffi a regler mon problème, j'en vien donc a vous demander votre aide , merci.

 

PS = Pour je ne sais quelle raison, combofix ne veut pas fonctionner sur mon pc (lecteur disque virtuel ou je ne sais pas quoi..)

[no.ppp]

Salut,

 

Afin d'y voir plus clair, fais ceci :

 

Télécharge OTL sur ton Bureau

• Double-clique sur OTL.exe pour le lancer.
  
• Coche la case Tous les utilisateurs
  
• Fais de même avec Recherche Lop et Recherche Purity.
  
• Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
  
• Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
  
• Copie-colle les dans ta prochaine réponse.

[kenberal]

OTL.txt ;

 

 

OTL logfile created on: 25/06/2010 18:37:14 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Valence\Mes documents\Telechargements

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): C:\pagefile.sys 512 512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 35,58 Gb Free Space | 23,87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TEST

Current User Name: Valence

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/06/25 18:36:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valence\Mes documents\Téléchargements\OTL.exe

PRC - [2010/06/24 11:40:18 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/06/24 11:40:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2010/01/31 00:27:38 | 000,141,061 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe

PRC - [2008/04/13 20:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - File not found -- C:\Documents and Settings\Valence\Mes documents\Telechargements\OTL.exe

MOD - [2008/04/13 20:32:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/05/01 13:58:06 | 000,271,728 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2010/04/06 17:48:00 | 003,812,392 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/05/24 15:16:11 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)

DRV - [2010/05/01 14:05:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)

DRV - [2010/04/05 15:57:53 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010/04/05 15:57:52 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010/03/14 13:07:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2010/01/12 06:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/03/18 05:34:44 | 001,512,960 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)

DRV - [2008/04/13 10:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/02/06 18:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2004/12/22 20:05:08 | 000,259,584 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)

DRV - [2004/09/02 22:01:16 | 000,396,480 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)

DRV - [2004/07/27 12:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)

DRV - [2004/06/30 13:54:04 | 000,019,200 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDBRGSYS.sys -- (ZDBRGSYS)

DRV - [2004/04/14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2004/04/14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2004/04/14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2004/04/14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)

DRV - [2003/04/19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)

DRV - [2003/03/02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)

DRV - [2001/08/28 17:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

DRV - [2001/08/17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Clubic : Actualité informatique, Comparatifs, Logiciels et Forum

IE - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://windows-ie8.fr/clubic/bienvenue.aspx

IE - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: fastdebrid@gmail.com:0.2

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/03 14:00:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 11:40:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 11:40:19 | 000,000,000 | ---D | M]

 

[2010/03/13 05:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Mozilla\Extensions

[2010/06/25 16:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Mozilla\Firefox\Profiles\6ksquoi2.default\extensions

[2010/05/20 20:36:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Valence\Application Data\Mozilla\Firefox\Profiles\6ksquoi2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/03/13 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Mozilla\Firefox\Profiles\6ksquoi2.default\extensions\fastdebrid@gmail.com

[2010/05/14 21:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Mozilla\Firefox\Profiles\6ksquoi2.default\extensions\openmedspel@e-medtools.com

[2010/06/25 12:06:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/21 00:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/05/31 17:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/05/21 00:56:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/16 03:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/01/16 03:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/16 03:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/01/16 03:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/03/25 19:38:01 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2010/05/24 15:16:28 | 000,000,861 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ad.ghura.pl

O1 - Hosts: 127.0.0.1 ircgalaxy.pl

O1 - Hosts: 127.0.0.1 ru.brans.pl

O1 - Hosts: 127.0.0.1 zief.pl

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O4 - HKLM..\Run: [CmPCIaudio] File not found

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] File not found

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003..\Run: [fsm] File not found

O4 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003..\Run: [start WingMan Profiler] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1

O7 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O16 - DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} http://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab (NetmarbleStarter26 Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269547214250 (WUWebControl Class)

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble.jp/_common/cab/NMJTransX.cab (NMJTransX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} http://download.netmarble.net/NMChatX/NMTransX.cab (NMTransX Module)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F34BE0D1-DFF0-4FA4-9D56-1F14B6F1A614} http://www.tt4you.com/ocx/T4YLoader.cab (T4YLoader Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010/03/13 04:18:00 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/06/24 16:58:35 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/06/24 15:41:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry

[2010/06/24 14:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra

[2010/06/24 13:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\homeworld 2

[2010/06/24 12:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/24 12:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\Might and Magic I

[2010/06/17 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Mes documents\Mount&Blade Savegames

[2010/06/17 14:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Application Data\Mount&Blade

[2010/06/17 14:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mount & blade

[2010/06/17 11:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Mes documents\Mount&Blade Warband

[2010/06/17 11:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Menu Demarrer

[2010/06/15 18:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/06/14 22:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\I am the Avalanche

[2010/06/13 20:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\Cracks

[2010/06/10 19:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\[MFT] Naruto Chapitre 498

[2010/06/09 16:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Application Data\Football Superstars

[2010/06/09 16:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2010/06/09 16:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Application Data\SystemRequirementsLab

[2010/06/06 10:20:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/06 09:26:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/06/06 09:26:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/06/06 09:26:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/06/06 09:26:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/06/06 09:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Start Menu

[2010/06/05 18:41:31 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24636.exe

[2010/06/05 18:40:53 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24512.exe

[2010/06/05 18:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/06/05 16:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\Taihen_Yokudekimashita

[2010/06/05 16:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\QUEEN´S BLADE - 8 DOUJINS -1

[2010/06/02 21:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/06/02 20:46:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/02 20:41:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/02 19:25:17 | 000,000,000 | ---D | C] -- C:\FR-files

[2010/06/02 19:16:30 | 000,000,000 | ---D | C] -- C:\WinFileReplace

[2010/06/02 15:48:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010/06/02 07:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6

[2010/06/01 17:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Application Data\Malwarebytes

[2010/06/01 17:08:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/01 17:08:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/01 17:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/01 17:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/06/01 16:57:48 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Valence\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.46_francais_215092.exe

[2010/05/31 18:40:57 | 000,259,584 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\ZD1211U.sys

[2010/05/31 18:40:57 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPN50.dll

[2010/05/31 18:40:57 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDBRGDLL.dll

[2010/05/31 18:40:57 | 000,019,200 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDBRGSYS.sys

[2010/05/31 18:40:57 | 000,017,151 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPNDIS5.sys

[2010/05/31 18:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\ZyDAS

[2010/05/31 18:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Demarrer

[2010/05/31 17:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\ANI

[2010/05/31 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link

[2010/05/31 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech

[2010/05/31 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Mes documents\nourveauvi23_data

[2010/05/30 22:30:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/05/30 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\nourveauvi23_data

[2010/05/30 01:09:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010/05/29 23:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Mes documents\Telechargements

[2010/05/27 19:52:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Valence\PrivacIE

[2010/05/27 07:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/26 19:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valence\Bureau\Nouveau Porte-documents

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/06/25 18:25:54 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Valence\ntuser.dat

[2010/06/25 18:09:02 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/25 18:09:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/25 16:47:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1606980848-839522115-1003.job

[2010/06/25 16:47:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1606980848-839522115-1003.job

[2010/06/25 15:10:12 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Valence\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/25 09:53:32 | 000,000,981 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/25 09:53:32 | 000,000,282 | RHS- | M] () -- C:\boot.ini

[2010/06/25 09:53:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/25 09:53:22 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/06/25 09:53:21 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010/06/25 09:53:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/25 09:53:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/25 02:46:53 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Valence\ntuser.ini

[2010/06/24 15:41:21 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Homeworld 2 Battlestar Galactica Fleet Commander-v.0.5.2.lnk

[2010/06/24 14:02:43 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Homeworld2.lnk

[2010/06/24 12:58:15 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\HijackThis.lnk

[2010/06/23 19:55:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/17 11:44:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Mount&Blade Warband.lnk

[2010/06/17 11:42:24 | 581,893,315 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\mb_warband_setup_1124.exe

[2010/06/17 10:57:05 | 000,000,000 | ---- | M] () -- C:\backup.reg

[2010/06/17 10:57:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\mfcoxvo.sys

[2010/06/16 00:36:26 | 000,015,920 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Liaison messaline-sillius.odt

[2010/06/15 22:59:14 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Latinjuin2010.doc

[2010/06/15 20:05:55 | 000,023,713 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Affaire valerius asiaticus.odt

[2010/06/15 17:21:28 | 000,000,549 | ---- | M] () -- C:\WINDOWS\System\Cmicnfg3.ini

[2010/06/14 21:34:44 | 067,559,390 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\I am the Avalanche.rar

[2010/06/13 21:47:47 | 000,007,857 | ---- | M] () -- C:\Documents and Settings\Valence\Mes documents\nourveauvi23.aup

[2010/06/13 21:47:38 | 000,057,802 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Life on-Line.gpx

[2010/06/13 20:39:36 | 000,031,793 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Life on-Line (1).gp5

[2010/06/12 16:24:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010/06/10 22:19:59 | 000,042,036 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\test+méla...gp5

[2010/06/10 20:59:50 | 000,299,550 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Travaille Geo.pdf

[2010/06/10 20:53:19 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Valence\online_{408500c1-b1a6-4b1c-a70c-c22eafa7f6b6}

[2010/06/10 20:53:18 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Valence\{408500c1-b1a6-4b1c-a70c-c22eafa7f6b6}

[2010/06/10 20:42:14 | 000,044,257 | ---- | M] () -- C:\Documents and Settings\Valence\ifarmed.html

[2010/06/10 20:38:18 | 003,543,552 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Doc FR.doc

[2010/06/09 16:41:39 | 000,001,033 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\Football Superstars.lnk

[2010/06/09 08:10:04 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk

[2010/06/08 19:39:50 | 000,045,592 | ---- | M] () -- C:\WINDOWS\System32\ifarmed.html

[2010/06/08 14:22:29 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{408500c1-b1a6-4b1c-a70c-c22eafa7f6b6}

[2010/06/08 14:22:26 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{408500c1-b1a6-4b1c-a70c-c22eafa7f6b6}

[2010/06/06 10:10:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Valence\defogger_reenable

[2010/06/05 18:49:19 | 000,890,272 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\WinFileReplace.exe

[2010/06/05 18:30:14 | 000,003,137 | ---- | M] () -- C:\WINDOWS\System32\StyleVistaDown.png

[2010/06/05 18:30:13 | 000,003,298 | ---- | M] () -- C:\WINDOWS\System32\StyleVista.png

[2010/06/02 20:53:31 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Valence\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk

[2010/06/02 20:30:01 | 003,702,398 | R--- | M] () -- C:\Documents and Settings\Valence\Bureau\ComboFix.exe

[2010/06/01 17:10:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/06/01 16:57:52 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Valence\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.46_francais_215092.exe

[2010/05/31 18:40:56 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZDWlan.lnk

[2010/05/30 22:16:09 | 061,626,310 | ---- | M] () -- C:\Documents and Settings\Valence\Mes documents\mo.reg

[2010/05/30 21:18:00 | 000,033,350 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\wlanapi.zip

[2010/05/30 17:48:59 | 000,007,199 | ---- | M] () -- C:\Documents and Settings\Valence\Mes documents\nourveauvi23.aup.bak

[2010/05/30 14:23:26 | 000,078,820 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\viesbrulees-1cd.srt

[2010/05/29 23:34:45 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\avira-antivir-personal-free_avira_antivir_personal_free_10.0.0.567_anglais_10821.exe

[2010/05/27 00:03:24 | 000,759,066 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\nourveauvi23.mp3

[2010/05/26 23:44:20 | 000,011,186 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\test plus metal.gp5

[2010/05/26 23:44:10 | 000,007,851 | ---- | M] () -- C:\Documents and Settings\Valence\Bureau\1.gp5

[2010/05/26 21:03:29 | 000,085,089 | ---- | M] () -- C:\Documents and Settings\Valence\Mes documents\gaelle école.gif

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/24 15:41:21 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Homeworld 2 Battlestar Galactica Fleet Commander-v.0.5.2.lnk

[2010/06/24 14:02:43 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Homeworld2.lnk

[2010/06/24 12:58:15 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\HijackThis.lnk

[2010/06/17 11:42:56 | 581,893,315 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\mb_warband_setup_1124.exe

[2010/06/17 10:57:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfcoxvo.sys

[2010/06/15 23:01:50 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Latinjuin2010.doc

[2010/06/15 18:04:06 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/15 14:24:24 | 000,023,713 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Affaire valerius asiaticus.odt

[2010/06/15 14:12:13 | 000,015,920 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Liaison messaline-sillius.odt

[2010/06/14 21:34:06 | 067,559,390 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\I am the Avalanche.rar

[2010/06/13 23:12:51 | 000,057,802 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Life on-Line.gpx

[2010/06/13 20:40:20 | 000,031,793 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Life on-Line (1).gp5

[2010/06/13 20:29:22 | 000,042,036 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\test+méla...gp5

[2010/06/10 20:59:48 | 000,299,550 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Travaille Geo.pdf

[2010/06/10 20:38:08 | 003,543,552 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Doc FR.doc

[2010/06/09 16:41:39 | 000,001,033 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\Football Superstars.lnk

[2010/06/06 11:37:36 | 000,000,000 | ---- | C] () -- C:\backup.reg

[2010/06/06 11:36:11 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\avenger.exe

[2010/06/06 10:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valence\defogger_reenable

[2010/06/06 09:26:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/06 09:26:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/06 09:26:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/05 18:49:33 | 000,890,272 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\WinFileReplace.exe

[2010/06/05 18:48:27 | 003,702,398 | R--- | C] () -- C:\Documents and Settings\Valence\Bureau\ComboFix.exe

[2010/06/05 01:29:06 | 000,078,820 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\viesbrulees-1cd.srt

[2010/06/02 20:46:26 | 000,000,212 | ---- | C] () -- C:\Boot.bak

[2010/06/02 20:46:23 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/02 20:42:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/02 20:42:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/01 17:10:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/06/01 07:44:40 | 000,007,857 | ---- | C] () -- C:\Documents and Settings\Valence\Mes documents\nourveauvi23.aup

[2010/06/01 07:44:40 | 000,007,199 | ---- | C] () -- C:\Documents and Settings\Valence\Mes documents\nourveauvi23.aup.bak

[2010/05/31 22:28:20 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\avira-antivir-personal-free_avira_antivir_personal_free_10.0.0.567_anglais_10821.exe

[2010/05/31 18:40:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe

[2010/05/31 18:40:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2010/05/31 18:40:56 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZDWlan.lnk

[2010/05/30 22:21:51 | 000,033,350 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\wlanapi.zip

[2010/05/30 22:16:04 | 061,626,310 | ---- | C] () -- C:\Documents and Settings\Valence\Mes documents\mo.reg

[2010/05/27 00:03:22 | 000,759,066 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\nourveauvi23.mp3

[2010/05/26 23:50:01 | 000,007,851 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\1.gp5

[2010/05/26 23:46:46 | 000,011,186 | ---- | C] () -- C:\Documents and Settings\Valence\Bureau\test plus metal.gp5

[2010/05/26 21:03:29 | 000,085,089 | ---- | C] () -- C:\Documents and Settings\Valence\Mes documents\gaelle école.gif

[2010/05/15 14:23:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/05/05 00:12:03 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll

[2010/05/03 12:19:45 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2010/05/03 12:19:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini

[2010/05/03 11:57:38 | 000,231,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\snphv71.sys

[2010/05/03 11:57:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnphv71.dll

[2010/05/03 11:57:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsnphv71.dll

[2010/05/03 11:57:38 | 000,015,494 | ---- | C] () -- C:\WINDOWS\snphv71.ini

[2010/04/05 15:57:52 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010/04/05 15:57:52 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010/03/20 17:31:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2010/03/19 22:26:10 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys

[2010/03/19 22:26:10 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys

[2010/03/13 13:28:59 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl

[2010/03/13 13:28:22 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg

[2010/03/13 13:28:21 | 000,002,421 | ---- | C] () -- C:\WINDOWS\cmudax3.ini

[2010/03/13 04:07:20 | 000,000,239 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/03/13 04:07:16 | 001,111,508 | ---- | C] () -- C:\WINDOWS\System32\xprouting.dll

[2010/03/13 04:07:16 | 000,063,158 | ---- | C] () -- C:\WINDOWS\System32\hdlayer.dll

[2010/02/01 03:49:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2008/04/10 11:31:10 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys

[2007/10/08 10:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini

[2007/10/08 10:12:02 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini

[2007/09/19 22:41:16 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini

[2007/08/29 15:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll

[2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2006/11/01 21:04:29 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll

[2006/01/08 15:53:24 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\hash2.dll

[2002/08/29 04:09:26 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys

 

========== LOP Check ==========

 

[2010/03/14 13:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2010/03/13 05:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG

[2010/06/02 07:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6

[2010/05/03 11:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/05/03 13:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/05/03 14:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin

[2010/05/03 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2010/04/27 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Apowersoft

[2010/03/14 13:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\DAEMON Tools Lite

[2010/06/11 23:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Football Superstars

[2010/06/24 16:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Free Download Manager

[2010/04/27 22:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\FreeFLVConverter

[2010/05/03 11:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\GetRightToGo

[2010/06/13 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Guitar Pro 6

[2010/06/17 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Mount&Blade

[2010/06/17 12:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Mount&Blade Warband

[2010/05/18 17:02:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valence\Application Data\netmarble

[2010/04/18 13:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\OpenOffice.org

[2010/03/20 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Samsung

[2010/03/13 05:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Software Informer

[2010/06/09 16:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\SystemRequirementsLab

[2010/05/15 11:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\translateclient

[2010/05/03 17:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Ubisoft

[2010/04/07 14:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valence\Application Data\Uniblue

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2010/05/13 23:47:51 | 000,001,915 | ---- | M] ()(C:\Documents and Settings\All Users\Bureau\Google?Earth.lnk) -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk

[2010/05/13 23:47:51 | 000,001,915 | ---- | C] ()(C:\Documents and Settings\All Users\Bureau\Google?Earth.lnk) -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk

< End of report >

 

 

 

 

Extra.txt

 

OTL Extras logfile created on: 25/06/2010 18:37:14 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Valence\Mes documents\Telechargements

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): C:\pagefile.sys 512 512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 35,58 Gb Free Space | 23,87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TEST

Current User Name: Valence

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp

"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)

"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)

"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)

"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision)

"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)

"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)

"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)

"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)

"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()

"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)

"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)

"C:\Program Files\Free Download Manager\fdmwi.exe" = C:\Program Files\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi -- ()

"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)

"C:\TT4You\tt4you.exe" = C:\TT4You\tt4you.exe:*:Enabled:tt4you Application -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23484C5A-E7AE-4F59-B7DF-88D63BEF18F4}" = PC Camera (602a VGA)

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2D3551DF-B54C-4F34-884D-8D51F1C62F03}" = Ma-Config.com

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{581CE7EA-A30D-11D6-8496-000000120101}" = ZD1211 802.11g Wireless LAN - USB

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = JPEG Camera v1.1.3.4

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1

"{97B3824E-B2D2-4C49-A860-BCA56F10B040}" = OpenOffice.org 3.2

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français

"{B26E49E2-9521-4677-95CB-63B117D84BD8}" = Gun Metal

"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camer@

"{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5B35376-6F9E-47B3-A9F8-791824EBFE0D}" = Samsung PC Studio 3

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E8DB24C1-5905-4270-B334-A19C2A34193E}" = µå·¡°ïº¼ ¿Â¶óÀÎ

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin

"7-Zip" = 7-Zip 4.65

"93F2806F-2CA0-4B63-9EFE-6B339E916AAC" = Homeworld 2 Battlestar Galactica Fleet Commander

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity_is1" = Audacity 1.2.6

"Champions Online" = Champions Online

"C-Media PCI Sound" = C-Media PCI Audio Device

"DivX Setup.divx.com" = Configuration DivX

"FINAL FANTASY VIII" = FINAL FANTASY VIII

"Football Superstars_is1" = Football Superstars

"Free Download Manager_is1" = Free Download Manager 3.0

"Free FLV Converter_is1" = Free FLV Converter V 6.7.7

"Google Chrome" = Google Chrome

"Guitar Pro 5_is1" = Guitar Pro 5.0

"HijackThis" = HijackThis 2.0.2

"Homeworld2" = Homeworld2

"ie8" = Windows Internet Explorer 8

"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG

"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"KOIELangPack" = Korean Language Support

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mount&Blade Warband" = Mount&Blade Warband

"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)

"Multilizer 2009 PDF Translator (Evaluation)_is1" = Multilizer 2009 PDF Translator (Evaluation) (Build 7.2.

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PhotoFiltre" = PhotoFiltre

"RAR Password Cracker" = RAR Password Cracker 4.12

"RealPlayer 12.0" = RealPlayer

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Satsuki Decoder Pack" = Satsuki Decoder Pack 4304

"Software Informer_is1" = Software Informer 1.0 BETA

"Some Text to PDF Converter_is1" = Some Text to PDF Converter 1.5

"Text To PDF_is1" = Text To PDF

"Translate Client" = Client for Google Translate

"VLC media player" = VLC media player 1.0.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 10

"Windows XP Service" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Patch Final Fantasy VIII" = Patch Final Fantasy VIII

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16/06/2010 22:09:26 | Computer Name = TEST | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 30/05/2010 13:27:41 | Computer Name = TEST | Source = DCOM | ID = 10010

Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistre

sur DCOM avant la fin du temps imparti.

 

Error - 30/05/2010 13:29:03 | Computer Name = TEST | Source = DCOM | ID = 10010

Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistre

sur DCOM avant la fin du temps imparti.

 

Error - 30/05/2010 13:30:43 | Computer Name = TEST | Source = DCOM | ID = 10010

Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistre

sur DCOM avant la fin du temps imparti.

 

Error - 30/05/2010 13:32:24 | Computer Name = TEST | Source = DCOM | ID = 10010

Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistre

sur DCOM avant la fin du temps imparti.

 

Error - 30/05/2010 13:34:05 | Computer Name = TEST | Source = DCOM | ID = 10010

Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistre

sur DCOM avant la fin du temps imparti.

 

Error - 30/05/2010 14:31:49 | Computer Name = TEST | Source = Workstation | ID = 5727

Description = Impossible de charger le pilote de peripherique MRxSmb.

 

Error - 30/05/2010 14:31:49 | Computer Name = TEST | Source = Workstation | ID = 5727

Description = Impossible de charger le pilote de peripherique RDR.

 

Error - 30/05/2010 14:33:53 | Computer Name = TEST | Source = DCOM | ID = 10010

Description = Le serveur {4991D34B-80A1-4291-83B6-3328366B9097} ne s'est pas enregistre

sur DCOM avant la fin du temps imparti.

 

Error - 30/05/2010 14:45:00 | Computer Name = TEST | Source = Workstation | ID = 5727

Description = Impossible de charger le pilote de peripherique MRxSmb.

 

Error - 30/05/2010 14:45:00 | Computer Name = TEST | Source = Workstation | ID = 5727

Description = Impossible de charger le pilote de peripherique RDR.

 

 

< End of report >

[no.ppp]

Salut,

 

Rends toi sur ce lien : Virus Total

• Clique sur le bouton Parcourir...
  
• Parcours tes dossiers jusque à ce fichier, si tu le trouves :

• C:\WINDOWS\System32\drivers\mfcoxvo.sys
  

• Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  
• Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  
• Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  
• Une nouvelle fenêtre de ton navigateur va apparaître
  
• Clique alors sur cette image :
  
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  
• Enfin colle le résultat dans ta prochaine réponse.
  NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

C:\Documents and Settings\Valence\Bureau\Cracks ... Cherche pas d'où vient ton infection, il faut supprimer le dossier et arrêter les cracks...

 

Évite The Avenger aussi : C:\Documents and Settings\Valence\Bureau\avenger.exe. Utilise-le seulement s'il te l'est demandé.

 

Relance OTL.exe.

 

• Copie-colle le code suivant dans la fenêtre Personnalisation
   

  
  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: [CmPCIaudio] File not found
  O4 - HKLM..\Run: [nwiz] File not found
  O4 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003..\Run: [fsm] File not found
  O4 - HKU\S-1-5-21-1659004503-1606980848-839522115-1003..\Run: [start WingMan Profiler] File not found
  :files
  C:\WINDOWS\System32\CF24636.exe
  C:\WINDOWS\System32\CF24512.exe
  C:\Documents and Settings\Valence\Bureau\ComboFix.exe
  C:\Documents and Settings\Valence\Bureau\avenger.exe
  C:\WINDOWS\system32\drivers\ntndis.sys
  :services
   
  :reg
   
  :commands
  [EmptyTemp]
  [EmptyFlash]
  [Purity]
  [CREATERESTOREPOINT]
  [ResetHosts]
  [Reboot]
  

• Clique ensuite sur Correction et patiente pendant que l'outil travaille.
  
• Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

[kenberal]

Bonjour, merci pour ta réponse ;

 

Alors voila pour virustotal ;

 

Fichier mfcoxvo.sys reçu le 2010.06.26 14:33:46 (UTC)

Antivirus Version Dernière mise à jour Résultat

a-squared 5.0.0.30 2010.06.26 -

AhnLab-V3 2010.06.27.00 2010.06.26 Win-Trojan/Avenger.61440

AntiVir 8.2.4.2 2010.06.25 -

Antiy-AVL 2.0.3.7 2010.06.25 Hoax/Win32.Agent.gen

Authentium 5.2.0.5 2010.06.25 -

Avast 4.8.1351.0 2010.06.26 -

Avast5 5.0.332.0 2010.06.26 -

AVG 9.0.0.836 2010.06.26 -

BitDefender 7.2 2010.06.26 -

CAT-QuickHeal 10.00 2010.06.26 Trojan.Agent.ATV

ClamAV 0.96.0.3-git 2010.06.26 Trojan.Spy.Banker-6335

Comodo 5222 2010.06.26 -

DrWeb 5.0.2.03300 2010.06.26 -

eSafe 7.0.17.0 2010.06.24 Win32.Banker

eTrust-Vet 36.1.7668 2010.06.25 -

F-Prot 4.6.1.107 2010.06.25 -

F-Secure 9.0.15370.0 2010.06.26 -

Fortinet 4.1.133.0 2010.06.26 -

GData 21 2010.06.26 -

Ikarus T3.1.1.84.0 2010.06.26 -

Jiangmin 13.0.900 2010.06.25 Hoax.Agent.f

Kaspersky 7.0.0.125 2010.06.26 -

McAfee 5.400.0.1158 2010.06.26 -

McAfee-GW-Edition 2010.1 2010.06.25 -

Microsoft 1.5902 2010.06.26 -

NOD32 5230 2010.06.26 -

Norman 6.05.10 2010.06.25 -

nProtect 2010-06-26.02 2010.06.26 Trojan/W32.Agent.61440.JQ

Panda 10.0.2.7 2010.06.26 Rootkit/Agent.LNB

PCTools 7.0.3.5 2010.06.26 -

Prevx 3.0 2010.06.26 -

Rising 22.53.04.05 2010.06.25 -

Sophos 4.54.0 2010.06.26 -

Sunbelt 6510 2010.06.26 -

Symantec 20101.1.0.89 2010.06.26 -

TheHacker 6.5.2.0.303 2010.06.25 -

TrendMicro 9.120.0.1004 2010.06.26 -

TrendMicro-HouseCall 9.120.0.1004 2010.06.26 -

VBA32 3.12.12.5 2010.06.25 -

ViRobot 2010.6.26.3907 2010.06.26 Hoax..Agent.61440

VirusBuster 5.0.27.0 2010.06.26 -

Information additionnelle

File size: 61440 bytes

MD5   : 589312a3b46721c5a751e4d5222a89be

SHA1  : 3a497d3968a4f6e3c648d196da38e5f98e75ec30

SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae

PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xD394<br> timedatestamp.....: 0x476B398B (Fri Dec 21 04:56:59 2007)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x400 0xD756 0xD780 5.52 e0dc8fff10e3a7c6343455cd02a67954<br>.rdata 0xDB80 0x10E 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302<br>.data 0xDD00 0xC0 0x100 0.04 66a415a49d751cb335895306ecfb3389<br>INIT 0xDE00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc<br>.reloc 0xE180 0xE2C 0xE80 6.60 4f845320301140370066cbceee4c5e4c<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br>

TrID  : File type identification<br>Clipper DOS Executable (33.3%)<br>Generic Win/DOS Executable (33.0%)<br>DOS Executable Generic (33.0%)<br>VXD Driver (0.5%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

ThreatExpert: <a href="http://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be"'>http://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">ThreatExpert Report: Win-Trojan/Avenger.61440</a>

ssdeep: 768:UzNrXvTHr4DU6K5H5VLvDcLugwoMcq5+x7J1uQ9VP:QTG2VrOuN+lJpP

sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6"'>http://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6" target="_blank">Prevx</a>

PEiD  : -

CWSandbox: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be"'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be</a>

RDS   : NSRL Reference Data Set<br>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 5.0.0.30 2010.06.26 -

AhnLab-V3 2010.06.27.00 2010.06.26 Win-Trojan/Avenger.61440

AntiVir 8.2.4.2 2010.06.25 -

Antiy-AVL 2.0.3.7 2010.06.25 Hoax/Win32.Agent.gen

Authentium 5.2.0.5 2010.06.25 -

Avast 4.8.1351.0 2010.06.26 -

Avast5 5.0.332.0 2010.06.26 -

AVG 9.0.0.836 2010.06.26 -

BitDefender 7.2 2010.06.26 -

CAT-QuickHeal 10.00 2010.06.26 Trojan.Agent.ATV

ClamAV 0.96.0.3-git 2010.06.26 Trojan.Spy.Banker-6335

Comodo 5222 2010.06.26 -

DrWeb 5.0.2.03300 2010.06.26 -

eSafe 7.0.17.0 2010.06.24 Win32.Banker

eTrust-Vet 36.1.7668 2010.06.25 -

F-Prot 4.6.1.107 2010.06.25 -

F-Secure 9.0.15370.0 2010.06.26 -

Fortinet 4.1.133.0 2010.06.26 -

GData 21 2010.06.26 -

Ikarus T3.1.1.84.0 2010.06.26 -

Jiangmin 13.0.900 2010.06.25 Hoax.Agent.f

Kaspersky 7.0.0.125 2010.06.26 -

McAfee 5.400.0.1158 2010.06.26 -

McAfee-GW-Edition 2010.1 2010.06.25 -

Microsoft 1.5902 2010.06.26 -

NOD32 5230 2010.06.26 -

Norman 6.05.10 2010.06.25 -

nProtect 2010-06-26.02 2010.06.26 Trojan/W32.Agent.61440.JQ

Panda 10.0.2.7 2010.06.26 Rootkit/Agent.LNB

PCTools 7.0.3.5 2010.06.26 -

Prevx 3.0 2010.06.26 -

Rising 22.53.04.05 2010.06.25 -

Sophos 4.54.0 2010.06.26 -

Sunbelt 6510 2010.06.26 -

Symantec 20101.1.0.89 2010.06.26 -

TheHacker 6.5.2.0.303 2010.06.25 -

TrendMicro 9.120.0.1004 2010.06.26 -

TrendMicro-HouseCall 9.120.0.1004 2010.06.26 -

VBA32 3.12.12.5 2010.06.25 -

ViRobot 2010.6.26.3907 2010.06.26 Hoax..Agent.61440

VirusBuster 5.0.27.0 2010.06.26 -

 

Information additionnelle

File size: 61440 bytes

MD5   : 589312a3b46721c5a751e4d5222a89be

SHA1  : 3a497d3968a4f6e3c648d196da38e5f98e75ec30

SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae

PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xD394<br> timedatestamp.....: 0x476B398B (Fri Dec 21 04:56:59 2007)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x400 0xD756 0xD780 5.52 e0dc8fff10e3a7c6343455cd02a67954<br>.rdata 0xDB80 0x10E 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302<br>.data 0xDD00 0xC0 0x100 0.04 66a415a49d751cb335895306ecfb3389<br>INIT 0xDE00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc<br>.reloc 0xE180 0xE2C 0xE80 6.60 4f845320301140370066cbceee4c5e4c<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br>

TrID  : File type identification<br>Clipper DOS Executable (33.3%)<br>Generic Win/DOS Executable (33.0%)<br>DOS Executable Generic (33.0%)<br>VXD Driver (0.5%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

ThreatExpert: <a href="http://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">ThreatExpert Report: Win-Trojan/Avenger.61440</a>

ssdeep: 768:UzNrXvTHr4DU6K5H5VLvDcLugwoMcq5+x7J1uQ9VP:QTG2VrOuN+lJpP

sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6" target="_blank">Prevx</a>

PEiD  : -

CWSandbox: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be</a>

RDS   : NSRL Reference Data Set<br>-

 

OTL ;

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmPCIaudio deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Start WingMan Profiler deleted successfully.

========== FILES ==========

C:\WINDOWS\System32\CF24636.exe moved successfully.

C:\WINDOWS\System32\CF24512.exe moved successfully.

C:\Documents and Settings\Valence\Bureau\ComboFix.exe moved successfully.

C:\Documents and Settings\Valence\Bureau\avenger.exe moved successfully.

File\Folder C:\WINDOWS\system32\drivers\ntndis.sys not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 23715108 bytes

->Flash cache emptied: 434 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1578350 bytes

 

User: Valence

->Temp folder emptied: 1251090394 bytes

->Temporary Internet Files folder emptied: 2276471813 bytes

->Java cache emptied: 775320 bytes

->FireFox cache emptied: 68250738 bytes

->Flash cache emptied: 45273 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1704053 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10456780 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2896193 bytes

RecycleBin emptied: 3237393584 bytes

 

Total Files Cleaned = 6.556,00 mb

 

 

[EMPTYFLASH]

 

User: Administrateur

 

User: All Users

 

User: Default User

 

User: LocalService

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

User: Valence

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

Restore point Set: OTL Restore Point (0)

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.7.0 log created on 06262010_163952

 

 

Malwares'byte ;

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de donn?s: 4244

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

26/06/2010 17:26:15

mbam-log-2010-06-26 (17-26-15).txt

 

Type d'examen: Examen rapide

El?ent(s) analys?s): 126786

Temps ?oul? 7 heure(s), 51 minute(s)

 

Processus m?oire infect?s): 1

Module(s) m?oire infect?s): 0

Cl?s) du Registre infect?(s): 0

Valeur(s) du Registre infect?(s): 0

El?ent(s) de donn?s du Registre infect?s): 0

Dossier(s) infect?s): 0

Fichier(s) infect?s): 4

 

Processus m?oire infect?s):

C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Unloaded process successfully.

 

Module(s) m?oire infect?s):

(Aucun ??ent nuisible d?ect?

 

Cl?s) du Registre infect?(s):

(Aucun ??ent nuisible d?ect?

 

Valeur(s) du Registre infect?(s):

(Aucun ??ent nuisible d?ect?

 

El?ent(s) de donn?s du Registre infect?s):

(Aucun ??ent nuisible d?ect?

 

Dossier(s) infect?s):

(Aucun ??ent nuisible d?ect?

 

Fichier(s) infect?s):

C:\WINDOWS\system32\drivers\mfcoxvo.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Modifié le 26 juin 2010 par kenberal

[kenberal]

Parcontre les fichier ntndis et ipsecndis.sys sont introuvables dans l'explorer, je ne comprends pas

cependant j'ai deja fait plusieurs fois cette suppresion via malware'sbyte mais les fichiers semblent

pourtant subsister.

[no.ppp]

Salut,

 

Télécharge SEAF sur ton Bureau.

• 
   
  
• Double-clique sur le fichier SEAF.exe
  
• Suis les instructions à cocher sur cette fenêtre:
  
• 
  

• 
   
  
• Occurrences à rechercher : Tape :
   
  
  • 
     
    
  • ntndis
    
  • ipsecndis
    

  [*]Coche "Chercher également dans le registre"

  [*]Calculer le cheksum.

  [*]Coche Informations suppémentaires

  [*]La recherche dure quelques minutes et produit un rapport C:\SEAFlog.txt à copier-coller dans ta prochaine réponse.

 

Télécharge gmer sur ton Bureau et dézippe-le (clic droit et extraire ici).

• 
   
  
• Double-clique sur gmer.exe sur le Bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  
• Clique sur l'onglet "rootkit", puis vérifie que toutes les cases sont cochées.
  
• Clique sur scan.
  
• A la fin du scan, clique sur le bouton copy.
  
• Ouvre le Bloc-notes et clique sur CTRL+V afin de coller le rapport. Enregistre-le.
  
• Édite ce rapport dans ta prochaine réponse.
  

Modifié le 26 juin 2010 par no.ppp

[kenberal]

Bonjour,

 

Voici pour SAEF ;

 

1. ========================= SEAF 1.0.0.7 - C_XX

2.

3. Commence a: 11:21:35 le 27/06/2010

4.

5. Valeur(s) recherchee(s):

6.

7. ntndis

8. ipsecndis

9.

10. (!) --- Informations supplementaires

11. (!) --- Recherche registre

12.

13. ====== Fichier(s) (TC: Date de creation, TM: Date de modification, DA, Dernier acces) ======

14.

15. Aucun fichier trouve

16.

17. ====== Dossier(s) (TC: Date de creation, TM: Date de modification, DA, Dernier acces) ======

18.

19. Aucun dossier trouve

20.

21.

22. ====== Entree(s) du registre ======

23.

24.

25.

26. [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]

27. "020"="ntndis"

28.

29. [HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]

30. "020"="ntndis"

31.

32.

33.

34. [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]

35. "019"="ipsecndis.sys"

36.

37. [HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]

38. "019"="ipsecndis.sys"

39.

40. =========================

41.

42. Fin a: 11:24:59 le 27/06/2010 ( E.O.F )

 

Parcontre j'ai des freeze a chaque scan de gmer

[no.ppp]

Salut,

 

 

OK, pour Gmer, coche uniquement "Sections" et "files" pour voir s'il freeze toujours.

 

 

Sauvegarde ta Base de Registre : Sauvegarde de la base de registre

 

 

Relance OTL.exe.

• Copie-colle le code suivant dans la fenêtre Personnalisation

  
  :files
  C:\WINDOWS\system32\Drivers\ntndis.sys
  C:\WINDOWS\system32\ipsecndis.sys
  :services
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
  "020"=-
  [HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]
  "020"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
  "019"=-
  [HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]
  "019"=-
  :commands
  [EmptyTemp]
  [EmptyFlash]
  [Purity]
  [CREATERESTOREPOINT]
  [ResetHosts]
  [Reboot]
  

• Clique ensuite sur Correction et patiente pendant que l'outil travaille.
  
• Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

Modifié le 27 juin 2010 par no.ppp

[kenberal]

Non, meme avec files et sections, ca fait toujour planter mon pc :s

il ne sauve pas automatiquement le scan dans un dossier ?

Car quand je laisse tourner uniquement le scan de gmer sans rien toucher, il finit le scan, je fais clique sur copy et direct après sa freeze, a chaque fois

 

 

OTL ;

All processes killed

========== FILES ==========

File\Folder C:\WINDOWS\system32\Drivers\ntndis.sys not found.

File\Folder C:\WINDOWS\system32\ipsecndis.sys not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\020 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603\\020 not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\019 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1659004503-1606980848-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603\\019 not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1656503 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

 

User: Valence

->Temp folder emptied: 527850884 bytes

->Temporary Internet Files folder emptied: 2051984 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 37967966 bytes

->Flash cache emptied: 3285 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 104448 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1972141196 bytes

 

Total Files Cleaned = 2.424,00 mb

 

 

[EMPTYFLASH]

 

User: Administrateur

 

User: All Users

 

User: Default User

 

User: LocalService

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

User: Valence

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

Restore point Set: OTL Restore Point (0)

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.7.0 log created on 06272010_153548

Modifié le 27 juin 2010 par kenberal