Mon ordi a été infecté par vsbntlo

[sacha99]

Bonjour,

 

Le logiciel me met error : invalid registry syntax in command......... only registry keys under the HKEY_... are accessible to this program

[nardino]

Bonjour

 

J'ai rectifié le script, peux-tu recommencer.

(Première utilisation de l'outil pour ma part.)

Désolé.

@+

[sacha99]

J'ai hésité a le modifier moi-même vu le message d'erreur mais bon je préfère laisser faire les pros ^^

Pas de problèmes pour ton erreur merci de te dévouer comme ca

 

voici quand même le premier rapport, je te poste le suivant dès que j'ai refait le script :

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows NT 6.0 (build 6002, Service Pack 2)

Wed Aug 25 13:09:09 2010

 

13:09:03: Error: Invalid registry syntax in command:

"[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP]"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)

13:09:09: Error: Execution aborted by user!

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows NT 6.0 (build 6002, Service Pack 2)

Wed Aug 25 13:12:05 2010

 

13:11:55: Error: Invalid registry syntax in command:

"[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP]"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)

13:12:00: Error: Invalid registry syntax in command:

"[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP]"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)

13:12:02: Error: Invalid registry syntax in command:

"[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP]"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

 

Platform: Windows Vista

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

Driver "HHAKKP" deleted successfully.

File "c:\windows\system32\drivers\hhakkp.sys" deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

EDIT : voila le deuxieme rapport. Par contre j'ai aussi un problème lorsque j'allume l'ordi, il s'éteint lorsqu'on arrive à la page de choix de session, lorsqu'on le rallume une deuxième fois, pas de problème par contre !

Et sinon antivir détecte a chaque allumage hhakkp comme un virus, j'ai mis l'option par défaut "deny access" dois je le deleter ?

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows Vista

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\HHAKKP" not found!

Deletion of driver "HHAKKP" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\drivers\hhakkp.sys" not found!

Deletion of file "c:\windows\system32\drivers\hhakkp.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HHAKKP" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HHAKKP" deleted successfully.

 

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HHAKKP" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

Modifié le 25 août 2010 par sacha99

[sacha99]

je up car je ne suis pas sur que tuaies vu mon edit

[nardino]

Bonjour

 

Quelles sont les améliorations constatées après The Avenger ?

Refais un Combofix pour contrôle

Et refais un log.txt de RSIT.

 

@+

[sacha99]

Aucune amélioration, je dois encore forcer l'extinction de l'ordi, pour le démarrage ca a marché ce coup-ci mais je ne sais pas si ca le fait a chaque fois.

 

ComboFix 10-08-24.0A - dieryck 25/08/2010 14:58:02.2.2 - x86

Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

Une copie infectée de c:\windows\system32\wininit.exe a été trouvée et désinfectée

Copie restaurée à partir de - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-25 au 2010-08-25 ))))))))))))))))))))))))))))))))))))

.

 

2010-08-25 13:03 . 2010-08-25 13:03 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-08-25 13:03 . 2010-08-25 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-24 21:32 . 2010-08-24 21:36 -------- d-----w- c:\program files\SEAF

2010-08-24 18:58 . 2010-08-24 18:58 -------- d-----w- c:\program files\Kolor

2010-08-24 16:22 . 2010-08-25 13:14 -------- d-----w- c:\users\dieryck\AppData\Local\temp

2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro

2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit

2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes

2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes

2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33

2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-05 19:27 . 2010-08-25 13:14 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype

2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype

2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype

2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-25 12:59 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater

2010-08-24 20:04 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent

2010-08-24 16:37 . 2008-01-21 08:40 678804 ----a-w- c:\windows\system32\perfh00C.dat

2010-08-24 16:37 . 2008-01-21 08:40 126420 ----a-w- c:\windows\system32\perfc00C.dat

2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts

2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2

2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs

2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy

2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo

2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft

2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft

2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft

2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET

2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-15 19:12 . 2009-09-22 15:56 1 ----a-w- c:\users\dieryck\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]

2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]

R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-17 691696]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-05-08 269824]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-08-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49]

 

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50]

 

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50]

 

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job

- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]

.

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6522

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-25 15:13

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd,

6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*]

"datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2,

eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\

"rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(2492)

c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\program files\Secunia\PSI\psi.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Heure de fin: 2010-08-25 15:21:45 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-08-25 13:21

ComboFix2.txt 2010-08-24 16:22

ComboFix3.txt 2010-08-24 12:07

 

Avant-CF: 31.019.708.416 octets libres

Après-CF: 30.884.646.912 octets libres

 

- - End Of File - - B04D7E6053F119AEE8762E76FEB60DBB

 

et le rapport rsit :

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by dieryck at 2010-08-25 15:24:14

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 29 GB (6%) free of 477 GB

Total RAM: 2046 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:24:17, on 25/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\dieryck\Desktop\RSIT.exe

C:\Program Files\trend micro\dieryck.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sys32V2Contoller] C:\Windows\mw2mmgr32\mw2mmgr32.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate1c9b239ebb99295) (gupdate1c9b239ebb99295) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 22121 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-31 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-13 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

"Sys32V2Contoller"=C:\Windows\mw2mmgr32\mw2mmgr32.exe [2010-05-21 221696]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2009-08-06 41051]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

 

======List of files/folders created in the last 1 months======

 

2010-08-25 15:21:48 ----D---- C:\Windows\temp

2010-08-25 15:21:46 ----A---- C:\ComboFix.txt

2010-08-25 15:13:33 ----D---- C:\$RECYCLE.BIN

2010-08-25 14:53:13 ----A---- C:\Windows\SWXCACLS.exe

2010-08-25 13:20:41 ----A---- C:\avenger.txt

2010-08-24 23:36:50 ----A---- C:\SEAFlog.txt

2010-08-24 23:32:54 ----A---- C:\TmpSeaf.txt

2010-08-24 23:32:36 ----D---- C:\Program Files\SEAF

2010-08-24 22:09:59 ----D---- C:\Avenger

2010-08-24 20:58:12 ----D---- C:\Program Files\Kolor

2010-08-24 18:03:24 ----A---- C:\Windows\PEV.exe

2010-08-24 17:50:58 ----A---- C:\TDSSKiller.2.4.1.2_24.08.2010_17.50.58_log.txt

2010-08-24 13:54:20 ----ASH---- C:\hiberfil.sys

2010-08-24 00:00:54 ----A---- C:\Windows\NIRCMD.exe

2010-08-23 22:35:16 ----A---- C:\Windows\zip.exe

2010-08-23 22:35:16 ----A---- C:\Windows\SWSC.exe

2010-08-23 22:35:16 ----A---- C:\Windows\SWREG.exe

2010-08-23 22:35:16 ----A---- C:\Windows\sed.exe

2010-08-23 22:35:16 ----A---- C:\Windows\MBR.exe

2010-08-23 22:35:16 ----A---- C:\Windows\grep.exe

2010-08-23 22:35:10 ----D---- C:\Windows\ERDNT

2010-08-23 22:33:52 ----D---- C:\Qoobox

2010-08-23 16:43:47 ----D---- C:\Program Files\trend micro

2010-08-23 16:43:46 ----D---- C:\rsit

2010-08-23 11:08:18 ----D---- C:\Users\dieryck\AppData\Roaming\Malwarebytes

2010-08-23 11:08:12 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys

2010-08-23 11:08:11 ----D---- C:\ProgramData\Malwarebytes

2010-08-23 11:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-08-23 11:08:11 ----A---- C:\Windows\system32\drivers\mbam.sys

2010-08-22 23:46:35 ----D---- C:\Windows\Minidump

2010-08-22 23:46:29 ----A---- C:\Windows\ntbtlog.txt

2010-08-11 17:27:26 ----A---- C:\Windows\system32\mshtml.dll

2010-08-11 17:27:26 ----A---- C:\Windows\system32\iertutil.dll

2010-08-11 17:27:25 ----A---- C:\Windows\system32\urlmon.dll

2010-08-11 17:27:25 ----A---- C:\Windows\system32\ieframe.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\wininet.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\occache.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\mstime.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedssync.exe

2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeeds.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\jsproxy.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieUnatt.exe

2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieui.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesysprep.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesetup.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iernonce.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iepeers.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iedkcs32.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\ie4uinit.exe

2010-08-11 17:27:15 ----A---- C:\Windows\system32\iccvid.dll

2010-08-11 17:27:14 ----A---- C:\Windows\system32\schannel.dll

2010-08-11 17:27:08 ----A---- C:\Windows\system32\win32k.sys

2010-08-11 17:27:04 ----A---- C:\Windows\system32\rtutils.dll

2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv2.sys

2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv.sys

2010-08-11 17:26:43 ----A---- C:\Windows\system32\msxml3.dll

2010-08-11 17:26:41 ----A---- C:\Windows\system32\drivers\tcpip.sys

2010-08-05 21:27:26 ----D---- C:\Users\dieryck\AppData\Roaming\Skype

2010-08-05 21:26:22 ----D---- C:\Program Files\Common Files\Skype

2010-08-05 21:26:21 ----RD---- C:\Program Files\Skype

2010-08-05 21:26:12 ----D---- C:\ProgramData\Skype

2010-08-03 11:00:12 ----A---- C:\Windows\system32\shell32.dll

 

======List of files/folders modified in the last 1 months======

 

2010-08-25 15:24:17 ----D---- C:\Windows\Prefetch

2010-08-25 15:21:48 ----D---- C:\Windows\system32\drivers

2010-08-25 15:21:48 ----D---- C:\Windows

2010-08-25 15:15:52 ----D---- C:\Windows\Tasks

2010-08-25 15:13:43 ----A---- C:\Windows\system.ini

2010-08-25 15:13:29 ----D---- C:\Windows\system32\drivers\etc

2010-08-25 15:03:07 ----D---- C:\Windows\System32

2010-08-25 15:01:13 ----D---- C:\Windows\AppPatch

2010-08-25 15:01:13 ----D---- C:\Program Files\Common Files

2010-08-25 14:59:14 ----D---- C:\ProgramData\Google Updater

2010-08-24 23:32:36 ----RD---- C:\Program Files

2010-08-24 22:09:59 ----D---- C:\ProgramData

2010-08-24 22:04:48 ----D---- C:\Users\dieryck\AppData\Roaming\uTorrent

2010-08-24 20:58:12 ----SHD---- C:\Windows\Installer

2010-08-24 20:57:38 ----SHD---- C:\System Volume Information

2010-08-24 18:37:56 ----D---- C:\Windows\inf

2010-08-24 18:37:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-08-24 13:50:06 ----D---- C:\Windows\system32\wbem

2010-08-24 13:41:06 ----D---- C:\Windows\system32\catroot2

2010-08-23 12:33:00 ----D---- C:\Windows\Globalization

2010-08-23 11:38:19 ----D---- C:\Windows\Provisioning

2010-08-23 00:18:59 ----D---- C:\Windows\system32\Tasks

2010-08-23 00:03:43 ----D---- C:\Windows\system32\spool

2010-08-23 00:03:43 ----D---- C:\Windows\registration

2010-08-22 23:51:56 ----D---- C:\Windows\system32\Msdtc

2010-08-16 01:50:58 ----SD---- C:\Windows\Downloaded Program Files

2010-08-12 12:17:53 ----D---- C:\Windows\winsxs

2010-08-12 12:16:10 ----D---- C:\Windows\Microsoft.NET

2010-08-12 12:15:44 ----RSD---- C:\Windows\assembly

2010-08-12 12:04:51 ----D---- C:\Windows\system32\migration

2010-08-12 12:04:51 ----D---- C:\Program Files\Internet Explorer

2010-08-12 12:04:48 ----D---- C:\Program Files\Movie Maker

2010-08-12 11:44:26 ----D---- C:\Windows\system32\catroot

2010-08-12 11:44:19 ----D---- C:\Program Files\Windows Mail

2010-08-04 17:12:50 ----D---- C:\Program Files\Common Files\Adobe

2010-08-04 17:12:07 ----D---- C:\Program Files\Common Files\PX Storage Engine

2010-08-04 17:11:57 ----D---- C:\Program Files\Adobe

2010-08-03 20:12:23 ----HD---- C:\Program Files\InstallShield Installation Information

2010-08-03 20:12:23 ----D---- C:\Program Files\Electronic Arts

2010-08-03 20:10:17 ----D---- C:\Program Files\Pcsx2

2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe

2010-08-03 20:05:10 ----D---- C:\ProgramData\Media Center Programs

2010-08-03 08:45:01 ----D---- C:\Program Files\Mozilla Firefox

2010-08-02 07:15:14 ----A---- C:\Windows\win.ini

2010-08-01 22:50:42 ----HD---- C:\Windows\mw2mmgr32

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]

R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 281760]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]

R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25888]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968]

R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680]

R3 ovt530;Webcam Deluxe; C:\Windows\System32\Drivers\ov530vid.sys [2005-03-15 161792]

R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-29 104448]

R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 mbr;mbr; \??\C:\Users\dieryck\AppData\Local\Temp\mbr.sys []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-17 691696]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-30 75064]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 183280]

S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]

S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

 

-----------------EOF-----------------

 

a+

[nardino]

Bonsoir.

Nous allons attaquer la dernière ligne droite.

 

Fais un scan complet avec ton antivirus mis à jour.

 

Fais un scan complet avec Malwarebytes.

 

Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY

 

Double-clique sur le fichier mbam-setup-1.46.exe (sous Vista et 7 autorise les modifications)

A la fin de l'installation, veille à ce que les options suivantes soient cochées

• -Mettre à jour Malwarebytes' Anti-Malware
  -Exécuter Malwarebytes' Anti-Malware

Clique sur Terminer

Une fenêtre Mise à jour de Malwarebytes' Anti-Malware va s'ouvrir avec une barre de progression.

Puis une autre annonçant le succès de la mise à jour de la base de données. Clique sur OK.

Le programme s'ouvre sur l'onglet Recherche.

Coche Exécuter un examen rapide, clique sur le bouton

 

A la fin du scan, sélectionne tout et clique sur Supprimer la sélection

 

Poste le rapport qui s'ouvre après cette suppression.

Redémarre le pc si cela est demandé

Tu peux retrouver le rapport dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.

 

Dans le menu Windows, Tous les programmes, Accessoires tu cliques droit sur Invite de commandes et dans le menu sur Exécuter en tant qu'administrateur.

Une fenêtre de type DOS s'ouvre.

-Au prompt, tu tapes sfc /scannow, tu appuies sur [Entrer] et tu laisses l'opération se faire jusqu'au bout.

Ceci pour vérifier l'intégrité des fichiers système.

"Démarrage de la phase de vérification de l'analyse du système.

La vérification ..% est terminée"

Apparait sur la fenêtre.

Laisse faire, cela peut prendre un certain temps selon ta configuration et l'état des fichiers système.

Compte au moins 10 minutes

A la fin du scan, un rapport succinct sera affiché dans cette même fenêtre.

Tu le notifies ici et tu refermes la fenêtre.

 

Et bien sûr tu me donnes des nouvelles de l'évolution de la situation.

 

@+