Virus: heur:trojan.win32.invader

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1728
Windows 6.0.6001 Service Pack 1

05/02/2009 00:56:07
mbam-log-2009-02-05 (00-56-07).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 150845
Temps écoulé: 1 hour(s), 43 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2FREE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGAS.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROTTRAY.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVFNSVR.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSRV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBPROXY.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Windows\System32\ajsjfukj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Rom@in\AppData\Local\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

salut,
désolé je me suis absenté donc j'ai fait les deux rapport.
par ailleurs je pense que le virus win 32 a endommagé mon ordi car maintenant windows instaler ne fonctione plus ainsi que internet explorer et windows media player.mon antivirus kaspersky 2009 trouve le virus win 32 un peu partout a chaque démarrage il le supprime a chaque emplacement mais il est toujours là.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rom@in at 2009-02-10 11:14:31
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 23 GB (22%) free of 106 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:03, on 10/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rom@in\Desktop\log virus\RSIT.exe
C:\Program Files\trend micro\Rom@in.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
End of file - 4523 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-01-20 1451248]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

C:\Users\Rom@in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com


======File associations======

.js - open -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-06 14:01:04 ----A---- C:\Windows\system32\uxtuneup.dll
2009-02-05 00:47:15 ----HD---- C:\Windows\msdownld.tmp
2009-02-04 22:52:02 ----A---- C:\Windows\system32\wscript.exe
2009-02-04 22:52:02 ----A---- C:\Windows\system32\mshta.exe
2009-02-04 22:51:05 ----D---- C:\Users\Rom@in\AppData\Roaming\Malwarebytes
2009-02-04 22:50:41 ----D---- C:\ProgramData\Malwarebytes
2009-02-04 22:50:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:28:10 ----A---- C:\ComboFix.txt
2009-02-04 22:18:01 ----D---- C:\ComboFix
2009-02-04 21:21:07 ----D---- C:\Windows\temp
2009-02-04 21:18:04 ----A---- C:\Windows\zip.exe
2009-02-04 21:18:04 ----A---- C:\Windows\VFIND.exe
2009-02-04 21:18:04 ----A---- C:\Windows\SWXCACLS.exe
2009-02-04 21:18:04 ----A---- C:\Windows\sed.exe
2009-02-04 21:18:04 ----A---- C:\Windows\grep.exe
2009-02-04 21:18:04 ----A---- C:\Windows\fdsv.exe
2009-02-04 21:17:55 ----D---- C:\Windows\ERDNT
2009-02-04 21:17:55 ----D---- C:\Qoobox
2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
2009-02-04 20:46:14 ----D---- C:\rsit
2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-02-04 02:38:39 ----D---- C:\kav
2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 22:07:32 ----D---- C:\Windows\system32\systeme34
2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50:20 ----D---- C:\Program Files\Nero
2009-02-02 22:34:49 ----A---- C:\Windows\system32\75bda9d8-.txt
2009-02-02 21:54:28 ----D---- C:\Users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44:34 ----D---- C:\Program Files\Archos
2009-02-02 12:00:17 ----D---- C:\Windows\Speeditup Free
2009-02-02 12:00:17 ----D---- C:\Program Files\Speeditup Free
2009-01-20 18:12:23 ----D---- C:\Program Files\Electronic Arts
2009-01-20 12:38:29 ----D---- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-14 17:35:49 ----D---- C:\Users\Rom@in\AppData\Roaming\Ubisoft

======List of files/folders modified in the last 1 months======

2009-02-10 11:12:21 ----D---- C:\Windows
2009-02-10 11:11:29 ----D---- C:\Program Files\Mozilla Firefox
2009-02-10 11:09:19 ----D---- C:\Windows\Prefetch
2009-02-10 11:07:09 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-10 10:34:34 ----AD---- C:\Windows\System32
2009-02-10 01:32:51 ----D---- C:\Program Files\Steam
2009-02-09 22:18:04 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-09 19:14:22 ----SHD---- C:\System Volume Information
2009-02-09 13:32:40 ----D---- C:\Program Files\WinRAR
2009-02-08 21:34:30 ----RD---- C:\Program Files
2009-02-08 21:16:09 ----SHD---- C:\Windows\oem
2009-02-08 21:16:04 ----D---- C:\Program Files\Internet Explorer
2009-02-08 12:09:37 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-08 11:33:21 ----D---- C:\Program Files\Activision
2009-02-06 22:27:18 ----D---- C:\Program Files\JkDefrag
2009-02-06 14:00:22 ----D---- C:\Windows\system32\fr-FR
2009-02-06 14:00:22 ----D---- C:\Windows\system32\en-US
2009-02-06 08:57:36 ----D---- C:\Program Files\Common Files\Steam
2009-02-05 01:58:42 ----D---- C:\Windows\system32\Tasks
2009-02-05 01:32:46 ----SHD---- C:\boot
2009-02-05 01:32:45 ----D---- C:\Windows\system32\config
2009-02-04 22:51:01 ----D---- C:\Windows\system32\drivers
2009-02-04 22:50:41 ----HD---- C:\ProgramData
2009-02-04 22:24:17 ----A---- C:\Windows\system.ini
2009-02-04 22:21:39 ----D---- C:\Windows\AppPatch
2009-02-04 22:21:39 ----D---- C:\Program Files\Common Files
2009-02-04 21:54:21 ----D---- C:\Program Files\Total Video Converter
2009-02-04 21:53:32 ----D---- C:\Program Files\Screamer Radio
2009-02-04 20:27:43 ----D---- C:\Windows\system32\URTTEMP
2009-02-04 20:27:29 ----D---- C:\Windows\BisonCam
2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
2009-02-04 19:04:42 ----D---- C:\Windows\Tasks
2009-02-04 18:57:53 ----D---- C:\Windows\system32\catroot2
2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
2009-02-04 18:56:21 ----D---- C:\Program Files\Activision 2
2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
2009-02-04 18:39:17 ----HD---- C:\Config.Msi
2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
2009-02-04 15:26:20 ----D---- C:\Windows\system32\catroot
2009-02-04 15:26:20 ----D---- C:\Windows\inf
2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
2009-02-04 13:42:55 ----D---- C:\Windows\Debug
2009-02-04 13:31:48 ----D---- C:\Windows\winsxs
2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 02:14:38 ----RD---- C:\Users
2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy
2009-02-02 16:42:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-02 12:58:18 ----D---- C:\Program Files\Google
2009-02-02 12:48:21 ----D---- C:\ProgramData\Google
2009-02-02 11:56:05 ----D---- C:\PerfLogs
2009-02-02 08:51:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 08:51:45 ----D---- C:\Program Files\Ubisoft
2009-01-29 12:55:27 ----D---- C:\Users\Rom@in\AppData\Roaming\Skype
2009-01-28 17:25:01 ----D---- C:\Users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 22:08:00 ----RSD---- C:\Windows\assembly
2009-01-20 17:19:48 ----D---- C:\ProgramData\Electronic Arts
2009-01-20 12:17:46 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-01-15 20:24:08 ----D---- C:\Program Files\Packard Bell
2009-01-15 20:21:06 ----D---- C:\Program Files\VirtualDJ
2009-01-15 20:20:52 ----D---- C:\Users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 20:20:33 ----D---- C:\Program Files\Windows Live
2009-01-15 12:39:10 ----D---- C:\Program Files\Windows Mail
2009-01-15 12:38:54 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 17:35:49 ----D---- C:\ProgramData\Ubisoft
2009-01-12 01:32:24 ----D---- C:\ProgramData\ma-config.com
2009-01-12 01:32:24 ----D---- C:\Program Files\ma-config.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 ahhsi8qd;ahhsi8qd; C:\Windows\system32\drivers\ahhsi8qd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-06 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

-----------------EOF-----------------



malwarebytes:


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1729
Windows 6.0.6001 Service Pack 1

09/02/2009 16:37:13
mbam-log-2009-02-09 (16-37-13).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|J:\|)
Eléments examinés: 152361
Temps écoulé: 1 hour(s), 22 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)