Infesté par un virus help me SVP
lebouli59
-
esteban39250 Messages postés 5 Statut Membre -
esteban39250 Messages postés 5 Statut Membre -
Bonjour, voici le rapport log comme demandé dans la Méthode préliminaire de désinfection
Je suis infesté par le trojan spy goldgun (trouvé dans fichier video3D32
De plus ca fait 3 nou 4 jours que j'ai des ecrans bleu avec plusieurs drivers incriminés, dont celui la et aussi sptd.
J'ai desinstallé daemon tools et tout les aurtes fichiers recent (genre p2p et jeux), voici le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by boulifamily at 2009-07-18 14:48:05
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 42 GB (70%) free of 60 GB
Total RAM: 3327 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:11, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\boulifamily\Bureau\RSIT.exe
C:\Program Files\trend micro\boulifamily.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O20 - Winlogon Notify: rbadmm - rbadmm.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
--
End of file - 5883 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-03-24 321344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-07-17 64000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
F:\logiciels pour xp\riva tunner\RivaTuner v2.23\RivaTuner.exe [2009-02-15 2777088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent []
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-16 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadmm]
rbadmm.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadma.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rbadma.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\jeux pc\torrent\BitTorrent\bittorrent.exe"="F:\jeux pc\torrent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"F:\logiciels pour xp\torrent\utorrent.exe"="F:\logiciels pour xp\torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Ubisoft\World in Conflict\wic.exe"="C:\Program Files\Ubisoft\World in Conflict\wic.exe:*:Enabled:World in Conflict"
"C:\Program Files\Ubisoft\World in Conflict\wic_online.exe"="C:\Program Files\Ubisoft\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - En ligne uniquement"
"C:\Program Files\Ubisoft\World in Conflict\wic_ds.exe"="C:\Program Files\Ubisoft\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Serveur dédié"
"F:\jeux pc\steam\steamapps\common\medieval ii total war\Launcher.exe"="F:\jeux pc\steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War Kingdoms"
"C:\Program Files\Steam\steamapps\common\medieval ii total war\Launcher.exe"="C:\Program Files\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War"
"C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\PCM.exe"="F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
""="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:rundll32"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
"F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\PCM.exe"="F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-07-18 14:48:06 ----D---- C:\Program Files\trend micro
2009-07-18 14:48:05 ----D---- C:\rsit
2009-07-17 20:17:26 ----D---- C:\Program Files\a-squared Free
2009-07-17 19:27:05 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-07-17 19:19:23 ----D---- C:\Program Files\Unlocker
2009-07-17 18:55:37 ----D---- C:\!KillBox
2009-07-15 22:13:35 ----A---- C:\WINDOWS\system32\appdrvrem01.exe
2009-07-15 20:12:31 ----SHD---- C:\Config.Msi
2009-07-15 20:11:35 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-15 20:11:35 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-15 19:59:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-15 19:18:22 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-07-14 17:11:45 ----D---- C:\Documents and Settings\boulifamily\Application Data\Pro Cycling Manager 2009
2009-07-14 11:39:40 ----D---- C:\Program Files\Cyanide
2009-07-11 18:26:21 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-07-11 18:26:19 ----D---- C:\Documents and Settings\boulifamily\Application Data\Azureus
======List of files/folders modified in the last 1 months======
2009-07-18 14:48:06 ----RD---- C:\Program Files
2009-07-18 14:44:10 ----D---- C:\Documents and Settings\boulifamily\Application Data\DNA
2009-07-18 14:44:05 ----D---- C:\WINDOWS\Temp
2009-07-18 14:44:05 ----D---- C:\WINDOWS\system32
2009-07-18 14:38:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-18 14:34:10 ----D---- C:\Program Files\Mozilla Firefox
2009-07-18 14:34:08 ----D---- C:\Program Files\DNA
2009-07-18 14:34:02 ----D---- C:\WINDOWS
2009-07-18 14:14:01 ----D---- C:\WINDOWS\Prefetch
2009-07-18 09:13:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-17 20:58:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 20:23:49 ----D---- C:\WINDOWS\system32\drivers
2009-07-17 20:17:10 ----RSD---- C:\WINDOWS\assembly
2009-07-17 20:17:10 ----D---- C:\WINDOWS\system32\DirectX
2009-07-17 20:17:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-17 19:59:40 ----D---- C:\WINDOWS\WinSxS
2009-07-17 19:59:30 ----HD---- C:\WINDOWS\inf
2009-07-17 19:59:22 ----D---- C:\Program Files\Internet Explorer
2009-07-17 19:59:10 ----SHD---- C:\WINDOWS\Installer
2009-07-17 19:27:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-17 19:27:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 19:12:08 ----A---- C:\WINDOWS\WININIT.INI
2009-07-17 19:01:35 ----A---- C:\WINDOWS\DUMP4b22.tmp
2009-07-17 18:49:50 ----SHD---- C:\System Volume Information
2009-07-17 18:49:50 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 18:46:21 ----A---- C:\WINDOWS\DUMP4a86.tmp
2009-07-17 14:14:18 ----D---- C:\Program Files\Lx_cats
2009-07-15 20:18:53 ----RSH---- C:\boot.ini
2009-07-15 20:18:53 ----A---- C:\WINDOWS\win.ini
2009-07-15 20:18:53 ----A---- C:\WINDOWS\system.ini
2009-07-15 20:01:45 ----SHD---- C:\RECYCLER
2009-07-15 19:59:40 ----D---- C:\Documents and Settings
2009-07-15 19:59:31 ----D---- C:\WINDOWS\Minidump
2009-07-15 19:58:07 ----A---- C:\WINDOWS\DUMP4f0a.tmp
2009-07-15 19:27:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-15 19:19:14 ----D---- C:\Documents and Settings\boulifamily\Application Data\DAEMON Tools Lite
2009-07-15 18:42:58 ----A---- C:\WINDOWS\DUMP420a.tmp
2009-07-15 15:53:44 ----A---- C:\WINDOWS\DUMP440d.tmp
2009-07-15 15:52:10 ----A---- C:\WINDOWS\DUMP4ebc.tmp
2009-07-12 21:14:52 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-07-12 18:17:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 18:16:30 ----D---- C:\Program Files\Anuman Interactive
2009-07-12 12:10:55 ----D---- C:\Documents and Settings\boulifamily\Application Data\uTorrent
2009-07-12 11:56:38 ----D---- C:\Documents and Settings\boulifamily\Application Data\BlackBean
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2009-07-15 3033712]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-02 75096]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2009-07-15 8368]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-16 4069888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-06 4755968]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S1 rbadma;RAMDAC GPU Controller; C:\WINDOWS\system32\rbadma.sys [2009-07-15 8368]
S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\pilote mars 2009\4850\atidgllk.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 RivaTuner32;RivaTuner32; \??\F:\logiciels pour xp\riva tunner\RivaTuner v2.23\RivaTuner32.sys []
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-13 719392]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-16 602112]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [2008-01-29 598016]
R2 nSvcIp;ForceWare IP service; C:\Program Files\bin32\nSvcIp.exe [2008-01-29 163840]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2009-07-15 316816]
S2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe []
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2008-02-26 73728]
-----------------EOF-----------------
Je suis infesté par le trojan spy goldgun (trouvé dans fichier video3D32
De plus ca fait 3 nou 4 jours que j'ai des ecrans bleu avec plusieurs drivers incriminés, dont celui la et aussi sptd.
J'ai desinstallé daemon tools et tout les aurtes fichiers recent (genre p2p et jeux), voici le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by boulifamily at 2009-07-18 14:48:05
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 42 GB (70%) free of 60 GB
Total RAM: 3327 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:11, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\boulifamily\Bureau\RSIT.exe
C:\Program Files\trend micro\boulifamily.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O20 - Winlogon Notify: rbadmm - rbadmm.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
--
End of file - 5883 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-03-24 321344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-07-17 64000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
F:\logiciels pour xp\riva tunner\RivaTuner v2.23\RivaTuner.exe [2009-02-15 2777088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent []
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-16 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadmm]
rbadmm.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadma.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rbadma.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\jeux pc\torrent\BitTorrent\bittorrent.exe"="F:\jeux pc\torrent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"F:\logiciels pour xp\torrent\utorrent.exe"="F:\logiciels pour xp\torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Ubisoft\World in Conflict\wic.exe"="C:\Program Files\Ubisoft\World in Conflict\wic.exe:*:Enabled:World in Conflict"
"C:\Program Files\Ubisoft\World in Conflict\wic_online.exe"="C:\Program Files\Ubisoft\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - En ligne uniquement"
"C:\Program Files\Ubisoft\World in Conflict\wic_ds.exe"="C:\Program Files\Ubisoft\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Serveur dédié"
"F:\jeux pc\steam\steamapps\common\medieval ii total war\Launcher.exe"="F:\jeux pc\steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War Kingdoms"
"C:\Program Files\Steam\steamapps\common\medieval ii total war\Launcher.exe"="C:\Program Files\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War"
"C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\PCM.exe"="F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="F:\jeux pc\pro cycling\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
""="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:rundll32"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
"F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\PCM.exe"="F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="F:\jeux pc\pro cycling manager\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-07-18 14:48:06 ----D---- C:\Program Files\trend micro
2009-07-18 14:48:05 ----D---- C:\rsit
2009-07-17 20:17:26 ----D---- C:\Program Files\a-squared Free
2009-07-17 19:27:05 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-07-17 19:19:23 ----D---- C:\Program Files\Unlocker
2009-07-17 18:55:37 ----D---- C:\!KillBox
2009-07-15 22:13:35 ----A---- C:\WINDOWS\system32\appdrvrem01.exe
2009-07-15 20:12:31 ----SHD---- C:\Config.Msi
2009-07-15 20:11:35 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-15 20:11:35 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-15 19:59:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-15 19:18:22 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-07-14 17:11:45 ----D---- C:\Documents and Settings\boulifamily\Application Data\Pro Cycling Manager 2009
2009-07-14 11:39:40 ----D---- C:\Program Files\Cyanide
2009-07-11 18:26:21 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-07-11 18:26:19 ----D---- C:\Documents and Settings\boulifamily\Application Data\Azureus
======List of files/folders modified in the last 1 months======
2009-07-18 14:48:06 ----RD---- C:\Program Files
2009-07-18 14:44:10 ----D---- C:\Documents and Settings\boulifamily\Application Data\DNA
2009-07-18 14:44:05 ----D---- C:\WINDOWS\Temp
2009-07-18 14:44:05 ----D---- C:\WINDOWS\system32
2009-07-18 14:38:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-18 14:34:10 ----D---- C:\Program Files\Mozilla Firefox
2009-07-18 14:34:08 ----D---- C:\Program Files\DNA
2009-07-18 14:34:02 ----D---- C:\WINDOWS
2009-07-18 14:14:01 ----D---- C:\WINDOWS\Prefetch
2009-07-18 09:13:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-17 20:58:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 20:23:49 ----D---- C:\WINDOWS\system32\drivers
2009-07-17 20:17:10 ----RSD---- C:\WINDOWS\assembly
2009-07-17 20:17:10 ----D---- C:\WINDOWS\system32\DirectX
2009-07-17 20:17:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-17 19:59:40 ----D---- C:\WINDOWS\WinSxS
2009-07-17 19:59:30 ----HD---- C:\WINDOWS\inf
2009-07-17 19:59:22 ----D---- C:\Program Files\Internet Explorer
2009-07-17 19:59:10 ----SHD---- C:\WINDOWS\Installer
2009-07-17 19:27:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-17 19:27:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 19:12:08 ----A---- C:\WINDOWS\WININIT.INI
2009-07-17 19:01:35 ----A---- C:\WINDOWS\DUMP4b22.tmp
2009-07-17 18:49:50 ----SHD---- C:\System Volume Information
2009-07-17 18:49:50 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 18:46:21 ----A---- C:\WINDOWS\DUMP4a86.tmp
2009-07-17 14:14:18 ----D---- C:\Program Files\Lx_cats
2009-07-15 20:18:53 ----RSH---- C:\boot.ini
2009-07-15 20:18:53 ----A---- C:\WINDOWS\win.ini
2009-07-15 20:18:53 ----A---- C:\WINDOWS\system.ini
2009-07-15 20:01:45 ----SHD---- C:\RECYCLER
2009-07-15 19:59:40 ----D---- C:\Documents and Settings
2009-07-15 19:59:31 ----D---- C:\WINDOWS\Minidump
2009-07-15 19:58:07 ----A---- C:\WINDOWS\DUMP4f0a.tmp
2009-07-15 19:27:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-15 19:19:14 ----D---- C:\Documents and Settings\boulifamily\Application Data\DAEMON Tools Lite
2009-07-15 18:42:58 ----A---- C:\WINDOWS\DUMP420a.tmp
2009-07-15 15:53:44 ----A---- C:\WINDOWS\DUMP440d.tmp
2009-07-15 15:52:10 ----A---- C:\WINDOWS\DUMP4ebc.tmp
2009-07-12 21:14:52 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-07-12 18:17:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 18:16:30 ----D---- C:\Program Files\Anuman Interactive
2009-07-12 12:10:55 ----D---- C:\Documents and Settings\boulifamily\Application Data\uTorrent
2009-07-12 11:56:38 ----D---- C:\Documents and Settings\boulifamily\Application Data\BlackBean
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2009-07-15 3033712]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-02 75096]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2009-07-15 8368]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-16 4069888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-06 4755968]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S1 rbadma;RAMDAC GPU Controller; C:\WINDOWS\system32\rbadma.sys [2009-07-15 8368]
S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\pilote mars 2009\4850\atidgllk.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 RivaTuner32;RivaTuner32; \??\F:\logiciels pour xp\riva tunner\RivaTuner v2.23\RivaTuner32.sys []
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-13 719392]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-16 602112]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [2008-01-29 598016]
R2 nSvcIp;ForceWare IP service; C:\Program Files\bin32\nSvcIp.exe [2008-01-29 163840]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2009-07-15 316816]
S2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe []
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2008-02-26 73728]
-----------------EOF-----------------
Configuration: Windows XP Firefox 3.5.1
A voir également:
- Infesté par un virus help me SVP
- Virus mcafee - Accueil - Piratage
- Comment détruire un virus informatique - Guide
- Impossible de terminer l'opération car le fichier contient un virus ✓ - Forum Virus
- Filezilla virus ✓ - Forum Virus
- Powershell.exe virus - Guide
3 réponses
Voici ensuite le rapport de malwarebyte's:Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2457
Windows 5.1.2600 Service Pack 3
18/07/2009 15:02:05
mbam-log-2009-07-18 (15-02-05).txt
Type de recherche: Examen rapide
Eléments examinés: 91124
Temps écoulé: 2 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\rbadma (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rbadma (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadmm (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\rbadma.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\Video3D32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\boulifamily\local settings\Temp\final_step.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\boulifamily\local settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\boulifamily\local settings\Temp\rwaxnecoms.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a99k.bin (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 2457
Windows 5.1.2600 Service Pack 3
18/07/2009 15:02:05
mbam-log-2009-07-18 (15-02-05).txt
Type de recherche: Examen rapide
Eléments examinés: 91124
Temps écoulé: 2 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\rbadma (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rbadma (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\video3d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadmm (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\rbadma.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\Video3D32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\boulifamily\local settings\Temp\final_step.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\boulifamily\local settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\boulifamily\local settings\Temp\rwaxnecoms.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a99k.bin (Trojan.Agent) -> Quarantined and deleted successfully.
