Virus TR/Spy.1037824.7

Résolu
joks -  
 joks -
Bonjour,

J'ai un virus qui me bloque mon pc depuis quelque jours, en suivant les differents topics j'ai generer un rapport malwarebytes(examen rapide) et un rapport hijackthis que vous trouverez ci dessous.

Que dois je faire ensuite?

merci d'avance

rapport malwarebytes :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4638

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/09/2010 15:37:29
mbam-log-2010-09-17 (15-37-29).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 185940
Temps écoulé: 21 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cyurwtuh (Rootkit.Agent.BO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JRMX9X1GML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\Drivers\cyurwtuh.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:14, on 17/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
c:\ServeurHF\Manta.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Rivalis\AutoBackupRivalis\RivalisAutoBackup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ACT\Act for Windows\Act.Scheduler.UI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Jérémy PIAU\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jérémy PIAU\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Jérémy PIAU\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jérémy PIAU\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CDBD57A-9A79-4278-8B6F-97931E4C52F0} - c:\windows\system32\dlo116.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/3000notebook
O15 - Trusted Zone: http://saas.ibizasoftware.com
O16 - DPF: {9FFA5747-4FDB-4221-A61E-4CAC0E5095A5} (CUtils Object) - http://saas.ibizasoftware.com/6.2.8.1/dlls/iBiZaCL.dll
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hyper File Server : BUREAU - PC SOFT - c:\ServeurHF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rivalis4NetServiceClient - Unknown owner - C:\Program Files\Rivalis\Rivalis4NetServiceClient.exe
O23 - Service: RivalisAutoBackup - Unknown owner - C:\Program Files\Rivalis\AutoBackupRivalis\RivalisAutoBackup.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JRMYPI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/JRMYPI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 9834 bytes

30 réponses

  • 1
  • 2
  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    reste des choses apparemment

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


    (outil de diagnostic)


    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    0
  2. joks
     
    Voici le lien:

    http://www.cijoint.fr/cjlink.php?file=cj201009/cijp0tWny8.txt

    Merci bcp pour ton aide!!
    0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    * Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

    http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

    * Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus ? Exécuter en temps qu'administrateur
    * L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
    * A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
    0
  4. joks
     
    Voici le rapport :

    2010/09/17 17:46:57.0765 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
    2010/09/17 17:46:57.0765 ================================================================================
    2010/09/17 17:46:57.0765 SystemInfo:
    2010/09/17 17:46:57.0765
    2010/09/17 17:46:57.0765 OS Version: 5.1.2600 ServicePack: 3.0
    2010/09/17 17:46:57.0765 Product type: Workstation
    2010/09/17 17:46:57.0765 ComputerName: BUREAU
    2010/09/17 17:46:57.0765 UserName: Jérémy PIAU
    2010/09/17 17:46:57.0765 Windows directory: C:\WINDOWS
    2010/09/17 17:46:57.0765 System windows directory: C:\WINDOWS
    2010/09/17 17:46:57.0765 Processor architecture: Intel x86
    2010/09/17 17:46:57.0765 Number of processors: 2
    2010/09/17 17:46:57.0765 Page size: 0x1000
    2010/09/17 17:46:57.0765 Boot type: Normal boot
    2010/09/17 17:46:57.0765 ================================================================================
    2010/09/17 17:46:58.0015 Initialize success
    2010/09/17 17:47:37.0562 ================================================================================
    2010/09/17 17:47:37.0562 Scan started
    2010/09/17 17:47:37.0578 Mode: Manual;
    2010/09/17 17:47:37.0578 ================================================================================
    2010/09/17 17:47:39.0015 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/09/17 17:47:39.0062 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    2010/09/17 17:47:39.0125 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/09/17 17:47:39.0140 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/09/17 17:47:39.0171 ADIHdAudAddService (de325887ffd27aef6ec9b3d41c4a03a9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    2010/09/17 17:47:39.0218 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/09/17 17:47:39.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/09/17 17:47:39.0343 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/09/17 17:47:39.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/09/17 17:47:39.0578 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2010/09/17 17:47:39.0796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/09/17 17:47:39.0859 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/09/17 17:47:39.0890 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/09/17 17:47:39.0937 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/09/17 17:47:39.0968 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/09/17 17:47:40.0031 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/09/17 17:47:40.0078 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/09/17 17:47:40.0109 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/09/17 17:47:40.0140 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/09/17 17:47:40.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/09/17 17:47:40.0203 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/09/17 17:47:40.0218 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/09/17 17:47:40.0296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/09/17 17:47:40.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/09/17 17:47:40.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/09/17 17:47:40.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/09/17 17:47:40.0656 ATSWPDRV (db5bd2eb459b90a7dc6013dd118bb1ce) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
    2010/09/17 17:47:40.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/09/17 17:47:40.0843 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2010/09/17 17:47:40.0875 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2010/09/17 17:47:40.0921 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2010/09/17 17:47:40.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/09/17 17:47:41.0000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/09/17 17:47:41.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/09/17 17:47:41.0343 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/09/17 17:47:41.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/09/17 17:47:41.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/09/17 17:47:41.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/09/17 17:47:41.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/09/17 17:47:41.0515 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
    2010/09/17 17:47:41.0562 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/09/17 17:47:41.0593 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/09/17 17:47:41.0609 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/09/17 17:47:41.0656 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/09/17 17:47:41.0703 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
    2010/09/17 17:47:41.0750 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/09/17 17:47:41.0781 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/09/17 17:47:41.0937 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    2010/09/17 17:47:41.0968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/09/17 17:47:42.0031 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/09/17 17:47:42.0109 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    2010/09/17 17:47:42.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/09/17 17:47:42.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/09/17 17:47:42.0234 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/09/17 17:47:42.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/09/17 17:47:42.0281 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/09/17 17:47:42.0437 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
    2010/09/17 17:47:42.0531 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/09/17 17:47:42.0578 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/09/17 17:47:42.0625 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    2010/09/17 17:47:42.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/09/17 17:47:42.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/09/17 17:47:42.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/09/17 17:47:42.0828 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/09/17 17:47:42.0890 G400 (99815bfcc1d1e1814484fde292c68987) C:\WINDOWS\system32\DRIVERS\G400m.sys
    2010/09/17 17:47:42.0921 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    2010/09/17 17:47:42.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/09/17 17:47:43.0015 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/09/17 17:47:43.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/09/17 17:47:43.0140 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/09/17 17:47:43.0218 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/09/17 17:47:43.0234 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/09/17 17:47:43.0281 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/09/17 17:47:43.0328 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/09/17 17:47:43.0406 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    2010/09/17 17:47:43.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/09/17 17:47:43.0593 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/09/17 17:47:43.0703 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/09/17 17:47:43.0750 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/09/17 17:47:43.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/09/17 17:47:43.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/09/17 17:47:43.0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/09/17 17:47:43.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/09/17 17:47:43.0921 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/09/17 17:47:43.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/09/17 17:47:43.0953 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/09/17 17:47:44.0000 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    2010/09/17 17:47:44.0062 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/09/17 17:47:44.0078 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/09/17 17:47:44.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/09/17 17:47:44.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/09/17 17:47:44.0234 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
    2010/09/17 17:47:44.0421 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2010/09/17 17:47:44.0578 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2010/09/17 17:47:44.0625 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2010/09/17 17:47:44.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/09/17 17:47:44.0718 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    2010/09/17 17:47:44.0734 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/09/17 17:47:44.0781 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/09/17 17:47:44.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/09/17 17:47:44.0859 mozyFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\mozy.sys
    2010/09/17 17:47:44.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/09/17 17:47:44.0921 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/09/17 17:47:45.0000 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/09/17 17:47:45.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/09/17 17:47:45.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/09/17 17:47:45.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/09/17 17:47:45.0265 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/09/17 17:47:45.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/09/17 17:47:45.0484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/09/17 17:47:45.0500 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/09/17 17:47:45.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/09/17 17:47:45.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/09/17 17:47:45.0625 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/09/17 17:47:45.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/09/17 17:47:45.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/09/17 17:47:45.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/09/17 17:47:45.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/09/17 17:47:45.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/09/17 17:47:45.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/09/17 17:47:45.0937 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    2010/09/17 17:47:46.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/09/17 17:47:46.0125 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/09/17 17:47:46.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/09/17 17:47:46.0265 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/09/17 17:47:46.0515 nv (1ce7d93aef58e902ee392e093ce012e0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/09/17 17:47:46.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/09/17 17:47:46.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/09/17 17:47:46.0843 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/09/17 17:47:46.0875 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/09/17 17:47:46.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/09/17 17:47:46.0921 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/09/17 17:47:46.0968 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/09/17 17:47:47.0000 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/09/17 17:47:47.0046 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/09/17 17:47:47.0140 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/09/17 17:47:47.0171 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/09/17 17:47:47.0250 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
    2010/09/17 17:47:47.0296 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys
    2010/09/17 17:47:47.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/09/17 17:47:47.0359 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/09/17 17:47:47.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/09/17 17:47:47.0406 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/09/17 17:47:47.0546 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/09/17 17:47:47.0718 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/09/17 17:47:47.0765 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/09/17 17:47:47.0781 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/09/17 17:47:47.0796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/09/17 17:47:47.0812 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/09/17 17:47:47.0859 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/09/17 17:47:47.0906 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/09/17 17:47:47.0937 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/09/17 17:47:47.0953 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/09/17 17:47:47.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/09/17 17:47:48.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/09/17 17:47:48.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/09/17 17:47:48.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/09/17 17:47:48.0140 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/09/17 17:47:48.0203 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    2010/09/17 17:47:48.0218 rimsptsk (1e6047d4184ccf52e31da2f4f3e3eb27) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    2010/09/17 17:47:48.0265 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    2010/09/17 17:47:48.0390 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    2010/09/17 17:47:48.0546 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2010/09/17 17:47:48.0593 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2010/09/17 17:47:48.0640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/09/17 17:47:48.0687 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/09/17 17:47:48.0734 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/09/17 17:47:48.0781 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    2010/09/17 17:47:48.0796 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    2010/09/17 17:47:48.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/09/17 17:47:48.0890 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/09/17 17:47:48.0921 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/09/17 17:47:49.0421 SNP2STD (9711ad901264ddf0bd960d8a626c1b2a) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
    2010/09/17 17:47:51.0218 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/09/17 17:47:51.0265 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    2010/09/17 17:47:51.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/09/17 17:47:51.0375 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/09/17 17:47:51.0546 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/09/17 17:47:51.0765 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2010/09/17 17:47:51.0796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/09/17 17:47:51.0843 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/09/17 17:47:51.0859 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/09/17 17:47:51.0921 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/09/17 17:47:51.0984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/09/17 17:47:52.0078 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/09/17 17:47:52.0109 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/09/17 17:47:52.0156 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2010/09/17 17:47:52.0203 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/09/17 17:47:52.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/09/17 17:47:52.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/09/17 17:47:52.0406 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/09/17 17:47:52.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/09/17 17:47:52.0453 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/09/17 17:47:52.0500 TPHKDRV (ee468e701d0418b002764fbd666b60ae) C:\WINDOWS\system32\drivers\TPHKDRV.sys
    2010/09/17 17:47:52.0578 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/09/17 17:47:52.0640 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/09/17 17:47:52.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/09/17 17:47:52.0906 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/09/17 17:47:52.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/09/17 17:47:52.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/09/17 17:47:53.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/09/17 17:47:53.0062 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/09/17 17:47:53.0109 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/09/17 17:47:53.0125 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/09/17 17:47:53.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/09/17 17:47:53.0171 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/09/17 17:47:53.0218 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/09/17 17:47:53.0234 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/09/17 17:47:53.0281 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
    2010/09/17 17:47:53.0296 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
    2010/09/17 17:47:53.0328 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/09/17 17:47:53.0515 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/09/17 17:47:53.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/09/17 17:47:53.0656 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/09/17 17:47:53.0703 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/09/17 17:47:53.0765 ================================================================================
    2010/09/17 17:47:53.0765 Scan finished
    2010/09/17 17:47:53.0765 ================================================================================

    encore une fois merci de t'occuper de mon cas
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    tu me diras merci à la fin si le pc va bien..


    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)


    Télécharge ici :List_Kill'em et enregistre le sur ton bureau

    http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."

    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Executer List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis l'option Search

    laisse travailler l'outil

    il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    Clique sur Parcourir et cherche le fichier ci-dessus.

    Clique sur Ouvrir.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    Copie ce lien dans ta réponse.

    Fais de même avec more.txt qui se trouve sur ton bureau
    0
  7. joks
     
    lien pour le rapport List'em.txt :

    http://www.cijoint.fr/cjlink.php?file=cj201009/cijsu0iyJl.txt

    lien pour le rapport more.txt :

    http://www.cijoint.fr/cjlink.php?file=cj201009/cijuRnUP9h.txt
    0
  8. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    je ne t'oublie pas

    je discute avec un ami de la meilleur chose à faire

    prochain post = consignes
    0
  9. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    on a finit par tomber d'accord

    (sourire)

    1)

    désinstalle spybot si tu le possèdes

    ................

    2)

    Attention, avant de commencer, lit attentivement la procédure, et imprime la

    Aide à l'utilisation
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Télécharge ComboFix de sUBs que tu renommes JOKS.exe avant de l'enregistrer sur ton Bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et <gras>DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ </gras>

    ---> Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

    SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
    (si il te propose de l'installer remets internet)

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt


    CONTRIBUTEUR SECURITE

    Désinfection = diagnostic + traitement + finalisation
    "Restez" jusqu'au bout...merci
    0
  10. joks
     
    voici le rapport combofix :

    ComboFix 10-09-16.07 - Jérémy PIAU 17/09/2010 20:15:51.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1197 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Jérémy PIAU\Bureau\JOKS.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Documents\Server\admin.txt
    c:\documents and settings\All Users\Documents\Server\server.dat
    c:\documents and settings\Jérémy PIAU\Application Data\download2
    c:\documents and settings\Jérémy PIAU\Application Data\download2\svcnost.exe

    Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe

    Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\explorer.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSHNAS

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-17 au 2010-09-17 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-17 17:29 . 2010-09-17 17:29 -------- d-----w- c:\windows\LastGood.Tmp
    2010-09-17 15:57 . 2010-09-17 15:57 -------- d-----w- C:\Kill'em
    2010-09-17 15:57 . 2010-09-17 16:19 -------- d-----w- c:\program files\List_Kill'em
    2010-09-17 15:37 . 2010-09-17 15:38 -------- d-----w- C:\tdsskiller
    2010-09-17 14:54 . 2010-09-17 14:56 -------- d-----w- c:\program files\ZHPDiag
    2010-09-17 14:02 . 2010-09-17 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\Yahoo!
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\CCleaner
    2010-09-17 13:49 . 2010-09-17 13:49 -------- d-----w- c:\program files\Trend Micro
    2010-09-17 12:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-17 12:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 10:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-17 10:37 . 2010-09-17 10:37 -------- d-----w- c:\documents and settings\Administrateur.BUREAU\Local Settings\Application Data\Mozilla
    2010-09-17 10:34 . 2010-09-17 10:34 -------- d-sh--w- c:\documents and settings\Administrateur.BUREAU\IETldCache
    2010-09-15 00:45 . 2010-09-15 00:45 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-08-20 09:32 . 2010-08-20 09:32 -------- d-----w- C:\Transfert

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-17 18:26 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-17 18:26 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-17 18:02 . 2009-10-16 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-17 15:40 . 2004-08-04 00:37 120576 ----a-w- c:\windows\system32\drivers\pcmcia.sys
    2010-09-17 07:21 . 2010-07-27 17:49 -------- d-----w- c:\program files\LogMeIn
    2010-09-15 11:13 . 2009-11-25 18:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-09-15 11:12 . 2009-11-25 18:36 -------- d-----w- c:\program files\Fichiers communs\EBP
    2010-09-15 11:03 . 2009-01-27 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Rivalis4
    2010-09-13 17:05 . 2010-09-13 17:05 0 ----a-w- c:\windows\system32\dlo116.tmp
    2010-08-12 18:00 . 2006-02-01 07:16 607600 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-12 18:00 . 2006-02-01 07:16 121154 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-11 14:40 . 2010-08-10 16:09 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2010-08-11 14:40 . 2010-09-17 10:33 53632 ----a-w- c:\documents and settings\Administrateur.BUREAU\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-08-10 16:09 . 2010-08-10 16:09 -------- d-----w- c:\program files\Player tuto.com
    2010-08-10 07:56 . 2010-08-09 16:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-10 07:48 . 2009-11-16 18:45 -------- d-----w- c:\program files\LogiSMS
    2010-08-09 17:38 . 2009-10-16 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-03 13:59 . 2010-08-03 13:59 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-07-27 17:50 . 2010-07-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
    2010-06-30 12:32 . 2006-02-01 07:16 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:25 . 2006-02-01 07:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2006-02-01 07:16 1852032 ------w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-02-01 07:16 354304 ------w- c:\windows\system32\drivers\srv.sys
    2009-08-14 10:04 . 2009-07-29 11:53 608 --sh--w- c:\windows\system32\winzvprt5.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]
    2004-08-05 11:00 746496 ----a-w- c:\windows\system32\dlo116.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
    @="{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}"
    [HKEY_CLASSES_ROOT\CLSID\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]
    2004-08-05 11:00 746496 ----a-w- c:\windows\system32\dlo116.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
    "snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]
    "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-04-03 17408]
    "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-02-24 393216]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ACTSchedulerUI"="c:\program files\ACT\Act for Windows\Act.Scheduler.UI.exe" [2009-02-24 503808]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-01-11 06:05 13824 ------w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jérémy PIAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    path=c:\documents and settings\Jérémy PIAU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2006-08-30 07:40 89542 ------w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]
    2009-11-16 10:04 853736 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2006-05-18 15:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-04-20 09:32 133104 -----tw- c:\documents and settings\Jérémy PIAU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 15:50 221184 ------w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 15:50 81920 ------w- c:\program files\Fichiers communs\Installshield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2010-01-27 10:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-03-02 12:41 1519616 ------w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
    2006-08-21 22:54 33128 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-05-19 05:51 774233 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
    2008-08-01 07:47 53248 ------w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
    2006-05-08 01:34 94208 ------w- c:\program files\Lenovo\HOTKEY\TPHKMGR.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
    2006-04-19 22:29 24576 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Cms\\Cms.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
    "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\Ninja\\Ninja\\Ninja.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "c:\\Serveur HF\\Centre de Controle HF\\CC100HF.exe"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

    R?2 nwxpuuzg;PCI Bus a0f5a Controller;c:\windows\System32\svchost.exe -k netsvcs [01/02/2006 09:16 14336]
    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 12:48 10240]
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [24/02/2009 13:08 81920]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/02/2010 18:32 108289]
    R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [07/12/2006 17:08 32768]
    R2 Hyper File Server : BUREAU;Hyper File Server : BUREAU;c:\serveurhf\Manta.exe --SERVICE --> c:\serveurhf\Manta.exe --SERVICE [?]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/2010 12:22 12856]
    R2 MantaManager;MantaManager;c:\serveur hf\MantaManager.exe --SERVICE --> c:\serveur hf\MantaManager.exe --SERVICE [?]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 06:29 29178224]
    R2 MSSQL$RIVALISDB;SQL Server (RIVALISDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
    R2 RivalisAutoBackup;RivalisAutoBackup;c:\program files\Rivalis\AutoBackupRivalis\RivalisAutoBackup.exe [17/03/2009 14:21 24576]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [16/10/2009 11:58 6016]
    S0 khqlmxop;khqlmxop;c:\windows\system32\drivers\oopuhnpkpjv.sys --> c:\windows\system32\drivers\oopuhnpkpjv.sys [?]
    S0 kyxtrrburc;kyxtrrburc;c:\windows\system32\drivers\npjcdflpqa.sys --> c:\windows\system32\drivers\npjcdflpqa.sys [?]
    S2 Rivalis4NetServiceClient;Rivalis4NetServiceClient;c:\program files\Rivalis\Rivalis4NetServiceClient.exe [13/01/2009 22:15 110592]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - cyurwtuh

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nwxpuuzg
    .
    Contenu du dossier 'Tâches planifiées'

    2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{846B17A4-ED46-4703-B414-CE6D9D4BD4ED}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig?hl=fr
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: ibizasoftware.com\saas
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {9FFA5747-4FDB-4221-A61E-4CAC0E5095A5} - hxxp://saas.ibizasoftware.com/6.2.8.1/dlls/iBiZaCL.dll
    FF - ProfilePath - c:\documents and settings\Jérémy PIAU\Application Data\Mozilla\Firefox\Profiles\d2n2ydy9.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-Locked - (no file)
    HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml
    HKLM-Run-download - c:\documents and settings\Jérémy PIAU\Application Data\download2\svcnost.exe
    SafeBoot-klmdb.sys
    MSConfigStartUp-20W6RLKX65 - c:\docume~1\JRMYPI~1\LOCALS~1\Temp\Jna.exe
    MSConfigStartUp-AMSG - c:\program files\ThinkVantage\AMSG\Amsg.exe
    MSConfigStartUp-cssauth - c:\program files\Lenovo\Client Security Solution\cssauth.exe
    MSConfigStartUp-IRIS_XRX_S2P - c:\program files\Xerox\Xerox Phaser 6110MFP\PSU\Scan2pc.exe
    MSConfigStartUp-LPManager - c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe
    MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
    MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
    MSConfigStartUp-TVT Scheduler Proxy - c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    MSConfigStartUp-Xerox PanelMgr - c:\windows\Xerox\PanelMgr\SSMMgr.exe
    MSConfigStartUp-YXE7DXCQ37 - c:\docume~1\JRMYPI~1\LOCALS~1\Temp\Jm3.exe
    MSConfigStartUp-ZE18MW23GY - c:\docume~1\JRMYPI~1\LOCALS~1\Temp\Jm4.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-17 20:26
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hyper File Server : BUREAU]
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\tphklock.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'explorer.exe'(5192)
    c:\windows\system32\dlo116.dll
    c:\program files\MozyHome\mozyshell.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\libssl32.dll
    c:\windows\system32\LIBEAY32.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\serveurhf\Manta.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\pvsw\BIN\W3dbsmgr.EXE
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\LogMeIn\x86\LMIGuardian.exe
    c:\serveur hf\MantaManager.exe
    c:\program files\MozyHome\mozybackup.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Lenovo\PM Driver\PMSveH.exe
    c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-17 20:32:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-17 18:32

    Avant-CF: 34 177 564 672 octets libres
    Après-CF: 34 308 165 632 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - E99B614D7AF768ED1734B2968C855EBF
    0
  11. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !

    crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
    Copies y ce texte dedans et enregistres le

    KillAll::

    Driver::

    khqlmxop
    kyxtrrburc

    NetSvc::

    Nwxpuuzg

    File::
    c:\windows\system32\dlo116.dll
    c:\windows\system32\dlo116.tmp
    c:\windows\system32\drivers\oopuhnpkpjv.sys
    c:\windows\system32\drivers\npjcdflpqa.sys

    Registry::

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
    @=-


    * Désactive tes logiciels de protection
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
    http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif
    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt


    CONTRIBUTEUR SECURITE

    Désinfection = diagnostic + traitement + finalisation
    "Restez" jusqu'au bout...merci
    0
  12. joks
     
    Je continue demain car je dois quitter mon bureau.

    Vous serez disponible demain pour me guider?

    En tout cas merci pour l'accompagnement
    0
  13. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    oui

    @ demain
    0
  14. joks
     
    Bonjour,

    Voici le rapport Combofix:

    ComboFix 10-09-16.07 - Jérémy PIAU 18/09/2010 11:13:05.2.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1267 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Jérémy PIAU\Bureau\JOKS.exe
    Commutateurs utilisés :: c:\documents and settings\Jérémy PIAU\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\windows\system32\dlo116.tmp"
    "c:\windows\system32\drivers\npjcdflpqa.sys"
    "c:\windows\system32\drivers\oopuhnpkpjv.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\dlo116.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_khqlmxop
    -------\Service_kyxtrrburc

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-18 au 2010-09-18 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-17 18:54 . 2010-09-17 18:55 -------- d-----w- C:\JOKS16613J
    2010-09-17 18:09 . 2010-09-17 18:32 -------- d-----w- C:\JOKS
    2010-09-17 15:57 . 2010-09-17 15:57 -------- d-----w- C:\Kill'em
    2010-09-17 15:57 . 2010-09-17 16:19 -------- d-----w- c:\program files\List_Kill'em
    2010-09-17 15:37 . 2010-09-17 15:38 -------- d-----w- C:\tdsskiller
    2010-09-17 14:54 . 2010-09-17 14:56 -------- d-----w- c:\program files\ZHPDiag
    2010-09-17 14:02 . 2010-09-17 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\Yahoo!
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\CCleaner
    2010-09-17 13:49 . 2010-09-17 13:49 -------- d-----w- c:\program files\Trend Micro
    2010-09-17 12:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-17 12:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 10:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-17 10:37 . 2010-09-17 10:37 -------- d-----w- c:\documents and settings\Administrateur.BUREAU\Local Settings\Application Data\Mozilla
    2010-09-17 10:34 . 2010-09-17 10:34 -------- d-sh--w- c:\documents and settings\Administrateur.BUREAU\IETldCache
    2010-09-15 00:45 . 2010-09-15 00:45 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-08-20 09:32 . 2010-08-20 09:32 -------- d-----w- C:\Transfert

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 09:27 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-18 09:27 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-18 09:02 . 2010-07-27 17:49 -------- d-----w- c:\program files\LogMeIn
    2010-09-17 18:34 . 2009-10-16 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-17 18:34 . 2009-10-16 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-17 15:40 . 2004-08-04 00:37 120576 ----a-w- c:\windows\system32\drivers\pcmcia.sys
    2010-09-15 11:13 . 2009-11-25 18:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-09-15 11:12 . 2009-11-25 18:36 -------- d-----w- c:\program files\Fichiers communs\EBP
    2010-09-15 11:03 . 2009-01-27 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Rivalis4
    2010-08-17 13:17 . 2006-02-01 07:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-12 18:00 . 2006-02-01 07:16 607600 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-12 18:00 . 2006-02-01 07:16 121154 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-11 14:40 . 2010-08-10 16:09 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2010-08-11 14:40 . 2010-09-17 10:33 53632 ----a-w- c:\documents and settings\Administrateur.BUREAU\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-08-10 16:09 . 2010-08-10 16:09 -------- d-----w- c:\program files\Player tuto.com
    2010-08-10 07:56 . 2010-08-09 16:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-10 07:48 . 2009-11-16 18:45 -------- d-----w- c:\program files\LogiSMS
    2010-08-03 13:59 . 2010-08-03 13:59 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-07-27 17:50 . 2010-07-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
    2010-07-22 15:48 . 2006-02-01 07:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-06-30 12:32 . 2006-02-01 07:16 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:25 . 2006-02-01 07:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2006-02-01 07:16 1852032 ------w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-02-01 07:16 354304 ------w- c:\windows\system32\drivers\srv.sys
    2009-08-14 10:04 . 2009-07-29 11:53 608 --sh--w- c:\windows\system32\winzvprt5.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
    "snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]
    "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-04-03 17408]
    "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-02-24 393216]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ACTSchedulerUI"="c:\program files\ACT\Act for Windows\Act.Scheduler.UI.exe" [2009-02-24 503808]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-01-11 06:05 13824 ------w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jérémy PIAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    path=c:\documents and settings\Jérémy PIAU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2006-08-30 07:40 89542 ------w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]
    2009-11-16 10:04 853736 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2006-05-18 15:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-04-20 09:32 133104 -----tw- c:\documents and settings\Jérémy PIAU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 15:50 221184 ------w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 15:50 81920 ------w- c:\program files\Fichiers communs\Installshield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2010-01-27 10:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-03-02 12:41 1519616 ------w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
    2006-08-21 22:54 33128 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-05-19 05:51 774233 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
    2008-08-01 07:47 53248 ------w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
    2006-05-08 01:34 94208 ------w- c:\program files\Lenovo\HOTKEY\TPHKMGR.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
    2006-04-19 22:29 24576 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Cms\\Cms.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
    "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\Ninja\\Ninja\\Ninja.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "c:\\Serveur HF\\Centre de Controle HF\\CC100HF.exe"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

    R?2 nwxpuuzg;PCI Bus a0f5a Controller;c:\windows\System32\svchost.exe -k netsvcs [01/02/2006 09:16 14336]
    R0 cyurwtuh;cyurwtuh;c:\windows\system32\drivers\cyurwtuh.sys --> c:\windows\system32\drivers\cyurwtuh.sys [?]
    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 12:48 10240]
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [24/02/2009 13:08 81920]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/02/2010 18:32 108289]
    R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [07/12/2006 17:08 32768]
    R2 Hyper File Server : BUREAU;Hyper File Server : BUREAU;c:\serveurhf\Manta.exe --SERVICE --> c:\serveurhf\Manta.exe --SERVICE [?]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/2010 12:22 12856]
    R2 MantaManager;MantaManager;c:\serveur hf\MantaManager.exe --SERVICE --> c:\serveur hf\MantaManager.exe --SERVICE [?]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 06:29 29178224]
    R2 MSSQL$RIVALISDB;SQL Server (RIVALISDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
    R2 RivalisAutoBackup;RivalisAutoBackup;c:\program files\Rivalis\AutoBackupRivalis\RivalisAutoBackup.exe [17/03/2009 14:21 24576]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [16/10/2009 11:58 6016]
    S2 Rivalis4NetServiceClient;Rivalis4NetServiceClient;c:\program files\Rivalis\Rivalis4NetServiceClient.exe [13/01/2009 22:15 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{846B17A4-ED46-4703-B414-CE6D9D4BD4ED}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig?hl=fr
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: ibizasoftware.com\saas
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {9FFA5747-4FDB-4221-A61E-4CAC0E5095A5} - hxxp://saas.ibizasoftware.com/6.2.8.1/dlls/iBiZaCL.dll
    FF - ProfilePath - c:\documents and settings\Jérémy PIAU\Application Data\Mozilla\Firefox\Profiles\d2n2ydy9.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{4CDBD57A-9A79-4278-8B6F-97931E4C52F0} - c:\windows\system32\dlo116.dll
    ShellIconOverlayIdentifiers-{4CDBD57A-9A79-4278-8B6F-97931E4C52F0} - c:\windows\system32\dlo116.dll

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-18 11:26
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hyper File Server : BUREAU]
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(780)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\tphklock.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'explorer.exe'(2824)
    c:\windows\system32\dlo116.dll
    c:\program files\MozyHome\mozyshell.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\libssl32.dll
    c:\windows\system32\LIBEAY32.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\serveurhf\Manta.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\pvsw\BIN\W3dbsmgr.EXE
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\LogMeIn\x86\LMIGuardian.exe
    c:\serveur hf\MantaManager.exe
    c:\program files\MozyHome\mozybackup.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Lenovo\PM Driver\PMSveH.exe
    c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-18 11:31:00 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-18 09:30
    ComboFix2.txt 2010-09-17 18:32

    Avant-CF: 34 371 506 176 octets libres
    Après-CF: 34 419 032 064 octets libres

    - - End Of File - - 4C28AE88958454505859027993D70A4E
    0
  15. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !

    crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
    Copies y ce texte dedans et enregistres le

    KillAll::

    Driver::

    cyurwtuh

    Rootkit::

    c:\windows\system32\drivers\cyurwtuh.sys


    * Désactive tes logiciels de protection
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
    http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt


    CONTRIBUTEUR SECURITE

    Désinfection = diagnostic + traitement + finalisation
    "Restez" jusqu'au bout...merci
    0
  16. joks
     
    le nouveau rapport :

    ComboFix 10-09-17.04 - Jérémy PIAU 18/09/2010 12:44:43.3.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1138 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Jérémy PIAU\Bureau\JOKS.exe
    Commutateurs utilisés :: c:\documents and settings\Jérémy PIAU\Bureau\CFscript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_cyurwtuh
    -------\Service_cyurwtuh

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-18 au 2010-09-18 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-18 09:11 . 2010-09-18 09:31 -------- d-----w- C:\JOKS16125J
    2010-09-17 18:54 . 2010-09-17 18:55 -------- d-----w- C:\JOKS16613J
    2010-09-17 18:09 . 2010-09-17 18:32 -------- d-----w- C:\JOKS
    2010-09-17 15:57 . 2010-09-17 15:57 -------- d-----w- C:\Kill'em
    2010-09-17 15:57 . 2010-09-17 16:19 -------- d-----w- c:\program files\List_Kill'em
    2010-09-17 15:37 . 2010-09-17 15:38 -------- d-----w- C:\tdsskiller
    2010-09-17 14:54 . 2010-09-17 14:56 -------- d-----w- c:\program files\ZHPDiag
    2010-09-17 14:02 . 2010-09-17 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\Yahoo!
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\CCleaner
    2010-09-17 13:49 . 2010-09-17 13:49 -------- d-----w- c:\program files\Trend Micro
    2010-09-17 12:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-17 12:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 10:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-17 10:37 . 2010-09-17 10:37 -------- d-----w- c:\documents and settings\Administrateur.BUREAU\Local Settings\Application Data\Mozilla
    2010-09-17 10:34 . 2010-09-17 10:34 -------- d-sh--w- c:\documents and settings\Administrateur.BUREAU\IETldCache
    2010-09-15 00:45 . 2010-09-15 00:45 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-08-20 09:32 . 2010-08-20 09:32 -------- d-----w- C:\Transfert

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 10:57 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-18 10:56 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-18 09:02 . 2010-07-27 17:49 -------- d-----w- c:\program files\LogMeIn
    2010-09-17 18:34 . 2009-10-16 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-17 18:34 . 2009-10-16 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-17 15:40 . 2004-08-04 00:37 120576 ----a-w- c:\windows\system32\drivers\pcmcia.sys
    2010-09-15 11:13 . 2009-11-25 18:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-09-15 11:12 . 2009-11-25 18:36 -------- d-----w- c:\program files\Fichiers communs\EBP
    2010-09-15 11:03 . 2009-01-27 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Rivalis4
    2010-08-17 13:17 . 2006-02-01 07:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-12 18:00 . 2006-02-01 07:16 607600 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-12 18:00 . 2006-02-01 07:16 121154 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-11 14:40 . 2010-08-10 16:09 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2010-08-11 14:40 . 2010-09-17 10:33 53632 ----a-w- c:\documents and settings\Administrateur.BUREAU\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-08-10 16:09 . 2010-08-10 16:09 -------- d-----w- c:\program files\Player tuto.com
    2010-08-10 07:56 . 2010-08-09 16:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-10 07:48 . 2009-11-16 18:45 -------- d-----w- c:\program files\LogiSMS
    2010-08-03 13:59 . 2010-08-03 13:59 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-07-27 17:50 . 2010-07-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
    2010-07-22 15:48 . 2006-02-01 07:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-06-30 12:32 . 2006-02-01 07:16 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:25 . 2006-02-01 07:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2006-02-01 07:16 1852032 ------w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-02-01 07:16 354304 ------w- c:\windows\system32\drivers\srv.sys
    2009-08-14 10:04 . 2009-07-29 11:53 608 --sh--w- c:\windows\system32\winzvprt5.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]
    2004-08-05 11:00 746496 ----a-w- c:\windows\system32\dlo116.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
    @="{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}"
    [HKEY_CLASSES_ROOT\CLSID\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]
    2004-08-05 11:00 746496 ----a-w- c:\windows\system32\dlo116.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
    "snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]
    "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-04-03 17408]
    "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-02-24 393216]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ACTSchedulerUI"="c:\program files\ACT\Act for Windows\Act.Scheduler.UI.exe" [2009-02-24 503808]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-01-11 06:05 13824 ------w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jérémy PIAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    path=c:\documents and settings\Jérémy PIAU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2006-08-30 07:40 89542 ------w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]
    2009-11-16 10:04 853736 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2006-05-18 15:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-04-20 09:32 133104 -----tw- c:\documents and settings\Jérémy PIAU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 15:50 221184 ------w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 15:50 81920 ------w- c:\program files\Fichiers communs\Installshield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2010-01-27 10:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-03-02 12:41 1519616 ------w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
    2006-08-21 22:54 33128 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-05-19 05:51 774233 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
    2008-08-01 07:47 53248 ------w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
    2006-05-08 01:34 94208 ------w- c:\program files\Lenovo\HOTKEY\TPHKMGR.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
    2006-04-19 22:29 24576 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Cms\\Cms.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
    "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\Ninja\\Ninja\\Ninja.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "c:\\Serveur HF\\Centre de Controle HF\\CC100HF.exe"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

    R?2 nwxpuuzg;PCI Bus a0f5a Controller;c:\windows\System32\svchost.exe -k netsvcs [01/02/2006 09:16 14336]
    R0 cyurwtuh;cyurwtuh;c:\windows\system32\drivers\cyurwtuh.sys [01/02/2006 09:16 23424]
    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 12:48 10240]
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [24/02/2009 13:08 81920]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/02/2010 18:32 108289]
    R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [07/12/2006 17:08 32768]
    R2 Hyper File Server : BUREAU;Hyper File Server : BUREAU;c:\serveurhf\Manta.exe --SERVICE --> c:\serveurhf\Manta.exe --SERVICE [?]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/2010 12:22 12856]
    R2 MantaManager;MantaManager;c:\serveur hf\MantaManager.exe --SERVICE --> c:\serveur hf\MantaManager.exe --SERVICE [?]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 06:29 29178224]
    R2 MSSQL$RIVALISDB;SQL Server (RIVALISDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
    R2 RivalisAutoBackup;RivalisAutoBackup;c:\program files\Rivalis\AutoBackupRivalis\RivalisAutoBackup.exe [17/03/2009 14:21 24576]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [16/10/2009 11:58 6016]
    S2 Rivalis4NetServiceClient;Rivalis4NetServiceClient;c:\program files\Rivalis\Rivalis4NetServiceClient.exe [13/01/2009 22:15 110592]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - CYURWTUH

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    nwxpuuzg
    .
    Contenu du dossier 'Tâches planifiées'

    2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{846B17A4-ED46-4703-B414-CE6D9D4BD4ED}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig?hl=fr
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: ibizasoftware.com\saas
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {9FFA5747-4FDB-4221-A61E-4CAC0E5095A5} - hxxp://saas.ibizasoftware.com/6.2.8.1/dlls/iBiZaCL.dll
    FF - ProfilePath - c:\documents and settings\Jérémy PIAU\Application Data\Mozilla\Firefox\Profiles\d2n2ydy9.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-18 12:54
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hyper File Server : BUREAU]
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(784)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\tphklock.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'explorer.exe'(4004)
    c:\windows\system32\dlo116.dll
    c:\program files\MozyHome\mozyshell.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\libssl32.dll
    c:\windows\system32\LIBEAY32.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\pvsw\BIN\W3dbsmgr.EXE
    c:\serveurhf\Manta.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\LogMeIn\x86\LMIGuardian.exe
    c:\serveur hf\MantaManager.exe
    c:\program files\MozyHome\mozybackup.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Lenovo\PM Driver\PMSveH.exe
    c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-18 13:00:59 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-18 11:00
    ComboFix2.txt 2010-09-18 09:31
    ComboFix3.txt 2010-09-17 18:32

    Avant-CF: 34 379 530 240 octets libres
    Après-CF: 34 415 611 904 octets libres

    - - End Of File - - BD11FDBFD38CFC47DE665982F62505E0
    0
  17. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    grrr

    j'ai modifié trop tard mon script qui n'était pas bon

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !

    crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
    Copies y ce texte dedans et enregistres le

    KillAll::

    Driver::

    cyurwtuh
    nwxpuuzg

    Rootkit::

    c:\windows\system32\drivers\cyurwtuh.sys

    NetSvc::

    nwxpuuzg

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
    @=-


    * Désactive tes logiciels de protection
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
    http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

    0
  18. joks
     
    ComboFix 10-09-17.04 - Jérémy PIAU 18/09/2010 13:22:11.4.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1308 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Jérémy PIAU\Bureau\JOKS.exe
    Commutateurs utilisés :: c:\documents and settings\Jérémy PIAU\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWXPUUZG
    -------\Service_cyurwtuh
    -------\Service_nwxpuuzg

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-18 au 2010-09-18 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-18 10:42 . 2010-09-18 11:01 -------- d-----w- C:\JOKS8212J
    2010-09-18 09:11 . 2010-09-18 09:31 -------- d-----w- C:\JOKS16125J
    2010-09-17 18:54 . 2010-09-17 18:55 -------- d-----w- C:\JOKS16613J
    2010-09-17 18:09 . 2010-09-17 18:32 -------- d-----w- C:\JOKS
    2010-09-17 15:57 . 2010-09-17 15:57 -------- d-----w- C:\Kill'em
    2010-09-17 15:57 . 2010-09-17 16:19 -------- d-----w- c:\program files\List_Kill'em
    2010-09-17 15:37 . 2010-09-17 15:38 -------- d-----w- C:\tdsskiller
    2010-09-17 14:54 . 2010-09-17 14:56 -------- d-----w- c:\program files\ZHPDiag
    2010-09-17 14:02 . 2010-09-17 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\Yahoo!
    2010-09-17 14:02 . 2010-09-17 14:03 -------- d-----w- c:\program files\CCleaner
    2010-09-17 13:49 . 2010-09-17 13:49 -------- d-----w- c:\program files\Trend Micro
    2010-09-17 12:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-17 12:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 12:11 . 2010-09-17 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 10:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-17 10:37 . 2010-09-17 10:37 -------- d-----w- c:\documents and settings\Administrateur.BUREAU\Local Settings\Application Data\Mozilla
    2010-09-17 10:34 . 2010-09-17 10:34 -------- d-sh--w- c:\documents and settings\Administrateur.BUREAU\IETldCache
    2010-09-15 00:45 . 2010-09-15 00:45 -------- d-----r- c:\documents and settings\NetworkService\Favoris
    2010-08-20 09:32 . 2010-08-20 09:32 -------- d-----w- C:\Transfert

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 11:33 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-18 11:33 . 2009-03-09 16:53 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-09-18 09:02 . 2010-07-27 17:49 -------- d-----w- c:\program files\LogMeIn
    2010-09-17 18:34 . 2009-10-16 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-17 18:34 . 2009-10-16 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-17 15:40 . 2004-08-04 00:37 120576 ----a-w- c:\windows\system32\drivers\pcmcia.sys
    2010-09-15 11:13 . 2009-11-25 18:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-09-15 11:12 . 2009-11-25 18:36 -------- d-----w- c:\program files\Fichiers communs\EBP
    2010-09-15 11:03 . 2009-01-27 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Rivalis4
    2010-08-17 13:17 . 2006-02-01 07:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-12 18:00 . 2006-02-01 07:16 607600 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-12 18:00 . 2006-02-01 07:16 121154 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-11 14:40 . 2010-08-10 16:09 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2010-08-11 14:40 . 2010-09-17 10:33 53632 ----a-w- c:\documents and settings\Administrateur.BUREAU\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-08-10 16:09 . 2010-08-10 16:09 -------- d-----w- c:\program files\Player tuto.com
    2010-08-10 07:56 . 2010-08-09 16:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-10 07:48 . 2009-11-16 18:45 -------- d-----w- c:\program files\LogiSMS
    2010-08-03 13:59 . 2010-08-03 13:59 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-07-27 17:50 . 2010-07-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
    2010-07-22 15:48 . 2006-02-01 07:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-06-30 12:32 . 2006-02-01 07:16 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:25 . 2006-02-01 07:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2006-02-01 07:16 1852032 ------w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-02-01 07:16 354304 ------w- c:\windows\system32\drivers\srv.sys
    2009-08-14 10:04 . 2009-07-29 11:53 608 --sh--w- c:\windows\system32\winzvprt5.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]
    2004-08-05 11:00 746496 ----a-w- c:\windows\system32\dlo116.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
    @="{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}"
    [HKEY_CLASSES_ROOT\CLSID\{4CDBD57A-9A79-4278-8B6F-97931E4C52F0}]
    2004-08-05 11:00 746496 ----a-w- c:\windows\system32\dlo116.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2010-01-04 10:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
    "snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]
    "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-04-03 17408]
    "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2009-02-24 393216]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ACTSchedulerUI"="c:\program files\ACT\Act for Windows\Act.Scheduler.UI.exe" [2009-02-24 503808]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-01-11 06:05 13824 ------w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jérémy PIAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    path=c:\documents and settings\Jérémy PIAU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2006-08-30 07:40 89542 ------w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]
    2009-11-16 10:04 853736 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2006-05-18 15:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-04-20 09:32 133104 -----tw- c:\documents and settings\Jérémy PIAU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 15:50 221184 ------w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 15:50 81920 ------w- c:\program files\Fichiers communs\Installshield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2010-01-27 10:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-03-02 12:41 1519616 ------w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
    2006-08-21 22:54 33128 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-05-19 05:51 774233 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
    2008-08-01 07:47 53248 ------w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
    2006-05-08 01:34 94208 ------w- c:\program files\Lenovo\HOTKEY\TPHKMGR.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
    2006-04-19 22:29 24576 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Cms\\Cms.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe"=
    "c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=
    "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\Ninja\\Ninja\\Ninja.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "c:\\Serveur HF\\Centre de Controle HF\\CC100HF.exe"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 12:48 10240]
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [24/02/2009 13:08 81920]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/02/2010 18:32 108289]
    R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [07/12/2006 17:08 32768]
    R2 Hyper File Server : BUREAU;Hyper File Server : BUREAU;c:\serveurhf\Manta.exe --SERVICE --> c:\serveurhf\Manta.exe --SERVICE [?]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/2010 12:22 12856]
    R2 MantaManager;MantaManager;c:\serveur hf\MantaManager.exe --SERVICE --> c:\serveur hf\MantaManager.exe --SERVICE [?]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 06:29 29178224]
    R2 MSSQL$RIVALISDB;SQL Server (RIVALISDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
    R2 RivalisAutoBackup;RivalisAutoBackup;c:\program files\Rivalis\AutoBackupRivalis\RivalisAutoBackup.exe [17/03/2009 14:21 24576]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [16/10/2009 11:58 6016]
    S2 Rivalis4NetServiceClient;Rivalis4NetServiceClient;c:\program files\Rivalis\Rivalis4NetServiceClient.exe [13/01/2009 22:15 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{846B17A4-ED46-4703-B414-CE6D9D4BD4ED}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig?hl=fr
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: ibizasoftware.com\saas
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {9FFA5747-4FDB-4221-A61E-4CAC0E5095A5} - hxxp://saas.ibizasoftware.com/6.2.8.1/dlls/iBiZaCL.dll
    FF - ProfilePath - c:\documents and settings\Jérémy PIAU\Application Data\Mozilla\Firefox\Profiles\d2n2ydy9.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-18 13:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hyper File Server : BUREAU]
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(780)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\tphklock.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'Explorer.EXE'(3304)
    c:\windows\system32\dlo116.dll
    c:\program files\MozyHome\mozyshell.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\libssl32.dll
    c:\windows\system32\LIBEAY32.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\serveurhf\Manta.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\pvsw\BIN\W3dbsmgr.EXE
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\LogMeIn\x86\LMIGuardian.exe
    c:\serveur hf\MantaManager.exe
    c:\program files\MozyHome\mozybackup.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Lenovo\PM Driver\PMSveH.exe
    c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-18 13:37:16 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-18 11:37
    ComboFix2.txt 2010-09-18 11:01
    ComboFix3.txt 2010-09-18 09:31
    ComboFix4.txt 2010-09-17 18:32

    Avant-CF: 34 382 282 752 octets libres
    Après-CF: 34 373 300 224 octets libres

    - - End Of File - - 89426787F735115C75EC00CA7B53639E
    0
  19. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    1)

    supprimes spybot si ce n'est pas déjà fait, inutile, freine le pc et gêne les outils

    ................

    2)

    Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    choisis l'option CLEAN

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    colle le contenu dans ta reponse

    ....................

    3)

    Téléchargez USBFIX de El Desaparecido, C_xx

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    ou
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Utilisateur de vista et windows 7 :
    ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    Double clic sur le raccourci UsbFix présent sur le bureau .

    Choisir l'option suppression
    (d'autres options disponibles, voir le tutoriel).
    Laissez travailler l'outil.
    Le menu démarrer et les icônes vont disparaître.. c'est normal.

    Si un message te demande de redémarrer l'ordinateur fais le ...

    Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

    Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    * Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    * Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

    Il est enregistré sur ton bureau.

    Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

    ...................

    4)

    Fais un nouveau rapport ZHPdiag stp

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    0
  20. joks
     
    Je ferais tout cela lundi, merci pour tout.
    0
    1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      ok

      bon week end
      0
  • 1
  • 2