Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/Ponmocup.AA trojan


  • Please log in to reply
16 replies to this topic

#1 mjul23

mjul23

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 September 2012 - 10:26 AM

bonjour j'ai ce virus depuis quelques jours sur l'ordi de mes parents j'espère que vous pourrez m'aider voici le log de DDS + le ficchier en pièce jointe

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by REJO at 15:47:52 on 2012-09-06
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1983.1228 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HomePlayer\HomePlayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\REJO\Mes documents\Téléchargements\dds.com
.
============== Pseudo HJT Report ===============
.
uWindow Title =
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Serveur VNC pour Win32] c:\program files\ultravnc\winvnc.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [HomePlayer] c:\program files\homeplayer\HomePlayer.exe -autostart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203776276234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345988727921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{7E592B13-FBAB-4BD6-B1FD-E1DDBA7324EE} : DhcpNameServer = 212.27.40.240 212.27.40.241
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rejo\application data\mozilla\firefox\profiles\ne373vh1.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=19d4q1THsB2&search=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\rejo\application data\mozilla\firefox\profiles\ne373vh1.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\rejo\application data\mozilla\firefox\profiles\ne373vh1.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-17 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-17 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-17 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-17 44808]
S2 gupdate1c98630528a6ac8;Google Update Service (gupdate1c98630528a6ac8);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-2-23 6016]
S3 d659b488-43fb-47a5-91b0-cb6288bb821f;d659b488-43fb-47a5-91b0-cb6288bb821f;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-5-29 234864]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2012-08-26 13:32:23 -------- d-----w- c:\program files\Ad-Remover
2012-08-17 18:34:53 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-17 18:34:09 41224 ----a-w- c:\windows\avastSS.scr
2012-08-17 18:33:38 -------- d-----w- c:\program files\AVAST Software
2012-08-17 18:33:38 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-17 18:31:04 -------- d-----w- c:\windows\system32\appmgmt
2012-08-16 10:11:05 629760 ----a-w- c:\windows\system32\SET8DA.tmp
2012-08-16 10:11:03 2000384 ----a-w- c:\windows\system32\SET8DE.tmp
2012-08-16 10:11:02 55296 ----a-w- c:\windows\system32\SET8D9.tmp
2012-08-16 10:10:59 1212416 ----a-w- c:\windows\system32\SET8D3.tmp
2012-08-16 10:10:58 105984 ----a-w- c:\windows\system32\SET8D4.tmp
2012-08-16 10:10:57 6008320 ----a-w- c:\windows\system32\SET8D8.tmp
2012-08-16 10:10:56 916992 ----a-w- c:\windows\system32\SET8D2.tmp
2012-08-07 15:14:29 114688 --sha-r- c:\windows\system32\msiexec7.dll
.
==================== Find3M ====================
.
2012-08-17 19:17:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59:05 78336 ----a-w- c:\windows\system32\SETA0B.tmp
2012-07-06 13:59:05 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 13:59:05 337920 ----a-w- c:\windows\system32\SETA0A.tmp
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:27:23 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 21:09:48 11111424 ----a-w- c:\windows\system32\SET8E0.tmp
2012-07-02 17:39:50 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39:47 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-13 13:55:13 1866240 ------w- c:\windows\system32\_000005_.tmp.dll
.
============= FINISH: 15:48:40,92 ===============

BC AdBot (Login to Remove)

 


#2 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 September 2012 - 05:46 AM

nobody to help me please ?

#3 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 08 September 2012 - 07:00 AM

up :)

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 09 September 2012 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

p.s.
I can read French, so if you need to express yourself in French it's OK.

#5 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 11 September 2012 - 03:04 PM

merci j'essaye dès que possible et je vous tiens au courant
Merci

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 17 September 2012 - 08:23 AM

es-tu encore avec moi?

#7 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 September 2012 - 05:15 PM

je suis toujours là mais pas eu encore le temps de tester chez mes parents... je te tiens au courant bientôt ;) merci

#8 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 23 September 2012 - 11:39 AM

ComboFix 12-09-23.02 - REJO 23/09/2012 18:16:18.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1983.1386 [GMT 2:00]
Lancé depuis: c:\documents and settings\REJO\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SET6AB.tmp
c:\windows\system32\SET6AF.tmp
c:\windows\system32\SET6B0.tmp
c:\windows\system32\SET6B7.tmp
c:\windows\system32\SET8D2.tmp
c:\windows\system32\SET8D3.tmp
c:\windows\system32\SET8D4.tmp
c:\windows\system32\SET8D8.tmp
c:\windows\system32\SET8D9.tmp
c:\windows\system32\SET8DA.tmp
c:\windows\system32\SET8DE.tmp
c:\windows\system32\SET8E0.tmp
c:\windows\system32\SETA0A.tmp
c:\windows\system32\SETA0B.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-23 au 2012-09-23 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-13 12:40 . 2012-09-13 12:40 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-26 13:32 . 2012-08-26 13:32 -------- d-----w- c:\program files\Ad-Remover
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2012-08-17 18:34 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-08-17 18:34 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-08-17 18:34 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-08-17 18:34 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-08-17 18:34 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-08-17 18:34 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-08-17 18:34 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-08-17 18:34 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-08-17 18:34 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-08-17 18:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-17 19:17 . 2012-01-29 11:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-02-23 13:33 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:27 . 2004-08-05 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2009-10-12 10:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:39 . 2004-08-05 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-09-13 12:40 . 2011-06-26 17:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Serveur VNC pour Win32"="c:\program files\UltraVNC\winvnc.exe" [2006-07-17 364544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-22 273544]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-23 789008]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Freezer1.4\\freezer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5117:TCP"= 5117:TCP:Windows Core Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/08/2012 20:34 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/08/2012 20:34 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/08/2012 20:34 21256]
S2 gupdate1c98630528a6ac8;Google Update Service (gupdate1c98630528a6ac8);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 20:50 133104]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [23/02/2008 15:59 6016]
S3 d659b488-43fb-47a5-91b0-cb6288bb821f;d659b488-43fb-47a5-91b0-cb6288bb821f;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 20:50 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/04/2012 23:04 114144]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-17 09:12]
.
2012-09-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 18:03]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:50]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:50]
.
2012-09-23 c:\windows\Tasks\IUQKHL.job
- c:\windows\system32\msiexec7.dll [2012-08-07 15:14]
.
2012-09-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:39]
.
2012-09-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1715567821-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-09-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1715567821-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\REJO\Application Data\Mozilla\Firefox\Profiles\ne373vh1.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=19d4q1THsB2&search=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Heure de fin: 2012-09-23 18:23:07
ComboFix-quarantined-files.txt 2012-09-23 16:23
.
Avant-CF: 9 444 368 384 octets libres
Après-CF: 10 675 421 184 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 41CE56D9B1DCA46E82555A9C8DE21CC3




Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
TuneUp Utilities 2008
Java™ 6 Update 26
Java™ 6 Update 6
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````





# AdwCleaner v2.002 - Rapport créé le 23/09/2012 à 18:33:53
# Mis à jour le 16/09/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : REJO - MANAUX
# Mode de démarrage : Normal
# Exécuté depuis : C:\Documents and Settings\REJO\Bureau\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\REJO\Local Settings\Application Data\IncrediMail_MediaBar_2

***** [Registre] *****

Clé Présente : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Clé Présente : HKCU\Software\AppDataLow\Software\SmartBar
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\IM
Clé Présente : HKCU\Software\ImInstaller
Clé Présente : HKCU\Software\IncrediMail_MediaBar_2
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Clé Présente : HKLM\Software\ImInstaller
Clé Présente : HKU\S-1-5-21-343818398-1715567821-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v15.0.1 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\REJO\Application Data\Mozilla\Firefox\Profiles\ne373vh1.default\prefs.js

Présente : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Présente : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Présente : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Présente : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Présente : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Présente : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Présente : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Présente : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Présente : user_pref("CT2724386.CTID", "ct2724431");
Présente : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Thu Apr 07 2011 23:05:23 GMT+0200");
Présente : user_pref("CT2724386.CommunityChanged", true);
Présente : user_pref("CT2724386.CurrentServerDate", "7-4-2011");
Présente : user_pref("CT2724386.DialogsAlignMode", "LTR");
Présente : user_pref("CT2724386.DownloadReferralCookieData", "");
Présente : user_pref("CT2724386.FeedPollDate129251218914197895", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.FirstServerDate", "7-4-2011");
Présente : user_pref("CT2724386.FirstTime", true);
Présente : user_pref("CT2724386.FirstTimeFF3", true);
Présente : user_pref("CT2724386.FirstTimeSettingsDone", true);
Présente : user_pref("CT2724386.FixPageNotFoundErrors", true);
Présente : user_pref("CT2724386.GroupingLastCheckTime", "Thu Apr 07 2011 22:23:05 GMT+0200");
Présente : user_pref("CT2724386.GroupingLastErrorCode", "");
Présente : user_pref("CT2724386.GroupingLastResponse", true);
Présente : user_pref("CT2724386.GroupingLastServerUpdateTime", "129464820130000000");
Présente : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Présente : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Présente : user_pref("CT2724386.Initialize", true);
Présente : user_pref("CT2724386.InitializeCommonPrefs", true);
Présente : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Présente : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
Présente : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Présente : user_pref("CT2724386.InstalledDate", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.IsGrouping", true);
Présente : user_pref("CT2724386.IsMulticommunity", false);
Présente : user_pref("CT2724386.IsOpenThankYouPage", false);
Présente : user_pref("CT2724386.IsOpenUninstallPage", true);
Présente : user_pref("CT2724386.LanguagePackLastCheckTime", "Thu Apr 07 2011 22:22:28 GMT+0200");
Présente : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Présente : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Présente : user_pref("CT2724386.LastLogin_2.7.2.0", "Thu Apr 07 2011 22:22:28 GMT+0200");
Présente : user_pref("CT2724386.LatestVersion", "3.3.3.2");
Présente : user_pref("CT2724386.Locale", "en");
Présente : user_pref("CT2724386.LoginCache", 4);
Présente : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Présente : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Présente : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Présente : user_pref("CT2724386.RadioIsPodcast", false);
Présente : user_pref("CT2724386.RadioMediaID", "21095466");
Présente : user_pref("CT2724386.RadioMediaType", "Media Player");
Présente : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621095466");
Présente : user_pref("CT2724386.RadioStationName", "ckln.fm");
Présente : user_pref("CT2724386.RadioStationURL", "hxxp://141.117.225.9:8000");
Présente : user_pref("CT2724386.SHRINK_TOOLBAR", 1);
Présente : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Présente : user_pref("CT2724386.SearchInNewTabEnabled", true);
Présente : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Présente : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Présente : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Présente : user_pref("CT2724386.SettingsCheckIntervalMin", 120);
Présente : user_pref("CT2724386.SettingsLastCheckTime", "Thu Apr 07 2011 22:22:24 GMT+0200");
Présente : user_pref("CT2724386.SettingsLastUpdate", "1301997613");
Présente : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Présente : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Thu Apr 07 2011 22:22:23 GMT+0200");
Présente : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978");
Présente : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Présente : user_pref("CT2724386.UserID", "UN43243237334558077");
Présente : user_pref("CT2724386.WeatherNetwork", "");
Présente : user_pref("CT2724386.WeatherPollDate", "Thu Apr 07 2011 22:53:06 GMT+0200");
Présente : user_pref("CT2724386.WeatherUnit", "C");
Présente : user_pref("CT2724386.clientLogIsEnabled", false);
Présente : user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Présente : user_pref("CT2724386.ct2724431.DialogsAlignMode", "LTR");
Présente : user_pref("CT2724386.ct2724431.FeedLastCount129251218914197895", 10);
Présente : user_pref("CT2724386.ct2724431.FirstTimeSettingsDone", true);
Présente : user_pref("CT2724386.ct2724431.GroupingInvalidateCache", false);
Présente : user_pref("CT2724386.ct2724431.GroupingLastCheckTime", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.ct2724431.GroupingLastErrorCode", "");
Présente : user_pref("CT2724386.ct2724431.GroupingLastResponse", true);
Présente : user_pref("CT2724386.ct2724431.GroupingLastServerUpdateTime", "129436467272530000");
Présente : user_pref("CT2724386.ct2724431.InvalidateCache", false);
Présente : user_pref("CT2724386.ct2724431.LanguagePackLastCheckTime", "Thu Apr 07 2011 22:22:29 GMT+0200");
Présente : user_pref("CT2724386.ct2724431.Locale", "fr");
Présente : user_pref("CT2724386.ct2724431.RadioLastCheckTime", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.ct2724431.RadioLastUpdateIPServer", "3");
Présente : user_pref("CT2724386.ct2724431.RadioLastUpdateServer", "129251287354370000");
Présente : user_pref("CT2724386.ct2724431.SearchInNewTabLastCheckTime", "Thu Apr 07 2011 22:23:05 GMT+0200");
Présente : user_pref("CT2724386.ct2724431.SettingsCheckIntervalMin", 120);
Présente : user_pref("CT2724386.ct2724431.SettingsLastCheckTime", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.ct2724431.SettingsLastUpdate", "1301829146");
Présente : user_pref("CT2724386.ct2724431.ThirdPartyComponentsLastCheck", "Thu Apr 07 2011 22:22:27 GMT+0200");
Présente : user_pref("CT2724386.ct2724431.ThirdPartyComponentsLastUpdate", "1255344667");
Présente : user_pref("CT2724386.myStuffEnabled", true);
Présente : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Présente : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Présente : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Présente : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Présente : user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Présente : user_pref("browser.search.defaultenginename", "MyStart Search");
Présente : user_pref("browser.search.selectedEngine", "MyStart Search");

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Documents and Settings\REJO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [9483 octets] - [23/09/2012 18:33:53]

########## EOF - C:\AdwCleaner[R1].txt - [9543 octets] ##########

#9 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 23 September 2012 - 11:51 AM

j'ai rebooté ça a marché quelques secondes et toujours le même problème :(

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 23 September 2012 - 12:38 PM

Execute AdwCleaner and choisi Delete. Affice le rapport si tu peut.

Tu peut executer ces prochains programmes en "Safe Mode"

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 14 October 2012 - 10:11 AM

The topic is reopened

#12 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 14 October 2012 - 04:18 PM

15:43:27.0406 1488 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:43:27.0531 1488 ============================================================
15:43:27.0531 1488 Current date / time: 2012/10/14 15:43:27.0531
15:43:27.0531 1488 SystemInfo:
15:43:27.0531 1488
15:43:27.0531 1488 OS Version: 5.1.2600 ServicePack: 3.0
15:43:27.0531 1488 Product type: Workstation
15:43:27.0531 1488 ComputerName: MANAUX
15:43:27.0531 1488 UserName: REJO
15:43:27.0531 1488 Windows directory: C:\WINDOWS
15:43:27.0531 1488 System windows directory: C:\WINDOWS
15:43:27.0531 1488 Processor architecture: Intel x86
15:43:27.0531 1488 Number of processors: 2
15:43:27.0531 1488 Page size: 0x1000
15:43:27.0531 1488 Boot type: Safe boot with network
15:43:27.0531 1488 ============================================================
15:43:29.0703 1488 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:43:29.0703 1488 ============================================================
15:43:29.0703 1488 \Device\Harddisk0\DR0:
15:43:29.0703 1488 MBR partitions:
15:43:29.0703 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
15:43:29.0718 1488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x50ADDD3
15:43:29.0718 1488 ============================================================
15:43:29.0750 1488 C: <-> \Device\Harddisk0\DR0\Partition1
15:43:29.0765 1488 E: <-> \Device\Harddisk0\DR0\Partition2
15:43:29.0765 1488 ============================================================
15:43:29.0765 1488 Initialize success
15:43:29.0765 1488 ============================================================
15:43:32.0406 1600 ============================================================
15:43:32.0406 1600 Scan started
15:43:32.0406 1600 Mode: Manual;
15:43:32.0406 1600 ============================================================
15:43:33.0265 1600 ================ Scan system memory ========================
15:43:33.0265 1600 System memory - ok
15:43:33.0265 1600 ================ Scan services =============================
15:43:33.0390 1600 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
15:43:33.0390 1600 Aavmker4 - ok
15:43:33.0406 1600 Abiosdsk - ok
15:43:33.0437 1600 abp480n5 - ok
15:43:33.0468 1600 [ E5E6DBFC41EA8AAD005CB9A57A96B43B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:43:33.0484 1600 ACPI - ok
15:43:33.0515 1600 [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:43:33.0515 1600 ACPIEC - ok
15:43:33.0531 1600 adpu160m - ok
15:43:33.0562 1600 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:43:33.0578 1600 aec - ok
15:43:33.0609 1600 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:43:33.0609 1600 AFD - ok
15:43:33.0625 1600 Aha154x - ok
15:43:33.0640 1600 aic78u2 - ok
15:43:33.0671 1600 aic78xx - ok
15:43:33.0703 1600 [ 758FDC60D41716EF889D849989B4B1CD ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:43:33.0718 1600 Alerter - ok
15:43:33.0734 1600 [ 5E9A6658A2A69AE7EB195113B7A2E7A9 ] ALG C:\WINDOWS\System32\alg.exe
15:43:33.0734 1600 ALG - ok
15:43:33.0750 1600 AliIde - ok
15:43:33.0765 1600 amsint - ok
15:43:33.0875 1600 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:33.0890 1600 Apple Mobile Device - ok
15:43:33.0921 1600 [ F36C9F78FC902C8DCE4D3B576BB0435A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:43:33.0921 1600 AppMgmt - ok
15:43:33.0937 1600 asc - ok
15:43:33.0953 1600 asc3350p - ok
15:43:33.0968 1600 asc3550 - ok
15:43:34.0031 1600 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:43:34.0031 1600 aswFsBlk - ok
15:43:34.0078 1600 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
15:43:34.0078 1600 aswMon2 - ok
15:43:34.0093 1600 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
15:43:34.0093 1600 AswRdr - ok
15:43:34.0125 1600 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:43:34.0140 1600 aswSnx - ok
15:43:34.0187 1600 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:43:34.0203 1600 aswSP - ok
15:43:34.0250 1600 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:43:34.0250 1600 aswTdi - ok
15:43:34.0265 1600 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:43:34.0265 1600 AsyncMac - ok
15:43:34.0281 1600 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:43:34.0281 1600 atapi - ok
15:43:34.0312 1600 Atdisk - ok
15:43:34.0343 1600 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:43:34.0359 1600 Atmarpc - ok
15:43:34.0406 1600 [ B4005AEF7873144634765B570DAC466E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:43:34.0406 1600 AudioSrv - ok
15:43:34.0437 1600 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:43:34.0468 1600 audstub - ok
15:43:34.0578 1600 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:43:34.0656 1600 avast! Antivirus - ok
15:43:34.0687 1600 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:43:34.0718 1600 Beep - ok
15:43:34.0765 1600 [ BAA0B6E647C1AD593E9BAE5CC31BCFFB ] BITS C:\WINDOWS\system32\qmgr.dll
15:43:34.0828 1600 BITS - ok
15:43:34.0875 1600 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:43:34.0890 1600 Bonjour Service - ok
15:43:34.0937 1600 [ 952322AE7F95A21F3EEDA99C36C68663 ] Browser C:\WINDOWS\System32\browser.dll
15:43:34.0937 1600 Browser - ok
15:43:35.0031 1600 catchme - ok
15:43:35.0046 1600 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:43:35.0062 1600 cbidf2k - ok
15:43:35.0062 1600 cd20xrnt - ok
15:43:35.0093 1600 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:43:35.0093 1600 Cdaudio - ok
15:43:35.0171 1600 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:43:35.0171 1600 Cdfs - ok
15:43:35.0203 1600 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:43:35.0218 1600 Cdrom - ok
15:43:35.0218 1600 Changer - ok
15:43:35.0265 1600 [ 793EF38A5FD086C3C8E48A8A861562ED ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:43:35.0265 1600 CiSvc - ok
15:43:35.0296 1600 [ 8B30CBB0C07D49B2658FB190946B0E7E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:43:35.0296 1600 ClipSrv - ok
15:43:35.0296 1600 CmdIde - ok
15:43:35.0328 1600 COMSysApp - ok
15:43:35.0359 1600 Cpqarray - ok
15:43:35.0406 1600 [ 7A6D0B71035E123FDDA2156A25578AD3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:43:35.0406 1600 CryptSvc - ok
15:43:35.0421 1600 d659b488-43fb-47a5-91b0-cb6288bb821f - ok
15:43:35.0437 1600 dac2w2k - ok
15:43:35.0468 1600 dac960nt - ok
15:43:35.0515 1600 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:43:35.0515 1600 DcomLaunch - ok
15:43:35.0562 1600 [ 318F535DC05551D96DEEB90B6D6904DE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:43:35.0578 1600 Dhcp - ok
15:43:35.0593 1600 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:43:35.0593 1600 Disk - ok
15:43:35.0609 1600 dmadmin - ok
15:43:35.0656 1600 [ F5DEADD42335FB33EDCA74ECB2F36CBA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:43:35.0687 1600 dmboot - ok
15:43:35.0703 1600 [ 5A7C47C9B3F9FB92A66410A7509F0C71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:43:35.0703 1600 dmio - ok
15:43:35.0734 1600 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:43:35.0734 1600 dmload - ok
15:43:35.0750 1600 [ 6797C23D6B79935482D7F0E8CA5E5B67 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:43:35.0750 1600 dmserver - ok
15:43:35.0781 1600 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:43:35.0781 1600 DMusic - ok
15:43:35.0828 1600 [ 1A1E59377FB6CACD711CC5073C4A7D79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:43:35.0828 1600 Dnscache - ok
15:43:35.0859 1600 [ 3FCF86F03D0302443C21CE6E5BBF7A25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:43:35.0859 1600 Dot3svc - ok
15:43:35.0875 1600 dpti2o - ok
15:43:35.0937 1600 [ 41607AD6DA2EA04F25EA869A1CE7A0A7 ] driverhardwarev2 C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15:43:35.0937 1600 driverhardwarev2 - ok
15:43:35.0953 1600 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:43:35.0953 1600 drmkaud - ok
15:43:36.0000 1600 [ 8B5FC9087D2CAB110BC2ED5CC5E7B8AC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:43:36.0000 1600 EapHost - ok
15:43:36.0031 1600 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
15:43:36.0031 1600 ENTECH - ok
15:43:36.0062 1600 [ 94F948CB12C4D35483F1E815DEB16C7B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:43:36.0062 1600 ERSvc - ok
15:43:36.0093 1600 [ C3FB1D70CB88722267949694BA51759E ] Eventlog C:\WINDOWS\system32\services.exe
15:43:36.0109 1600 Eventlog - ok
15:43:36.0140 1600 [ EC16AE9B37EACF871629227A3F3913FD ] EventSystem C:\WINDOWS\system32\es.dll
15:43:36.0156 1600 EventSystem - ok
15:43:36.0187 1600 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:43:36.0187 1600 Fastfat - ok
15:43:36.0234 1600 [ 1B8542F338CDD86929A084A455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:43:36.0234 1600 FastUserSwitchingCompatibility - ok
15:43:36.0281 1600 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:43:36.0281 1600 Fdc - ok
15:43:36.0296 1600 [ 31F923EB2170FC172C81ABDA0045D18C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:43:36.0296 1600 Fips - ok
15:43:36.0328 1600 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:43:36.0328 1600 Flpydisk - ok
15:43:36.0375 1600 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:43:36.0375 1600 FltMgr - ok
15:43:36.0390 1600 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:43:36.0390 1600 Fs_Rec - ok
15:43:36.0421 1600 [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:43:36.0421 1600 Ftdisk - ok
15:43:36.0453 1600 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:43:36.0453 1600 GEARAspiWDM - ok
15:43:36.0453 1600 GMSIPCI - ok
15:43:36.0500 1600 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:43:36.0515 1600 Gpc - ok
15:43:36.0578 1600 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98630528a6ac8 C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:36.0593 1600 gupdate1c98630528a6ac8 - ok
15:43:36.0609 1600 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:36.0609 1600 gupdatem - ok
15:43:36.0656 1600 [ 5467F1FF0AF264566740F67E8B810735 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:43:36.0671 1600 gusvc - ok
15:43:36.0687 1600 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:43:36.0703 1600 HDAudBus - ok
15:43:36.0734 1600 [ 1247F83B705AF0E796330442F7967CF8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:43:36.0734 1600 helpsvc - ok
15:43:36.0750 1600 HidServ - ok
15:43:36.0796 1600 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:43:36.0796 1600 hidusb - ok
15:43:36.0828 1600 [ 17B3C3D40CDBA40C2E331D28BE4DE27F ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:43:36.0828 1600 hkmsvc - ok
15:43:36.0843 1600 hpn - ok
15:43:36.0906 1600 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:43:36.0906 1600 HPZid412 - ok
15:43:36.0937 1600 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:43:36.0937 1600 HPZipr12 - ok
15:43:36.0968 1600 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:43:36.0968 1600 HPZius12 - ok
15:43:37.0015 1600 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:43:37.0015 1600 HTTP - ok
15:43:37.0046 1600 [ BD31CFACE38D1800ABDB43F4260AF0D5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:43:37.0046 1600 HTTPFilter - ok
15:43:37.0062 1600 i2omgmt - ok
15:43:37.0078 1600 i2omp - ok
15:43:37.0125 1600 [ A09BDC4ED10E3B2E0EC27BB94AF32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:43:37.0125 1600 i8042prt - ok
15:43:37.0140 1600 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:43:37.0156 1600 Imapi - ok
15:43:37.0187 1600 [ C4221678BBAA55239C23632875759961 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:43:37.0187 1600 ImapiService - ok
15:43:37.0218 1600 ini910u - ok
15:43:37.0375 1600 [ B1A809E7FE19BECD5ACA61F0E7088C8C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:43:37.0484 1600 IntcAzAudAddService - ok
15:43:37.0500 1600 IntelIde - ok
15:43:37.0546 1600 [ AD340800C35A42D4DE1641A37FEEA34C ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:43:37.0546 1600 intelppm - ok
15:43:37.0578 1600 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:43:37.0578 1600 Ip6Fw - ok
15:43:37.0609 1600 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:43:37.0609 1600 IpFilterDriver - ok
15:43:37.0640 1600 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:43:37.0640 1600 IpInIp - ok
15:43:37.0671 1600 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:43:37.0671 1600 IpNat - ok
15:43:37.0734 1600 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:43:37.0750 1600 iPod Service - ok
15:43:37.0765 1600 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:43:37.0765 1600 IPSec - ok
15:43:37.0796 1600 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:43:37.0796 1600 IRENUM - ok
15:43:37.0828 1600 [ 355836975A67B6554BCA60328CD6CB74 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:43:37.0828 1600 isapnp - ok
15:43:37.0921 1600 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:43:37.0921 1600 JavaQuickStarterService - ok
15:43:37.0953 1600 [ 16813155807C6881F4BFBF6657424659 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:43:37.0953 1600 Kbdclass - ok
15:43:37.0968 1600 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:43:37.0984 1600 kmixer - ok
15:43:38.0000 1600 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:43:38.0000 1600 KSecDD - ok
15:43:38.0015 1600 [ F3A17F3FD54CA73C0BCBCC3FE0C47E13 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:43:38.0015 1600 L8042Kbd - ok
15:43:38.0062 1600 [ 1DB8078A32E03AC8F5EB5E6DCAC2AA34 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:43:38.0062 1600 lanmanserver - ok
15:43:38.0109 1600 [ AD54EAD46D92F413BE189AABC1C59490 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:43:38.0109 1600 lanmanworkstation - ok
15:43:38.0125 1600 lbrtfdc - ok
15:43:38.0156 1600 [ 23D84187822A0020B9F1EA71C7DB3193 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:43:38.0156 1600 LHidFilt - ok
15:43:38.0218 1600 [ 0F357C079AC529A844AB5B18E4EEF881 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:43:38.0218 1600 LmHosts - ok
15:43:38.0234 1600 [ 596499C81CB4B5841F91CFE3F514D202 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:43:38.0234 1600 LMouFilt - ok
15:43:38.0281 1600 [ D42AA9F3BAF17B2E7B0135C741F0BE36 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:43:38.0281 1600 LUsbFilt - ok
15:43:38.0328 1600 [ 9FFBB926985CEFED196DDD00478BBB93 ] maconfservice C:\Program Files\ma-config.com\maconfservice.exe
15:43:38.0328 1600 maconfservice - ok
15:43:38.0375 1600 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
15:43:38.0390 1600 MDM - ok
15:43:38.0421 1600 [ E67A66A3781C1A483F0F8992664CBE0D ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:43:38.0421 1600 Messenger - ok
15:43:38.0453 1600 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:43:38.0468 1600 mnmdd - ok
15:43:38.0500 1600 [ D3A2870CD96CDA7BCFF3DC54F64087AD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:43:38.0500 1600 mnmsrvc - ok
15:43:38.0531 1600 [ 510ADE9327FE84C10254E1902697E25F ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:43:38.0531 1600 Modem - ok
15:43:38.0562 1600 [ 027C01BD7EF3349AAEBC883D8A799EFB ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:43:38.0562 1600 Mouclass - ok
15:43:38.0578 1600 [ 124D6846040C79B9C997F78EF4B2A4E5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:43:38.0578 1600 mouhid - ok
15:43:38.0609 1600 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:43:38.0609 1600 MountMgr - ok
15:43:38.0656 1600 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:43:38.0656 1600 MozillaMaintenance - ok
15:43:38.0671 1600 mraid35x - ok
15:43:38.0703 1600 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:43:38.0703 1600 MRxDAV - ok
15:43:38.0750 1600 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:43:38.0750 1600 MRxSmb - ok
15:43:38.0781 1600 [ 8648D670AE0D95C95E7BBB5B80661796 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:43:38.0781 1600 MSDTC - ok
15:43:38.0812 1600 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:43:38.0812 1600 Msfs - ok
15:43:38.0812 1600 MSICPL - ok
15:43:38.0843 1600 MSIServer - ok
15:43:38.0875 1600 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:43:38.0875 1600 MSKSSRV - ok
15:43:38.0906 1600 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:43:38.0906 1600 MSPCLOCK - ok
15:43:38.0937 1600 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:43:38.0937 1600 MSPQM - ok
15:43:38.0968 1600 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:43:38.0968 1600 mssmbios - ok
15:43:39.0000 1600 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:43:39.0000 1600 Mup - ok
15:43:39.0031 1600 [ 69E4FBBABAEEE1BFF422E091DA3171DA ] napagent C:\WINDOWS\System32\qagentrt.dll
15:43:39.0046 1600 napagent - ok
15:43:39.0062 1600 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:43:39.0062 1600 NDIS - ok
15:43:39.0109 1600 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:43:39.0109 1600 NdisTapi - ok
15:43:39.0125 1600 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:43:39.0125 1600 Ndisuio - ok
15:43:39.0140 1600 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:43:39.0140 1600 NdisWan - ok
15:43:39.0171 1600 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:43:39.0171 1600 NDProxy - ok
15:43:39.0203 1600 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:43:39.0203 1600 NetBIOS - ok
15:43:39.0234 1600 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:43:39.0234 1600 NetBT - ok
15:43:39.0281 1600 [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:43:39.0281 1600 NetDDE - ok
15:43:39.0281 1600 [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:43:39.0296 1600 NetDDEdsdm - ok
15:43:39.0328 1600 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] Netlogon C:\WINDOWS\system32\lsass.exe
15:43:39.0328 1600 Netlogon - ok
15:43:39.0375 1600 [ BE0CB143FA427D93440DED18DB8C918B ] Netman C:\WINDOWS\System32\netman.dll
15:43:39.0375 1600 Netman - ok
15:43:39.0406 1600 [ 6F5F546A92C7B6AE45DB1D6910781EB0 ] Nla C:\WINDOWS\System32\mswsock.dll
15:43:39.0421 1600 Nla - ok
15:43:39.0453 1600 [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
15:43:39.0453 1600 nmwcd - ok
15:43:39.0484 1600 [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
15:43:39.0484 1600 nmwcdc - ok
15:43:39.0500 1600 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:43:39.0500 1600 Npfs - ok
15:43:39.0515 1600 NTACCESS - ok
15:43:39.0562 1600 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:43:39.0578 1600 Ntfs - ok
15:43:39.0593 1600 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:43:39.0593 1600 NtLmSsp - ok
15:43:39.0640 1600 [ 037D92B3A7853A183FCAB77FB1D13D6C ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:43:39.0656 1600 NtmsSvc - ok
15:43:39.0687 1600 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:43:39.0687 1600 Null - ok
15:43:39.0921 1600 [ 406DDAB2B05D94D4818E97FF050D1BC6 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:43:40.0093 1600 nv - ok
15:43:40.0109 1600 [ 0258D664F93B4B01DDD621B8C084F322 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:43:40.0109 1600 NVENETFD - ok
15:43:40.0156 1600 [ 56EC9207906435EF1BF02F5C68E3FFEC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:43:40.0156 1600 nvnetbus - ok
15:43:40.0218 1600 [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
15:43:40.0218 1600 nvsmu - ok
15:43:40.0265 1600 [ B3ADEF87EE4ECA88380D730B92BDB231 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:43:40.0265 1600 NVSvc - ok
15:43:40.0296 1600 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:43:40.0296 1600 NwlnkFlt - ok
15:43:40.0312 1600 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:43:40.0312 1600 NwlnkFwd - ok
15:43:40.0390 1600 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
15:43:40.0406 1600 odserv - ok
15:43:40.0437 1600 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
15:43:40.0453 1600 ose - ok
15:43:40.0484 1600 [ 8FD0BDBEA875D06CCF6C945CA9ABAF75 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:43:40.0484 1600 Parport - ok
15:43:40.0531 1600 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:43:40.0531 1600 PartMgr - ok
15:43:40.0562 1600 [ 9575C5630DB8FB804649A6959737154C ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:43:40.0562 1600 ParVdm - ok
15:43:40.0578 1600 [ 043410877BDA580C528F45165F7125BC ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:43:40.0578 1600 PCI - ok
15:43:40.0593 1600 PCIDump - ok
15:43:40.0625 1600 [ F4BFDE7209C14A07AAA61E4D6AE69EAC ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:43:40.0640 1600 PCIIde - ok
15:43:40.0687 1600 [ F0406CBC60BDB0394A0E17FFB04CDD3D ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:43:40.0687 1600 Pcmcia - ok
15:43:40.0703 1600 PDCOMP - ok
15:43:40.0718 1600 PDFRAME - ok
15:43:40.0734 1600 PDRELI - ok
15:43:40.0765 1600 PDRFRAME - ok
15:43:40.0781 1600 perc2 - ok
15:43:40.0796 1600 perc2hib - ok
15:43:40.0875 1600 [ C3FB1D70CB88722267949694BA51759E ] PlugPlay C:\WINDOWS\system32\services.exe
15:43:40.0875 1600 PlugPlay - ok
15:43:40.0921 1600 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:43:40.0937 1600 Pml Driver HPZ12 - ok
15:43:40.0953 1600 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:43:40.0953 1600 PolicyAgent - ok
15:43:40.0984 1600 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:43:40.0984 1600 PptpMiniport - ok
15:43:41.0000 1600 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:43:41.0000 1600 ProtectedStorage - ok
15:43:41.0031 1600 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:43:41.0031 1600 PSched - ok
15:43:41.0046 1600 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:43:41.0046 1600 Ptilink - ok
15:43:41.0062 1600 ql1080 - ok
15:43:41.0093 1600 Ql10wnt - ok
15:43:41.0109 1600 ql12160 - ok
15:43:41.0125 1600 ql1240 - ok
15:43:41.0140 1600 ql1280 - ok
15:43:41.0171 1600 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:43:41.0171 1600 RasAcd - ok
15:43:41.0234 1600 [ 78DA9CCDAC683EF5AA87D1C919F6D221 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:43:41.0234 1600 RasAuto - ok
15:43:41.0265 1600 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:43:41.0265 1600 Rasl2tp - ok
15:43:41.0296 1600 [ 0A48DF90B4784F9B90A2671AF992C914 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:43:41.0312 1600 RasMan - ok
15:43:41.0312 1600 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:43:41.0328 1600 RasPppoe - ok
15:43:41.0343 1600 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:43:41.0343 1600 Raspti - ok
15:43:41.0390 1600 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:43:41.0390 1600 Rdbss - ok
15:43:41.0406 1600 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:43:41.0406 1600 RDPCDD - ok
15:43:41.0468 1600 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:43:41.0468 1600 rdpdr - ok
15:43:41.0515 1600 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:43:41.0515 1600 RDPWD - ok
15:43:41.0546 1600 [ 9F63D9C5B238ED1C375D417EFF3D5BE7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:43:41.0562 1600 RDSessMgr - ok
15:43:41.0593 1600 [ D8EB2A7904DB6C916EB5361878DDCBAE ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:43:41.0593 1600 redbook - ok
15:43:41.0625 1600 [ 7DA370C31673C99497BD07068EE6E354 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:43:41.0625 1600 RemoteAccess - ok
15:43:41.0671 1600 [ E598D81197E2E0EC42A0C55772BB00E8 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:43:41.0671 1600 RemoteRegistry - ok
15:43:41.0703 1600 [ 499C59A2584F6D4EA41E944DA571D993 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:43:41.0703 1600 RpcLocator - ok
15:43:41.0734 1600 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:43:41.0750 1600 RpcSs - ok
15:43:41.0781 1600 [ 414964844F4793ACB868D057E8ED997E ] RSVP C:\WINDOWS\system32\rsvp.exe
15:43:41.0781 1600 RSVP - ok
15:43:41.0812 1600 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] SamSs C:\WINDOWS\system32\lsass.exe
15:43:41.0812 1600 SamSs - ok
15:43:41.0843 1600 [ 67949CC8A865296C1333C96A4E1A2D66 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:43:41.0843 1600 SCardSvr - ok
15:43:41.0875 1600 [ 55F5C5C1BE1A78E285033E432BA01597 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:43:41.0890 1600 Schedule - ok
15:43:41.0937 1600 [ DAC1594437CD44FF57FAFC71256FE7F3 ] sdcplh C:\WINDOWS\system32\drivers\sdcplh.sys
15:43:41.0953 1600 sdcplh - ok
15:43:41.0984 1600 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:43:41.0984 1600 Secdrv - ok
15:43:42.0000 1600 [ 5AC311C0AF2AF5EC221670BB8DC479D3 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:43:42.0015 1600 seclogon - ok
15:43:42.0031 1600 [ 3531366F38F453D08FE72E7B32DFE786 ] SENS C:\WINDOWS\system32\sens.dll
15:43:42.0031 1600 SENS - ok
15:43:42.0062 1600 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:43:42.0062 1600 serenum - ok
15:43:42.0093 1600 [ 93D313C31F7AD9EA2B75F26075413C7C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:43:42.0093 1600 Serial - ok
15:43:42.0156 1600 [ 4C0A4FEFD62519552C0E5171F418C4BC ] ServiceLayer C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
15:43:42.0156 1600 ServiceLayer - ok
15:43:42.0156 1600 SetupNTGLM7X - ok
15:43:42.0203 1600 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:43:42.0203 1600 Sfloppy - ok
15:43:42.0250 1600 [ F4CE708A7D17A625DE6C0FD746D50E88 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:43:42.0265 1600 SharedAccess - ok
15:43:42.0281 1600 [ 1B8542F338CDD86929A084A455837158 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:43:42.0281 1600 ShellHWDetection - ok
15:43:42.0296 1600 Simbad - ok
15:43:42.0328 1600 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:43:42.0328 1600 SONYPVU1 - ok
15:43:42.0343 1600 Sparrow - ok
15:43:42.0390 1600 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:43:42.0390 1600 splitter - ok
15:43:42.0437 1600 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:43:42.0437 1600 Spooler - ok
15:43:42.0484 1600 [ 39626E6DC1FB39434EC40C42722B660A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:43:42.0484 1600 sr - ok
15:43:42.0515 1600 [ 6ED29124A1C83BD0CF6B26BD01CA6F6F ] srservice C:\WINDOWS\system32\srsvc.dll
15:43:42.0531 1600 srservice - ok
15:43:42.0562 1600 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:43:42.0562 1600 Srv - ok
15:43:42.0609 1600 [ EA9E0DB8684CEF2FD3BADD671DF5A112 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:43:42.0609 1600 SSDPSRV - ok
15:43:42.0640 1600 [ D76B0E8A4ECAD1ADCC75FD14A7ACC54C ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:43:42.0656 1600 stisvc - ok
15:43:42.0687 1600 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:43:42.0687 1600 swenum - ok
15:43:42.0718 1600 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:43:42.0718 1600 swmidi - ok
15:43:42.0734 1600 SwPrv - ok
15:43:42.0765 1600 symc810 - ok
15:43:42.0781 1600 symc8xx - ok
15:43:42.0796 1600 sym_hi - ok
15:43:42.0828 1600 sym_u3 - ok
15:43:42.0875 1600 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:43:42.0875 1600 sysaudio - ok
15:43:42.0906 1600 [ 0899061318A6B1D9596AABFC77F45E44 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:43:42.0921 1600 SysmonLog - ok
15:43:42.0953 1600 [ 8E5231171AD6595FF002E848CC54FCD7 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:43:42.0953 1600 TapiSrv - ok
15:43:43.0000 1600 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:43:43.0015 1600 Tcpip - ok
15:43:43.0046 1600 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:43:43.0046 1600 TDPIPE - ok
15:43:43.0078 1600 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:43:43.0078 1600 TDTCP - ok
15:43:43.0109 1600 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:43:43.0125 1600 TermDD - ok
15:43:43.0140 1600 [ 710BC85A8C22626EE094439E3EA0D38C ] TermService C:\WINDOWS\System32\termsrv.dll
15:43:43.0156 1600 TermService - ok
15:43:43.0187 1600 [ 1B8542F338CDD86929A084A455837158 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:43:43.0187 1600 Themes - ok
15:43:43.0234 1600 [ D859A9D2F026CE5804485068FFD6EAF2 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:43:43.0234 1600 TlntSvr - ok
15:43:43.0250 1600 TosIde - ok
15:43:43.0281 1600 [ E1A84A5067627407A53C2C4F8D8A1D2E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:43:43.0296 1600 TrkWks - ok
15:43:43.0343 1600 [ 233FCD3443CFBBAA27E7E463DCCBC528 ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
15:43:43.0359 1600 TuneUp.Defrag - ok
15:43:43.0390 1600 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:43:43.0390 1600 Udfs - ok
15:43:43.0406 1600 ultra - ok
15:43:43.0468 1600 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:43:43.0468 1600 Update - ok
15:43:43.0515 1600 [ BD8166A495B02308F364B36249475F22 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:43:43.0515 1600 upnphost - ok
15:43:43.0562 1600 [ BB16932A4189E82D6C455042C11849B6 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
15:43:43.0562 1600 upperdev - ok
15:43:43.0593 1600 [ 1EDC93D7BD731B5CA6248AE245099B60 ] UPS C:\WINDOWS\System32\ups.exe
15:43:43.0593 1600 UPS - ok
15:43:43.0656 1600 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:43:43.0656 1600 usbccgp - ok
15:43:43.0671 1600 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:43:43.0671 1600 usbehci - ok
15:43:43.0718 1600 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:43:43.0718 1600 usbhub - ok
15:43:43.0765 1600 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:43:43.0765 1600 usbohci - ok
15:43:43.0781 1600 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:43:43.0796 1600 usbprint - ok
15:43:43.0812 1600 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:43:43.0812 1600 usbscan - ok
15:43:43.0843 1600 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
15:43:43.0843 1600 usbser - ok
15:43:43.0859 1600 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:43:43.0859 1600 USBSTOR - ok
15:43:43.0921 1600 [ 25895CC7C3F101419A9ED1BF65A8BD62 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
15:43:43.0921 1600 UxTuneUp - ok
15:43:43.0937 1600 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:43:43.0937 1600 VgaSave - ok
15:43:43.0953 1600 ViaIde - ok
15:43:44.0015 1600 [ B67632451F760797BB183E1FB99F4B39 ] vnccom C:\WINDOWS\system32\Drivers\vnccom.SYS
15:43:44.0015 1600 vnccom - ok
15:43:44.0031 1600 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
15:43:44.0031 1600 vncdrv - ok
15:43:44.0062 1600 [ 46DE1126684369BACE4849E4FC8C43CA ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:43:44.0062 1600 VolSnap - ok
15:43:44.0093 1600 [ 5A4DA252B2C0550AB83D129C02CF6C19 ] VSS C:\WINDOWS\System32\vssvc.exe
15:43:44.0109 1600 VSS - ok
15:43:44.0140 1600 [ C1F726EE0B043B074A68992BC4AEF8FD ] W32Time C:\WINDOWS\system32\w32time.dll
15:43:44.0140 1600 W32Time - ok
15:43:44.0203 1600 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:43:44.0203 1600 Wanarp - ok
15:43:44.0265 1600 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:43:44.0265 1600 Wdf01000 - ok
15:43:44.0281 1600 WDICA - ok
15:43:44.0328 1600 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:43:44.0328 1600 wdmaud - ok
15:43:44.0375 1600 [ 714670E64FBE6D28D99871ED9A52A334 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:43:44.0375 1600 WebClient - ok
15:43:44.0453 1600 [ 5E9DEAE9980FF34BCD6DDE2E9E2BF911 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:43:44.0453 1600 winmgmt - ok
15:43:44.0515 1600 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:43:44.0515 1600 WmdmPmSN - ok
15:43:44.0562 1600 [ 31C1FD0BBDC5B81C21EDBA4331EDAE55 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:43:44.0578 1600 Wmi - ok
15:43:44.0625 1600 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:43:44.0625 1600 WmiAcpi - ok
15:43:44.0656 1600 [ 4E8E8A58F56B25D0795F484E5EB7F898 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:43:44.0671 1600 WmiApSrv - ok
15:43:44.0734 1600 [ C9BEA742CE225CC993C9465FDDAE4656 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:43:44.0765 1600 WMPNetworkSvc - ok
15:43:44.0796 1600 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:43:44.0796 1600 WS2IFSL - ok
15:43:44.0828 1600 [ C1FD85DB4A80A98D60ECB7A828E77FE0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:43:44.0859 1600 wscsvc - ok
15:43:44.0890 1600 [ 75D6C5C3D2C93B1F9931E5DFB693AE2A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:43:44.0890 1600 wuauserv - ok
15:43:44.0921 1600 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:43:44.0921 1600 WudfPf - ok
15:43:44.0953 1600 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:43:44.0953 1600 WudfRd - ok
15:43:44.0984 1600 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:43:44.0984 1600 WudfSvc - ok
15:43:45.0031 1600 [ C336E54EE0C291A02F004667DB1E66CB ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:43:45.0046 1600 WZCSVC - ok
15:43:45.0078 1600 [ F92A87FDDA0C11C8604FBC2B864FA726 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:43:45.0093 1600 xmlprov - ok
15:43:45.0093 1600 ================ Scan global ===============================
15:43:45.0140 1600 [ 61013AB2E38550619637AA6CC02383D4 ] C:\WINDOWS\system32\basesrv.dll
15:43:45.0171 1600 [ 8FB644D08037BB9CF532F697CCC0A8E6 ] C:\WINDOWS\system32\winsrv.dll
15:43:45.0187 1600 [ 8FB644D08037BB9CF532F697CCC0A8E6 ] C:\WINDOWS\system32\winsrv.dll
15:43:45.0250 1600 [ C3FB1D70CB88722267949694BA51759E ] C:\WINDOWS\system32\services.exe
15:43:45.0250 1600 [Global] - ok
15:43:45.0250 1600 ================ Scan MBR ==================================
15:43:45.0265 1600 [ C99C3199CFAA4CBDCD91493F6D113A50 ] \Device\Harddisk0\DR0
15:43:45.0421 1600 \Device\Harddisk0\DR0 - ok
15:43:45.0421 1600 ================ Scan VBR ==================================
15:43:45.0421 1600 [ 5CD458ED3FCC49582E29021CD8EFA26F ] \Device\Harddisk0\DR0\Partition1
15:43:45.0421 1600 \Device\Harddisk0\DR0\Partition1 - ok
15:43:45.0453 1600 [ CE2CCF4BD0DCEA61ADE8550E3ED55046 ] \Device\Harddisk0\DR0\Partition2
15:43:45.0453 1600 \Device\Harddisk0\DR0\Partition2 - ok
15:43:45.0453 1600 ============================================================
15:43:45.0453 1600 Scan finished
15:43:45.0453 1600 ============================================================
15:43:45.0484 1348 Detected object count: 0
15:43:45.0484 1348 Actual detected object count: 0
15:44:55.0343 1484 Deinitialize success

-------------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 15:44:57
-----------------------------
15:44:57.187 OS Version: Windows 5.1.2600 Service Pack 3
15:44:57.187 Number of processors: 2 586 0xF0D
15:44:57.187 ComputerName: MANAUX UserName: REJO
15:44:57.421 Initialize success
15:44:58.828 AVAST engine defs: 12101400
15:45:00.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:45:00.562 Disk 0 Vendor: WDC_WD800AAJS-00PSA0 05.06H05 Size: 76319MB BusType: 3
15:45:00.593 Disk 0 MBR read successfully
15:45:00.593 Disk 0 MBR scan
15:45:01.046 Disk 0 Windows XP default MBR code
15:45:01.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63
15:45:01.468 Disk 0 Partition - 00 0F Extended LBA 41307 MB offset 71682030
15:45:01.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 41307 MB offset 71682093
15:45:01.515 Disk 0 scanning sectors +156280320
15:45:01.843 Disk 0 scanning C:\WINDOWS\system32\drivers
15:45:15.625 Service scanning
15:45:18.609 Service d659b488-43fb-47a5-91b0-cb6288bb821f D:\Player\cds300.dll **LOCKED** 21
15:45:19.781 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
15:45:22.109 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
15:45:22.984 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
15:45:25.562 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
15:45:28.781 Modules scanning
15:45:32.750 Disk 0 trace - called modules:
15:45:32.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:45:33.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a288ab8]
15:45:33.156 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a33db58]
15:45:33.296 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a31e940]
15:45:33.578 AVAST engine scan C:\WINDOWS
15:45:43.406 AVAST engine scan C:\WINDOWS\system32
15:47:01.984 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:11.859 AVAST engine scan C:\Documents and Settings\REJO
15:48:29.453 File: C:\Documents and Settings\REJO\Bureau\ESET NOD32 Antivirus 3.0.669 Business Edition\NodLogin 9.6 For NOD32 32 & 64 bits\NodLogin_9.6_32Bits\setup.exe **INFECTED** Win32:Trojan-gen
15:48:29.734 File: C:\Documents and Settings\REJO\Bureau\ESET NOD32 Antivirus 3.0.669 Business Edition\NodLogin 9.6 For NOD32 32 & 64 bits\NodLogin_9.6_64Bits\setup.exe **INFECTED** Win32:Trojan-gen
15:52:14.218 AVAST engine scan C:\Documents and Settings\All Users
15:53:28.656 Scan finished successfully
15:53:38.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\REJO\Bureau\MBR.dat"
15:53:38.140 The log file has been saved successfully to "C:\Documents and Settings\REJO\Bureau\aswMBR.txt"

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
TuneUp Utilities 2008
Java™ 6 Update 26
Java™ 6 Update 6
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%


ensuite j'ai refais les checks précédents

et au final après reboot du pc toujours le même problème je désespère il n'y a donc aucune solution pour supprimer ce virus ???

Attached Files


Edited by nasdaq, 15 October 2012 - 08:35 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 15 October 2012 - 09:05 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


ava™ 6 Update 26
Java™ 6 Update 6
Java™ 6 Update 7

Remove also this old version of HijackThis 2.0.2


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\docume~1\REJO\LOCALS~1\Temp\STS3.tmp
C:\Documents and Settings\REJO\Bureau\ESET NOD32 Antivirus 3.0.669 Business Edition\NodLogin 9.6 For NOD32 32 & 64 bits\NodLogin_9.6_32Bits\setup.exe 
C:\Documents and Settings\REJO\Bureau\ESET NOD32 Antivirus 3.0.669 Business Edition\NodLogin 9.6 For NOD32 32 & 64 bits\NodLogin_9.6_64Bits\setup.exe 

Driver::
SetupNTGLM7X
d659b488-43fb-47a5-91b0-cb6288bb821f

Firefox::
FF - ProfilePath - c:\documents and settings\REJO\Application Data\Mozilla\Firefox\Profiles\ne373vh1.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=19d4q1THsB2&search=

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

If the problem persist let me know the exact error message and the program that reports it.

#14 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 15 October 2012 - 05:06 PM

ok merci je ne sais pas encore je pourrai regarder ne ferme pas le post stp :)
à bientot

#15 mjul23

mjul23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 28 October 2012 - 12:22 PM

ComboFix 12-10-26.05 - REJO 28/10/2012 18:07:57.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1983.1287 [GMT 1:00]
Lancé depuis: c:\documents and settings\REJO\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\REJO\Bureau\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\REJO\LOCALS~1\Temp\STS3.tmp"
"c:\documents and settings\REJO\Bureau\ESET NOD32 Antivirus 3.0.669 Business Edition\NodLogin 9.6 For NOD32 32 & 64 bits\NodLogin_9.6_32Bits\setup.exe"
"c:\documents and settings\REJO\Bureau\ESET NOD32 Antivirus 3.0.669 Business Edition\NodLogin 9.6 For NOD32 32 & 64 bits\NodLogin_9.6_64Bits\setup.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SETUPNTGLM7X
-------\Service_d659b488-43fb-47a5-91b0-cb6288bb821f
-------\Service_SetupNTGLM7X
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-28 au 2012-10-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-10-28 16:51 . 2012-10-28 16:51 -------- d-----w- c:\documents and settings\REJO\Local Settings\Application Data\Sun
2012-10-28 16:51 . 2012-10-28 16:51 -------- d-----w- c:\program files\Fichiers communs\Java
2012-10-28 16:51 . 2012-10-28 16:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-28 16:51 . 2012-10-28 16:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 16:50 . 2012-10-28 16:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-14 14:34 . 2012-10-14 14:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-14 13:42 . 2012-10-14 13:42 -------- d-----w- c:\documents and settings\Administrateur
2012-10-06 20:29 . 2012-10-06 20:29 -------- d-----w- c:\documents and settings\REJO\Local Settings\Application Data\Apple Computer
2012-10-06 20:29 . 2012-10-07 13:05 -------- d-----w- c:\documents and settings\REJO\Application Data\Apple Computer
2012-10-06 20:29 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-06 20:28 . 2012-10-06 20:28 -------- d-----w- c:\program files\iPod
2012-10-06 20:28 . 2012-10-06 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-06 20:28 . 2012-10-06 20:29 -------- d-----w- c:\program files\iTunes
2012-10-06 20:28 . 2012-10-06 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-10-06 20:28 . 2012-10-06 20:28 -------- d-----w- c:\documents and settings\REJO\Local Settings\Application Data\Apple
2012-10-06 20:28 . 2012-10-06 20:28 -------- d-----w- c:\program files\Apple Software Update
2012-10-06 20:27 . 2012-10-06 20:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-10-06 20:27 . 2012-10-06 20:27 -------- d-----w- c:\program files\Bonjour
2012-10-06 20:27 . 2012-10-06 20:28 -------- d-----w- c:\program files\Fichiers communs\Apple
2012-10-06 20:27 . 2012-10-06 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 16:50 . 2011-07-03 17:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-14 14:34 . 2012-01-29 11:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:04 . 2004-08-05 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:04 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:04 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-05 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-05 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:49 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 09:13 . 2012-08-17 18:34 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-08-17 18:34 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-08-17 18:34 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-08-17 18:34 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-08-17 18:34 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-08-17 18:34 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-08-17 18:34 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-08-17 18:34 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-08-17 18:34 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-08-17 18:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-11 01:05 . 2012-10-14 14:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Serveur VNC pour Win32"="c:\program files\UltraVNC\winvnc.exe" [2006-07-17 364544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-22 273544]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-23 789008]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Freezer1.4\\freezer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42839:TCP"= 42839:TCP:Windows Core Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/08/2012 19:34 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/08/2012 19:34 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/08/2012 19:34 21256]
S2 gupdate1c98630528a6ac8;Google Update Service (gupdate1c98630528a6ac8);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 19:50 133104]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [23/02/2008 14:59 6016]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 19:50 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [14/10/2012 15:28 115168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-10-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-17 09:12]
.
2012-10-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 18:03]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:50]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:50]
.
2012-10-28 c:\windows\Tasks\IUQKHL.job
- c:\windows\system32\msiexec7.dll [2012-08-07 15:14]
.
2012-10-26 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:39]
.
2012-10-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1715567821-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-10-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1715567821-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-10-01 c:\windows\Tasks\ReclaimerResumeInstall_REJO.job
- c:\documents and settings\REJO\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 20:04]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\REJO\Application Data\Mozilla\Firefox\Profiles\ne373vh1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3408)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Heure de fin: 2012-10-28 18:20:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-10-28 17:20
ComboFix2.txt 2012-09-23 16:23
.
Avant-CF: 9 958 916 096 octets libres
Après-CF: 10 100 781 056 octets libres
.
- - End Of File - - 2C3FF98ECF58C48805C0A94930C0C50D




tjs le meme probleme ihavenet sur google je sais plus quoi faire avec ce truc tout pourri !!!!
merci




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users