Votre question

Virus Multiples

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Avril 2010 23:02:47

Bonjour,

j'essaye de venir à bout d'une série de virus attrapés cet après midi.
Malgré mes efforts je n'y arrive pas. Malwarebytes AntiVirus m'indique que c'est ok et quand je redémarre le PC et que je relance il retrouve les mêmes.
Autre phénomène étrange des fichiers 'mbam .exe' et 'mbam .exe' sont créés dans le répertoire malwarebyte.

Toute aide me serait précieuse

Merci d'avance

je joins le log (en mode sans echec) de rsit si cela peut être utile

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-04-06 22:53:43
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (25%) free of 38 GB
Total RAM: 1014 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:45, on 06/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\sj726u.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\sj726u.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp .exe"
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {6DAE4E21-F4C2-4537-A697-1C9482D32E06} (ActiveFormX Contrôle) - http://192.168.100.13:8089/open/portail/datas/ActiveXPo...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = simmons.loc
O17 - HKLM\Software\..\Telephony: DomainName = simmons.loc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = simmons.loc
O20 - AppInit_DLLs: app_dll.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\sj726u.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Portable Library - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Lab Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\WINDOWS\Pointdev\VNC\WinVNC.exe

--
End of file - 10073 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9BA40A1-74F1-52BD-F431-00B15A2C8953}]
C:\WINDOWS\system32\sj726u.dll - C:\WINDOWS\system32\sj726u.dll [2010-04-06 20000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2010-04-06 37376]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2010-04-06 37376]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2010-04-06 37376]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2010-04-06 37376]
"Alcmtr"=C:\WINDOWS\system32\ALCMTR.EXE [2010-04-06 37376]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2010-04-06 37376]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2010-04-06 37376]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2010-04-06 37376]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2010-04-06 37376]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2010-04-06 37376]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2010-04-06 37376]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-04-06 37376]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2010-04-06 37376]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2010-04-06 37376]
"VAIO Update 3"=C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2010-04-06 37376]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2010-04-06 37376]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2010-04-06 37376]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2010-04-06 37376]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2010-04-06 37376]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-04-06 37376]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"AVP"=c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp .exe [2010-04-06 37376]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2010-04-06 37376]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2010-04-06 37376]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
VPN Client.lnk - C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="app_dll.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-13 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
avldr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-09-22 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\sj726u.dll [2010-04-06 20000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe"="C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Support Tools\dhcploc.exe"="C:\Program Files\Support Tools\dhcploc.exe:*:Enabled:D etects rogue DHCP server"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe"="C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"G:\setup\HPZnet01.exe"="G:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"G:\setup\hppapd.exe"="G:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"G:\setup\hpntwkexe.exe"="G:\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\Program Files\IBM\Client Access\cwbunnav.exe"="C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe"
"C:\Program Files\RealVNC\WinVNC\winvnc.exe"="C:\Program Files\RealVNC\WinVNC\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Program Files\Panda Software\AVTC\WebProxy.exe"="C:\Program Files\Panda Software\AVTC\WebProxy.exe:*:Enabled:Internet resident proxy"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.6.0_03\bin\java.exe"="C:\Program Files\Java\jre1.6.0_03\bin\java.exe:*:Enabled:java.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Support Tools\dhcploc.exe"="C:\Program Files\Support Tools\dhcploc.exe:*:Enabled:D etects rogue DHCP server"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\RealVNC\vncviewer.exe"="C:\Program Files\RealVNC\vncviewer.exe:*:Enabled:vncviewer"
"C:\Documents and Settings\ekiennemann\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\ekiennemann\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-04-06 19:40:48 ----D---- C:\rsit
2010-04-06 18:35:37 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2010-04-06 18:20:51 ----D---- C:\Documents and Settings\All Users\Application Data\avG
2010-04-06 18:20:21 ----A---- C:\WINDOWS\vaioupdt .INI
2010-04-06 17:35:09 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2010-04-06 17:32:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-06 17:01:47 ----A---- C:\WINDOWS\system32\alcmtr.exe
2010-04-06 17:01:47 ----A---- C:\WINDOWS\system32\alcmtr .exe
2010-04-06 17:01:06 ----A---- C:\WINDOWS\Mhizua.exe
2010-04-06 17:00:56 ----A---- C:\WINDOWS\system32\wuaucldt .exe
2010-04-06 17:00:49 ----A---- C:\WINDOWS\system32\sj726u.dll
2010-03-19 18:17:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-19 18:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-18 19:48:41 ----N---- C:\WINDOWS\system32\browserchoice.exe

======List of files/folders modified in the last 1 months======

2010-04-06 22:16:07 ----D---- C:\Program Files\Internet Explorer
2010-04-06 22:15:46 ----D---- C:\WINDOWS\system32
2010-04-06 22:15:46 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-04-06 22:15:45 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-04-06 22:15:43 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-04-06 22:15:42 ----D---- C:\Program Files\Apoint2K
2010-04-06 22:14:49 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-04-06 22:14:44 ----RD---- C:\Program Files
2010-04-06 21:27:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-06 21:26:52 ----D---- C:\WINDOWS\Temp
2010-04-06 20:40:17 ----D---- C:\WINDOWS
2010-04-06 20:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2010-04-06 20:39:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-06 20:26:24 ----SD---- C:\WINDOWS\Tasks
2010-04-06 20:26:01 ----D---- C:\Program Files\Microsoft ActiveSync
2010-04-06 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-04-06 19:01:40 ----RD---- C:\WINDOWS\Web
2010-04-06 18:47:57 ----A---- C:\WINDOWS\system32\ico.exe
2010-04-06 18:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB307154$
2010-04-06 18:36:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-06 18:25:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-06 18:23:48 ----D---- C:\Program Files\Mozilla Firefox
2010-04-06 18:20:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-06 18:20:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-06 18:02:46 ----RASH---- C:\boot.ini
2010-04-06 18:02:46 ----A---- C:\WINDOWS\win.ini
2010-04-06 18:02:46 ----A---- C:\WINDOWS\system.ini
2010-04-06 18:02:45 ----D---- C:\WINDOWS\pss
2010-04-06 17:24:04 ----SHD---- C:\System Volume Information
2010-04-06 17:24:04 ----D---- C:\WINDOWS\system32\Restore
2010-04-06 17:17:32 ----D---- C:\WINDOWS\Prefetch
2010-04-06 17:13:42 ----D---- C:\Program Files\Adobe
2010-04-06 09:32:31 ----D---- C:\WINDOWS\security
2010-04-02 17:56:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-02 09:13:33 ----SHD---- C:\WINDOWS\CSC
2010-03-31 12:19:25 ----D---- C:\WINDOWS\Registration
2010-03-23 19:54:37 ----A---- C:\ASLog.txt
2010-03-22 16:14:38 ----SHD---- C:\WINDOWS\Installer
2010-03-22 16:13:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-22 16:12:54 ----HD---- C:\WINDOWS\inf
2010-03-22 16:11:50 ----D---- C:\WINDOWS\Help
2010-03-22 15:32:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-22 08:55:30 ----D---- C:\WINDOWS\system32\wbem
2010-03-19 18:17:10 ----D---- C:\Program Files\Movie Maker
2010-03-19 18:16:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-19 18:13:34 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2006-04-06 110976]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-02-26 1428480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-01-04 243712]
S1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
S1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-12-14 223760]
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-20 21275]
S2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
S2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-02-28 13568]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-13 1581568]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-03-21 8064]
S3 GTUHSBUS;GT UHS BUS; C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys [2009-02-17 59648]
S3 GTUHSNDISIPXP;GT UHS IP NDIS; C:\WINDOWS\system32\DRIVERS\gtuhs51.sys [2009-02-17 105984]
S3 GTUHSSER;GT UHS SER; C:\WINDOWS\system32\DRIVERS\gtuhsser.sys [2009-02-17 8064]
S3 GTUQBUS;GT UQ BUS; C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-03-21 36992]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-17 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface; C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2006-10-17 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface; C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2006-10-17 65152]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
S3 IO;IO; \??\A:\IO.SYS []
S3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 SiDocFil;Silicon Image 3112 Docking Station Filter; C:\WINDOWS\system32\DRIVERS\SiDocFil.sys [2006-05-16 4224]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 29184]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-02-22 28800]
S3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2006-06-26 268800]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-13 409600]
S2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-04-06 37376]
S2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-28 114753]
S2 klnagent;Kaspersky Lab Network Agent; C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2009-09-18 138792]
S2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-12-19 286720]
S2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-28 217164]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-28 540745]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-04-13 176128]
S2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-03-10 9216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Cwbrxd;Fonction Commande à distance d'iSeries Access for Windows; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2008-10-24 145248]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server; C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2007-10-05 57344]
S3 winvnc;VNC Server; C:\WINDOWS\Pointdev\VNC\WinVNC.exe [2007-05-12 688128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Autres pages sur : virus multiples

a c 295 8 Sécurité
6 Avril 2010 23:55:47

Bonjour,

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    7 Avril 2010 00:24:51

    Bonjour,

    Je joins le fichier combofix.txt

    Je n'ai pas vraiment réussi à désactiver Keaspersky. Je peux essayer de le desinstaller si nécessaire mais pour cela il faut que je quitte le mode sans echec.

    voici le log :

    ComboFix 10-04-05.06 - Administrateur 07/04/2010 0:11.1.2 - x86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.729 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\ekiennemann\Local Settings\Temporary Internet Files\BchJx.jpg
    c:\documents and settings\ekiennemann\Local Settings\Temporary Internet Files\cK4CW6.jpg
    c:\documents and settings\ekiennemann\Local Settings\Temporary Internet Files\ly4nJ.jpg
    c:\documents and settings\ekiennemann\Local Settings\Temporary Internet Files\XGc8RBf5.jpg
    c:\program files\Adobe\acrotray .exe
    c:\recycler\S-1-5-21-2324820236-1820028288-1884619808-500
    c:\windows\system32\ctfmon .exe
    c:\windows\system32\hkcmd .exe
    c:\windows\system32\ico .exe
    c:\windows\system32\igfxpers .exe
    c:\windows\system32\igfxtray .exe
    c:\windows\system32\mobsync .exe
    c:\windows\system32\sj726u.dll
    c:\windows\vaioupdt .INI

    c:\windows\system32\drivers\cdrom.sys était absent
    Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\cdrom.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IO
    -------\Legacy_MSUPDATE
    -------\Legacy_SSHNAS
    -------\Service_IO


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-06 au 2010-04-06 ))))))))))))))))))))))))))))))))))))
    .

    2010-04-06 17:40 . 2010-04-06 17:40 -------- d-----w- C:\rsit
    2010-04-06 16:22 . 2010-04-06 16:22 196608 --sha-w- c:\documents and settings\ekiennemann\Local Settings\Application Data\2750956343.dll
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\ekiennemann\Local Settings\Application Data\avG
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
    2010-04-06 15:35 . 2010-04-06 15:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-04-06 15:05 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-04-06 15:01 . 2010-04-06 15:00 174592 ----a-w- c:\windows\Mhizua.exe
    2010-03-22 13:36 . 2010-03-07 12:49 3862528 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-03-22 13:36 . 2010-01-25 10:58 462848 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-03-22 13:36 . 2010-01-15 13:26 70984 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-03-22 13:36 . 2010-01-15 13:25 864256 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-03-22 13:36 . 2010-01-15 13:25 315392 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-03-22 13:36 . 2010-01-15 13:25 372736 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-03-18 17:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-18 08:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-06 22:07 . 2009-12-14 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-04-06 20:15 . 2006-07-20 01:38 37376 ----a-w- c:\windows\system32\igfxpers.exe
    2010-04-06 20:15 . 2006-07-20 10:46 -------- d-----w- c:\program files\Apoint2K
    2010-04-06 18:26 . 2007-03-28 18:54 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-04-06 16:36 . 2008-10-30 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-06 16:31 . 2008-12-09 08:52 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 16:20 . 2010-04-06 16:20 8 ----a-w- c:\documents and settings\LocalService\Application Data\jvmoxh.dat
    2010-04-06 15:06 . 2010-04-06 15:06 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jvmoxh.dat
    2010-04-06 08:21 . 2007-12-28 08:11 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FileZilla
    2010-04-02 15:56 . 2006-07-20 01:37 85842 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-02 15:56 . 2006-07-20 01:37 513736 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-29 22:46 . 2008-10-30 09:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45 . 2008-10-30 09:26 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-23 16:42 . 2008-09-30 13:53 720896 ----a-w- c:\documents and settings\ekiennemann\Application Data\Bodet_Client\bodetDeploy.exe
    2010-02-24 14:21 . 2007-03-21 13:44 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\OpenOffice.org2
    2010-02-18 14:21 . 2010-02-18 14:21 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FLEXnet
    2010-02-12 15:33 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2010-02-12 15:24 . 2007-12-17 14:53 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\Vodafone
    2010-02-12 15:15 . 2010-02-12 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\program files\Vodafone
    2010-01-25 10:58 . 2007-08-06 09:07 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
    .
    1. <pre>
    2. c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray .exe
    3. c:\program files\Apoint2K\apoint .exe
    4. c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    5. c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    6. c:\program files\HP\HP Software Update\hpwuschd2 .exe
    7. c:\program files\IBM\Client Access\cwbckver .exe
    8. c:\program files\IBM\Client Access\cwbinhlp .exe
    9. c:\program files\IBM\Client Access\cwbsvstr .exe
    10. c:\program files\IBM\Client Access\cwbwlwiz .exe
    11. c:\program files\Intel\Wireless\Bin\eouwiz .exe
    12. c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
    13. c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
    14. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\alcmtr .exe
    15. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    16. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    17. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    18. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    19. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ico .exe
    20. c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    21. c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    22. c:\program files\Microsoft ActiveSync\wcescomm .exe
    23. c:\program files\Microsoft ActiveSync\wcescomm .exe
    24. c:\program files\Realtek\InstallShield\azmixersel .exe
    25. c:\program files\Sony\ISB Utility\isbmgr .exe
    26. c:\program files\Sony\VAIO Camera Utility\vcuserve .exe
    27. c:\program files\Sony\VAIO Power Management\spmgr .exe
    28. c:\program files\Sony\VAIO Update 3\vaioupdt .exe
    29. c:\program files\Sony\Wireless Switch Setting Utility\switcher .exe
    30. c:\program files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect .exe
    31. c:\windows\pchealth\helpctr\binaries\msconfig .exe
    32. </pre>


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
    "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-04-06 37376]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\ekiennemann\Menu D‚marrer\Programmes\D‚marrage\
    wwwwpt32.exe [2008-4-14 12800]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
    VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2010-2-2 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2010-04-06 15:57 37376 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
    "c:\\Program Files\\Support Tools\\dhcploc.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15000:UDP"= 15000:UDP:Kaspersky Administration Kit
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/07/2006 03:38 36352]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 15:42 32272]
    S2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [18/09/2009 18:03 138792]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [10/03/2009 17:21 9216]
    S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [12/02/2010 17:26 59648]
    S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [12/02/2010 17:26 105984]
    S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [12/02/2010 17:26 8064]
    S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [17/12/2007 16:54 36992]
    S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [01/06/2007 14:33 65152]
    S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [01/06/2007 14:33 65152]
    S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [01/06/2007 14:33 65152]
    S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [03/09/2009 17:24 24848]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
    S3 SiDocFil;Silicon Image 3112 Docking Station Filter;c:\windows\system32\drivers\sidocfil.sys [20/07/2006 03:38 4224]
    S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [05/10/2007 05:41 57344]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [20/07/2006 03:38 29184]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [20/07/2006 03:38 226304]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    DPF: {6DAE4E21-F4C2-4537-A697-1C9482D32E06} - hxxp://192.168.100.13:8089/open/portail/datas/ActiveXPortail.ocx
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{A9BA40A1-74F1-52BD-F431-00B15A2C8953} - c:\windows\system32\sj726u.dll
    SharedTaskScheduler-{A9BA40A1-74F1-52BD-F431-00B15A2C8953} - c:\windows\system32\sj726u.dll
    Notify-avldr - avldr.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 00:16
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1988)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'explorer.exe'(772)
    c:\windows\system32\eappprxy.dll
    .
    Heure de fin: 2010-04-07 00:20:21 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-04-06 22:20

    Avant-CF: 10 026 893 312 octets libres
    Après-CF: 10 875 908 096 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    - - End Of File - - 01BEBAF8D662F570971BA417A409C671
    Contenus similaires
    a c 295 8 Sécurité
    7 Avril 2010 01:15:18

    /!\ Seul eric67@IDN peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    RenV::
    c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray .exe
    c:\program files\Apoint2K\apoint .exe
    c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    c:\program files\HP\HP Software Update\hpwuschd2 .exe
    c:\program files\IBM\Client Access\cwbckver .exe
    c:\program files\IBM\Client Access\cwbinhlp .exe
    c:\program files\IBM\Client Access\cwbsvstr .exe
    c:\program files\IBM\Client Access\cwbwlwiz .exe
    c:\program files\Intel\Wireless\Bin\eouwiz .exe
    c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
    c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\alcmtr .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ico .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\Microsoft ActiveSync\wcescomm .exe
    c:\program files\Microsoft ActiveSync\wcescomm .exe
    c:\program files\Realtek\InstallShield\azmixersel .exe
    c:\program files\Sony\ISB Utility\isbmgr .exe
    c:\program files\Sony\VAIO Camera Utility\vcuserve .exe
    c:\program files\Sony\VAIO Power Management\spmgr .exe
    c:\program files\Sony\VAIO Update 3\vaioupdt .exe
    c:\program files\Sony\Wireless Switch Setting Utility\switcher .exe
    c:\program files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect .exe
    c:\windows\pchealth\helpctr\binaries\msconfig .exe

    File::
    c:\documents and settings\ekiennemann\Menu Démarrer\Programmes\Démarrage\wwwwpt32.exe
    c:\documents and settings\LocalService\Application Data\jvmoxh.dat
    c:\windows\system32\config\systemprofile\Application Data\jvmoxh.dat
    c:\windows\Mhizua.exe
    c:\documents and settings\ekiennemann\Local Settings\Application Data\2750956343.dll

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    7 Avril 2010 08:36:51

    Bonjour,

    Me voici de retour avec le log ci-dessous.

    Pour info combofix réalise un reboot du PC pendant la procédure. Je me remets en mode sans echec avec reseau après le reboot. Est ce Ok ?


    ComboFix 10-04-06.01 - Administrateur 07/04/2010 8:17.2.2 - x86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.706 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    FILE ::
    "c:\documents and settings\ekiennemann\Local Settings\Application Data\2750956343.dll"
    "c:\documents and settings\ekiennemann\Menu Démarrer\Programmes\Démarrage\wwwwpt32.exe"
    "c:\documents and settings\LocalService\Application Data\jvmoxh.dat"
    "c:\windows\Mhizua.exe"
    "c:\windows\system32\config\systemprofile\Application Data\jvmoxh.dat"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\ekiennemann\Local Settings\Application Data\2750956343.dll
    c:\documents and settings\ekiennemann\Menu Démarrer\Programmes\Démarrage\wwwwpt32.exe
    c:\documents and settings\LocalService\Application Data\jvmoxh.dat
    c:\windows\Mhizua.exe
    c:\windows\system32\config\systemprofile\Application Data\jvmoxh.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
    .

    2010-04-06 22:14 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-04-06 17:40 . 2010-04-06 17:40 -------- d-----w- C:\rsit
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\ekiennemann\Local Settings\Application Data\avG
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
    2010-04-06 15:35 . 2010-04-06 15:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-04-06 15:05 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-03-22 13:36 . 2010-03-07 12:49 3862528 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-03-22 13:36 . 2010-01-25 10:58 462848 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-03-22 13:36 . 2010-01-15 13:26 70984 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-03-22 13:36 . 2010-01-15 13:25 864256 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-03-22 13:36 . 2010-01-15 13:25 315392 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-03-22 13:36 . 2010-01-15 13:25 372736 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-03-18 17:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-18 08:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-07 06:17 . 2008-10-30 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-07 06:17 . 2007-03-28 18:54 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-04-07 06:17 . 2006-07-20 10:46 -------- d-----w- c:\program files\Apoint2K
    2010-04-06 22:07 . 2009-12-14 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-04-06 20:15 . 2006-07-20 01:38 37376 ----a-w- c:\windows\system32\igfxpers.exe
    2010-04-06 16:31 . 2008-12-09 08:52 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 08:21 . 2007-12-28 08:11 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FileZilla
    2010-04-02 15:56 . 2006-07-20 01:37 85842 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-02 15:56 . 2006-07-20 01:37 513736 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-29 22:46 . 2008-10-30 09:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45 . 2008-10-30 09:26 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-23 16:42 . 2008-09-30 13:53 720896 ----a-w- c:\documents and settings\ekiennemann\Application Data\Bodet_Client\bodetDeploy.exe
    2010-02-24 14:21 . 2007-03-21 13:44 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\OpenOffice.org2
    2010-02-18 14:21 . 2010-02-18 14:21 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FLEXnet
    2010-02-12 15:33 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2010-02-12 15:24 . 2007-12-17 14:53 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\Vodafone
    2010-02-12 15:15 . 2010-02-12 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\program files\Vodafone
    2010-01-25 10:58 . 2007-08-06 09:07 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
    .
    1. <pre>
    2. c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    3. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    4. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    5. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    6. c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    7. c:\program files\Microsoft ActiveSync\wcescomm .exe
    8. </pre>


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
    "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-03-10 2316288]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-06 37376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
    VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2010-2-2 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2005-03-03 19:47 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
    "c:\\Program Files\\Support Tools\\dhcploc.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15000:UDP"= 15000:UDP:Kaspersky Administration Kit
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/07/2006 03:38 36352]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 15:42 32272]
    S2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [18/09/2009 18:03 138792]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [10/03/2009 17:21 9216]
    S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [12/02/2010 17:26 59648]
    S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [12/02/2010 17:26 105984]
    S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [12/02/2010 17:26 8064]
    S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [17/12/2007 16:54 36992]
    S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [01/06/2007 14:33 65152]
    S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [01/06/2007 14:33 65152]
    S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [01/06/2007 14:33 65152]
    S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [03/09/2009 17:24 24848]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
    S3 SiDocFil;Silicon Image 3112 Docking Station Filter;c:\windows\system32\drivers\sidocfil.sys [20/07/2006 03:38 4224]
    S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [05/10/2007 05:41 57344]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [20/07/2006 03:38 29184]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [20/07/2006 03:38 226304]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - MDMXSDK
    *NewlyCreated* - PXHELP20

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    DPF: {6DAE4E21-F4C2-4537-A697-1C9482D32E06} - hxxp://192.168.100.13:8089/open/portail/datas/ActiveXPortail.ocx
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 08:26
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1984)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'explorer.exe'(1524)
    c:\windows\system32\eappprxy.dll
    .
    Heure de fin: 2010-04-07 08:30:31 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-04-07 06:30
    ComboFix2.txt 2010-04-06 22:20

    Avant-CF: 10 877 460 480 octets libres
    Après-CF: 10 848 956 416 octets libres

    - - End Of File - - 5B52DDBFFB5EBCFD68EAA62C8DE0E7B8
    a c 295 8 Sécurité
    7 Avril 2010 09:02:30

    Pourquoi tu te mets en mode sans échec ?

    Ta version de Kaspersky me paraît assez vieille.
    7 Avril 2010 09:07:33

    Le mode sans echec, c'est un réflexe associé à Virus, mais il n'y a peut etre aucun raison valable. Je vais suivre tes conseils.

    Pour moi j'ai une version récente de Kaspersky.

    Dois je relancer combofix en mode normal ?

    a c 295 8 Sécurité
    7 Avril 2010 09:21:26

    Citation :
    Pour moi j'ai une version récente de Kaspersky.

    --> C'est la version 6, on en est à la version 9 (2010) actuellement.

    /!\ Seul eric67@IDN peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    RenV::
    c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\Microsoft ActiveSync\wcescomm .exe

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    7 Avril 2010 10:02:10

    Je suis repassé en mode normal après le rebbot de combofix. Je joins le log.

    A priori il y a toujours des problèmes car :
    * windows a lancé un programme de "debogage juste a temps"
    * a ouvert un site internet pendant que j'ecrivais cette reponse

    Merci pour le temps deja passe a m'aider

    ComboFix 10-04-06.01 - Administrateur 07/04/2010 9:25.3.2 - x86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.760 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
    .

    2010-04-06 22:14 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-04-06 17:40 . 2010-04-06 17:40 -------- d-----w- C:\rsit
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\ekiennemann\Local Settings\Application Data\avG
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
    2010-04-06 15:35 . 2010-04-06 15:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-04-06 15:05 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-03-22 13:36 . 2010-03-07 12:49 3862528 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-03-22 13:36 . 2010-01-25 10:58 462848 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-03-22 13:36 . 2010-01-15 13:26 70984 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-03-22 13:36 . 2010-01-15 13:25 864256 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-03-22 13:36 . 2010-01-15 13:25 315392 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-03-22 13:36 . 2010-01-15 13:25 372736 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-03-18 17:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-18 08:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-07 06:17 . 2008-10-30 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-07 06:17 . 2007-03-28 18:54 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-04-07 06:17 . 2006-07-20 10:46 -------- d-----w- c:\program files\Apoint2K
    2010-04-06 22:07 . 2009-12-14 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-04-06 20:15 . 2006-07-20 01:38 37376 ----a-w- c:\windows\system32\igfxpers.exe
    2010-04-06 16:31 . 2008-12-09 08:52 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 08:21 . 2007-12-28 08:11 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FileZilla
    2010-04-02 15:56 . 2006-07-20 01:37 85842 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-02 15:56 . 2006-07-20 01:37 513736 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-29 22:46 . 2008-10-30 09:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45 . 2008-10-30 09:26 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-23 16:42 . 2008-09-30 13:53 720896 ----a-w- c:\documents and settings\ekiennemann\Application Data\Bodet_Client\bodetDeploy.exe
    2010-02-24 14:21 . 2007-03-21 13:44 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\OpenOffice.org2
    2010-02-18 14:21 . 2010-02-18 14:21 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FLEXnet
    2010-02-12 15:33 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2010-02-12 15:24 . 2007-12-17 14:53 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\Vodafone
    2010-02-12 15:15 . 2010-02-12 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\program files\Vodafone
    2010-01-25 10:58 . 2007-08-06 09:07 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
    .
    1. <pre>
    2. c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    3. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    4. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    5. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    6. c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    7. c:\program files\Microsoft ActiveSync\wcescomm .exe
    8. c:\program files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect .exe
    9. c:\windows\system32\mobsync .exe
    10. </pre>


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
    "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-04-07 37376]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-06 37376]
    "Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-04-07 37376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
    VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2010-2-2 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2005-03-03 19:47 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
    "c:\\Program Files\\Support Tools\\dhcploc.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15000:UDP"= 15000:UDP:Kaspersky Administration Kit
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [18/09/2009 18:03 138792]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [10/03/2009 17:21 9216]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/07/2006 03:38 36352]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [03/09/2009 17:24 24848]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 15:42 32272]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [20/07/2006 03:38 29184]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [20/07/2006 03:38 226304]
    S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [12/02/2010 17:26 59648]
    S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [12/02/2010 17:26 105984]
    S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [12/02/2010 17:26 8064]
    S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [17/12/2007 16:54 36992]
    S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [01/06/2007 14:33 65152]
    S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [01/06/2007 14:33 65152]
    S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [01/06/2007 14:33 65152]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
    S3 SiDocFil;Silicon Image 3112 Docking Station Filter;c:\windows\system32\drivers\sidocfil.sys [20/07/2006 03:38 4224]
    S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [05/10/2007 05:41 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    gfdyrqta
    .
    Contenu du dossier 'Tâches planifiées'

    2010-04-07 c:\windows\Tasks\At1.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At10.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At11.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At12.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At13.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At14.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At15.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At16.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At17.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At18.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At19.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At2.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At20.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At21.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At22.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At23.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At24.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At3.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At4.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At5.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At6.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At7.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At8.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]

    2010-04-07 c:\windows\Tasks\At9.job
    - c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 07:35]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    DPF: {6DAE4E21-F4C2-4537-A697-1C9482D32E06} - hxxp://192.168.100.13:8089/open/portail/datas/ActiveXPortail.ocx
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 09:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A98AC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7532f28
    \Driver\ACPI -> ACPI.sys @ 0xf7394cb8
    \Driver\atapi -> atapi.sys @ 0xf732e852
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: -> SendCompleteHandler -> 0x0
    PacketIndicateHandler -> 0x0
    SendHandler -> 0x0
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(328)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\VESWinlogon.dll
    c:\windows\system32\lqncmsg.dll
    c:\windows\system32\MSVCP60.dll

    - - - - - - - > 'explorer.exe'(2452)
    c:\windows\system32\lqncmsg.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\LEXBCES.EXE
    c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-04-07 09:39:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-04-07 07:39
    ComboFix2.txt 2010-04-07 06:30
    ComboFix3.txt 2010-04-06 22:20

    Avant-CF: 10 849 984 512 octets libres
    Après-CF: 9 822 027 776 octets libres

    - - End Of File - - E2AF2FD47CC0CD79A2B785DC89E0B9A1
    a c 295 8 Sécurité
    7 Avril 2010 10:05:51

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    7 Avril 2010 10:52:40

    j'ai lancé MBAM une première fois (20 détections) puis il m'a demandé de rebboter pour qu'il puisse terminer. J'ai relancé (6 détections)

    Je joins les deux logs dans l'ordre. Je vais essayer en parallèle de relancer encore une fois

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3962

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    07/04/2010 10:31:29
    mbam-log-2010-04-07 (10-31-29).txt

    Scan type: Quick scan
    Objects scanned: 133496
    Time elapsed: 7 minute(s), 8 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 2
    Registry Data Items Infected: 3
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    C:\program files\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b720219-bf3f-46c0-bfbc-a7b66c81b75e} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{2b720219-bf3f-46c0-bfbc-a7b66c81b75e} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

    Files Infected:
    c:\WINDOWS\system32\lqncmsg.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\program files\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.


    Second lancement :

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3962

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    07/04/2010 10:31:29
    mbam-log-2010-04-07 (10-31-29).txt

    Scan type: Quick scan
    Objects scanned: 133496
    Time elapsed: 7 minute(s), 8 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 2
    Registry Data Items Infected: 3
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    C:\program files\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b720219-bf3f-46c0-bfbc-a7b66c81b75e} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{2b720219-bf3f-46c0-bfbc-a7b66c81b75e} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

    Files Infected:
    c:\WINDOWS\system32\lqncmsg.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\program files\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
    7 Avril 2010 11:18:35

    Au troisième lancement de MBAM il n'y a plus de problème détecté

    Y a t il autre chose à contrôler ?

    a c 295 8 Sécurité
    7 Avril 2010 11:34:40

    Tu peux refaire un scan ComboFix ?
    7 Avril 2010 12:17:33

    Voici le resultat de combofix

    ComboFix 10-04-06.03 - Administrateur 07/04/2010 11:53:58.4.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.528 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ctfmon .exe
    c:\windows\system32\mobsync .exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
    .

    2010-04-07 07:34 . 2010-04-07 07:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Vodafone
    2010-04-06 22:14 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-04-06 17:40 . 2010-04-06 17:40 -------- d-----w- C:\rsit
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\ekiennemann\Local Settings\Application Data\avG
    2010-04-06 16:20 . 2010-04-06 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
    2010-04-06 15:35 . 2010-04-06 15:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-04-06 15:05 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-04-06 15:05 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-03-22 13:36 . 2010-03-07 12:49 3862528 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-03-22 13:36 . 2010-01-25 10:58 462848 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-03-22 13:36 . 2010-01-15 13:26 70984 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-03-22 13:36 . 2010-01-15 13:25 864256 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-03-22 13:36 . 2010-01-15 13:25 315392 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-03-22 13:36 . 2010-01-15 13:25 372736 ----a-w- c:\documents and settings\ekiennemann\Application Data\Mozilla\Firefox\Profiles\6jjvi8h8.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-03-18 17:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-18 08:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-07 08:12 . 2006-07-20 10:46 -------- d-----w- c:\program files\Apoint2K
    2010-04-07 08:12 . 2008-10-30 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-07 08:10 . 2010-04-07 08:10 699904 ----a-w- c:\windows\isRS-000.tmp
    2010-04-07 06:17 . 2007-03-28 18:54 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-04-06 22:07 . 2009-12-14 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-04-06 20:15 . 2006-07-20 01:38 37376 ----a-w- c:\windows\system32\igfxpers.exe
    2010-04-06 16:31 . 2008-12-09 08:52 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 08:21 . 2007-12-28 08:11 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FileZilla
    2010-04-02 15:56 . 2006-07-20 01:37 85842 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-02 15:56 . 2006-07-20 01:37 513736 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-29 22:46 . 2008-10-30 09:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45 . 2008-10-30 09:26 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-23 16:42 . 2008-09-30 13:53 720896 ----a-w- c:\documents and settings\ekiennemann\Application Data\Bodet_Client\bodetDeploy.exe
    2010-02-24 14:21 . 2007-03-21 13:44 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\OpenOffice.org2
    2010-02-18 14:21 . 2010-02-18 14:21 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\FLEXnet
    2010-02-12 15:33 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2010-02-12 15:24 . 2007-12-17 14:53 -------- d-----w- c:\documents and settings\ekiennemann\Application Data\Vodafone
    2010-02-12 15:15 . 2010-02-12 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-02-12 15:14 . 2010-02-12 15:14 -------- d-----w- c:\program files\Vodafone
    2010-01-25 10:58 . 2007-08-06 09:07 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
    .
    1. <pre>
    2. c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm .exe
    3. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    4. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    5. c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp .exe
    6. c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    7. c:\program files\Microsoft ActiveSync\wcescomm .exe
    8. c:\program files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect .exe
    9. </pre>


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
    "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [N/A]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
    VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2010-2-2 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2005-03-03 19:47 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
    "c:\\Program Files\\Support Tools\\dhcploc.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15000:UDP"= 15000:UDP:Kaspersky Administration Kit
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [18/09/2009 18:03 138792]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [10/03/2009 17:21 9216]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/07/2006 03:38 36352]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [03/09/2009 17:24 24848]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 15:42 32272]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [20/07/2006 03:38 29184]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [20/07/2006 03:38 226304]
    S2 gfdyrqta;Serenum Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [20/07/2006 03:37 14336]
    S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [12/02/2010 17:26 59648]
    S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [12/02/2010 17:26 105984]
    S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [12/02/2010 17:26 8064]
    S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [17/12/2007 16:54 36992]
    S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [01/06/2007 14:33 65152]
    S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [01/06/2007 14:33 65152]
    S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [01/06/2007 14:33 65152]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
    S3 SiDocFil;Silicon Image 3112 Docking Station Filter;c:\windows\system32\drivers\sidocfil.sys [20/07/2006 03:38 4224]
    S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [05/10/2007 05:41 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    gfdyrqta
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    DPF: {6DAE4E21-F4C2-4537-A697-1C9482D32E06} - hxxp://192.168.100.13:8089/open/portail/datas/ActiveXPortail.ocx
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    ShellIconOverlayIdentifiers-{2B720219-BF3F-46C0-BFBC-A7B66C81B75E} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 12:03
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A82AC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7542f28
    \Driver\ACPI -> ACPI.sys @ 0xf7394cb8
    \Driver\atapi -> atapi.sys @ 0xf732e852
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: -> SendCompleteHandler -> 0x0
    PacketIndicateHandler -> 0x0
    SendHandler -> 0x0
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(316)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\VESWinlogon.dll
    .
    Heure de fin: 2010-04-07 12:08:13
    ComboFix-quarantined-files.txt 2010-04-07 10:08
    ComboFix2.txt 2010-04-07 07:39
    ComboFix3.txt 2010-04-07 06:30
    ComboFix4.txt 2010-04-06 22:20

    Avant-CF: 9 785 352 192 octets libres
    Après-CF: 9 778 212 864 octets libres

    - - End Of File - - 27BA821024B9A758EC8E1EB8ECBF7F46
    a c 295 8 Sécurité
    7 Avril 2010 13:37:55

  • Télécharge Dr.Web CureIt! sur ton Bureau.
  • Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
  • Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
  • Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
  • Choisis l'onglet Scanner, et décoche Analyse heuristique.
  • De retour à la fenêtre principale : choisis Analyse complète.
  • Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
  • Clique Oui pour Tout si un fichier est détecté.
  • A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
  • Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
  • Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
  • Ferme Dr.Web CureIt!
  • Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
  • Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

    NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.
    7 Avril 2010 16:10:24

    Le scan complet est en cours. J'ai l'impression que cela va prendre plusieurs heures.

    Dans le scan memoire il a trouve un BackDoor.Tdss.565

    Pendant le scan j'ai à nouveau la fenêtre "Débogage juste-à-temps" qui s'est ouverte et qui me demande de sélectionner un débogueur. Pour l'instant je la laisse ouverte sans repondre

    Voila pour les nouvelles ....
    a c 295 8 Sécurité
    7 Avril 2010 16:45:41

    Oui, ça peut prendre longtemps.
    8 Avril 2010 07:09:27

    bonjour,

    voici le rapport.

    J'ai l'impression qu'il y a encore des choses bizarres : j'ai voulu verifier que mon pare feu etait acit et windows refuse d'ouvrir le programme et j'ai toujours les programmes "avp .exe" dans le menu kaspersky

    Processus en mémoire: C:\WINDOWS\System32\svchost.exe:992;;BackDoor.Tdss.565;Eradiqué.;
    Vodafone Mobile Connect.msi/stream025\uidgenerator.dll;C:\Documents and Settings\ekiennemann\Local Settings\Application Data\{626B1BCE-14EC-447E-9EB5-B7DFCF519A02}\Vodafone Mobile Co;Trojan.Click.25800;;
    stream025;C:\Documents and Settings\ekiennemann\Local Settings\Application Data\{626B1BCE-14EC-447E-9EB5-B7DFCF519A02};L'archive contient des éléments infectés;;
    Vodafone Mobile Connect.msi;C:\Documents and Settings\ekiennemann\Local Settings\Application Data\{626B1BCE-14EC-447E-9EB5-B7DFCF519A02};L'archive contient des éléments infectés;Quarantaine.;
    vncviewer.exe;C:\Program Files\RealVNC;Program.RemoteAdmin;Quarantaine.;
    winvnc.exe;C:\Program Files\RealVNC\WinVNC;Program.RemoteAdmin.origin;Quarantaine.;
    wwwwpt32.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\ekiennemann\Menu Démarrer\Programmes\Démarrage;Trojan.Botnetlog.126;Supprimé.;
    sj726u.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DisableSR.5;Supprimé.;
    8 Avril 2010 07:44:24

    Apres le reboot, j'ai relance drweb pour la partie scan rapide et j'ai toujours le meme backdoor en memoire. Voici le resultat :
    Processus en mémoire: C:\WINDOWS\Explorer.EXE:840;;BackDoor.Tdss.565;Eradiqué.;

    quand je relance encore drweb (sans rebooter cette fois), il continue à trouver le même backdoor.tdss.565 mais cette fois ci dans c:\program files\internet explorer\iexplorer.exe:2468
    a c 295 8 Sécurité
    9 Avril 2010 19:51:48

  • Télécharge mbr.exe (de Gmer) sur ton Bureau.

  • Double-clique sur mbr.exe. Un rapport sera généré : mbr.log. Poste-le.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS