Votre question

Avast et Avira neutralises ! HELLLLLP!!!

Tags :
  • Avira
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Juin 2009 13:09:00

Bonjour,
Je vis a Bali, en Indonesie, le pays des copies ou les virus foisonnent... (att., 6 heures de decalage horaire).
Je m'occupe en ce moment de la maintenance d'un petit parc de pcs dont 3 sont en reseau. Apres les avoir nettoyes d'infections diverses et multiples, je les ai affubles d'avast et avira qui, juste a present, fonctionnent tres bien ensemble sans ralentissement notoire. Ils sont quotidiennement visites par des cles usb infestees (tous les micros du parcs ne sont pas encore traites) et les attaques sont systematiquement neutralisees, jusqu'a ce debut d'apres-midi semble-t-il :sweat: ... a moins que le probleme ne vienne d'ailleurs.
Bref, un des trois computers devient innaccessible aux deux autres et la protection residente des antivirus stoppe, sans possibilite de la remettre en route. Concernant avast, il me declare froidement : The AVVM subsystem detected a RPC error :whistle: . Que neni de la mise en route du service qui n'y est pour rien... meme punition : error 1053, the service did not respond to the start.
Pis, un deuxieme pc est atteint dans l'heure des memes symptomes! Lui par contre reste accessible par le reseau. je precise que les pcs sont relies entre eux par un routeur sur lequel est branche le modem adsl.
En desespoir de cause, j'ai installe ThreatFire sur le premier pc.
J'ai donc utilise Combofix et Hitjackthis (a toutes fins utiles, je precise que la validation de l'OS est assuree par Wocarson).
Voici les rapports.

ComboFix :

ComboFix 09-06-17.04 - ********** 06/18/2009 17:54.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.163 [GMT 8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kaspersky Anti-Hacker *enabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\WgaLogon(2).dll
c:\windows\system32\WgaLogon.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-17 04:51 . 2009-06-17 04:51 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-06-17 04:51 . 2009-06-17 04:51 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-06-17 03:52 . 2009-06-17 03:52 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-06-17 03:52 . 2009-06-17 03:52 -------- d-----w- c:\program files\Acronis
2009-06-17 03:51 . 2009-06-17 04:50 -------- d-----w- c:\program files\Common Files\Acronis
2009-06-15 05:10 . 2009-06-15 05:10 -------- d-----w- c:\program files\Winamp Toolbar
2009-06-15 05:10 . 2009-06-15 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-06-15 02:00 . 2009-06-15 02:00 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-06-15 02:00 . 2009-06-15 02:00 -------- d--h--w- c:\program files\CanonBJ
2009-06-15 01:02 . 2009-06-15 01:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-06-12 05:07 . 2009-06-17 09:17 -------- d-----w- C:\DataBaseTemporaryFiles
2009-06-12 05:06 . 2009-06-18 05:01 -------- d-----w- C:\Database
2009-06-12 01:02 . 2009-06-12 01:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 13:46 . 2009-06-11 13:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ACD Systems
2009-06-11 13:46 . 2009-06-11 13:46 -------- d-----w- c:\documents and settings\User\Application Data\ACD Systems
2009-06-11 13:43 . 2009-06-11 13:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2009-06-11 13:14 . 2009-06-11 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-11 13:14 . 2009-06-11 13:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 13:13 . 2008-03-15 22:56 78336 ----a-w- C:\RDShutdown.exe
2009-06-11 08:47 . 2009-06-14 04:25 -------- d-----w- c:\windows\system32\oodag
2009-06-11 08:35 . 2009-06-11 08:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\O&O
2009-06-11 08:34 . 2009-06-11 08:34 -------- d-----w- c:\program files\OO Software
2009-06-11 08:28 . 2009-06-18 09:58 -------- d-----w- c:\program files\SuperCopier2
2009-06-10 08:42 . 2009-06-10 08:42 -------- d-----w- c:\windows\system32\Lang
2009-06-10 08:40 . 2006-05-04 08:26 2808832 ----a-r- c:\windows\alcwzrd.exe
2009-06-10 08:40 . 2005-05-03 10:43 69632 ----a-r- c:\windows\Alcmtr.exe
2009-06-10 08:40 . 2007-07-05 08:08 16380416 ----a-r- c:\windows\RTHDCPL.exe
2009-06-10 08:40 . 2007-06-28 08:44 2165760 ----a-r- c:\windows\MicCal.exe
2009-06-10 08:40 . 2007-06-15 08:45 1826816 ----a-r- c:\windows\SkyTel.exe
2009-06-10 08:40 . 2009-06-10 08:40 -------- d-----w- c:\windows\system32\RTCOM
2009-06-10 08:40 . 2007-07-18 11:26 4547584 ----a-r- c:\windows\system32\drivers\RtkHDAud.sys
2009-06-10 08:40 . 2007-03-23 11:19 9715200 ----a-r- c:\windows\RTLCPL.exe
2009-06-10 08:40 . 2007-01-16 02:39 1191936 ----a-r- c:\windows\RtlUpd.exe
2009-06-10 08:40 . 2006-08-01 07:02 49152 ----a-r- c:\windows\system32\ChCfg.exe
2009-06-10 08:39 . 2009-06-10 08:39 -------- d-----w- c:\program files\Realtek
2009-06-10 08:39 . 2009-06-10 08:39 315392 ----a-w- c:\windows\HideWin.exe
2009-06-10 08:39 . 2007-01-12 08:54 520192 ----a-r- c:\windows\RtlExUpd.dll
2009-06-10 08:39 . 2009-06-10 08:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-10 07:44 . 2009-06-10 07:44 -------- d-----w- c:\program files\Bonjour
2009-06-10 07:28 . 2009-06-10 07:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-10 07:14 . 2009-04-30 21:22 12800 ----a-w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:14 . 2009-04-30 21:22 246272 ----a-w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 07:14 . 2009-04-30 21:22 1985024 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 07:14 . 2009-04-30 21:22 11064832 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 07:12 . 2009-04-15 14:51 585216 ----a-w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-10 07:11 . 2009-05-07 15:14 346112 ----a-w- c:\windows\system32\dllcache\localspl.dll
2009-06-10 05:52 . 2009-06-10 05:52 -------- d-----w- c:\program files\Common Files\Kaspersky Lab
2009-06-10 05:52 . 2009-06-10 05:52 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-10 05:52 . 2006-03-27 17:54 41472 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-06-10 05:52 . 2005-09-12 05:20 25264 ----a-w- c:\windows\system32\smrgdf.exe
2009-06-10 05:52 . 2006-12-20 09:48 1212416 ----a-w- c:\windows\system32\Incinerator.dll
2009-06-10 05:52 . 2009-06-10 05:52 -------- d-----w- c:\program files\iolo
2009-06-10 05:50 . 2009-06-10 05:50 -------- d-----w- c:\documents and settings\User\Application Data\iolo
2009-06-10 05:50 . 2009-06-10 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-10 05:49 . 2009-06-10 05:49 -------- d-----w- c:\program files\CCleaner
2009-06-10 05:42 . 2009-06-10 05:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-10 04:56 . 2009-06-10 04:56 -------- d-----w- c:\documents and settings\User\Application Data\Novosoft
2009-06-10 04:56 . 2009-06-10 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Novosoft
2009-06-10 04:56 . 2009-06-10 04:56 -------- d-----w- c:\program files\Novosoft
2009-06-08 05:03 . 2009-06-08 08:20 -------- d-----w- c:\program files\COREL
2009-06-08 05:02 . 2009-06-09 00:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-06 10:59 . 2009-06-11 08:17 -------- d-----w- c:\program files\Shutdown Command
2009-06-06 10:55 . 2009-06-06 10:55 -------- d-----w- c:\program files\Astonsoft
2009-06-06 10:22 . 2009-06-06 10:23 -------- d-----w- C:\Drivers installation
2009-06-06 10:09 . 2009-06-10 07:18 -------- d-----w- c:\windows\ie8updates
2009-06-06 10:09 . 2009-05-12 05:11 102912 ----a-w- c:\windows\system32\dllcache\iecompat.dll
2009-06-06 09:56 . 2008-12-03 17:25 120832 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\0b8bmsly.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-06 09:50 . 2009-03-18 09:51 -------- d-----w- c:\windows\system32\CatRoot2
2009-06-06 09:05 . 2009-06-06 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2009-06-06 08:24 . 2005-11-28 05:51 135168 ----a-r- c:\windows\system32\igfxres.dll
2009-06-06 08:22 . 2009-03-24 22:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-06-06 08:22 . 2009-06-06 08:22 -------- d-----w- c:\windows\OPTIONS
2009-06-06 08:22 . 2009-06-06 08:22 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-06-06 08:17 . 2009-06-06 08:17 -------- d-----w- c:\documents and settings\User\Application Data\Wocarson
2009-06-06 08:14 . 2008-04-13 14:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-06-06 08:10 . 2009-06-06 08:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-06 07:52 . 2009-06-06 07:52 -------- d-----w- c:\program files\Intel
2009-06-05 06:17 . 2009-06-05 06:17 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-05 05:59 . 2009-06-05 06:09 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ApplicationHistory
2009-06-05 05:50 . 2008-04-14 10:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-05 03:54 . 2006-11-06 05:00 198656 ----a-w- c:\windows\system32\CNMLM8O.DLL
2009-06-05 03:44 . 2009-06-15 02:01 -------- d-----w- c:\program files\Canon
2009-06-05 00:57 . 2009-06-05 00:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-05 00:56 . 2009-06-05 00:57 -------- d-----w- c:\windows\SHELLNEW
2009-06-05 00:40 . 2009-06-05 00:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-05 00:40 . 2009-06-05 06:18 -------- d-----w- c:\program files\Java
2009-06-05 00:35 . 2009-06-05 00:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-05 00:30 . 2009-06-05 00:30 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-05 00:28 . 2009-06-05 00:28 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-05 00:06 . 2009-06-05 00:06 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2009-06-05 00:06 . 2009-06-05 00:06 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2009-06-04 19:06 . 2009-06-04 19:06 -------- d-sh--w- c:\documents and settings\User\IETldCache
2009-06-04 10:18 . 2009-06-04 10:18 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-04 10:18 . 2009-06-04 10:18 -------- d-----w- c:\program files\MSBuild
2009-06-04 10:18 . 2009-06-04 10:18 -------- d-----w- c:\program files\Reference Assemblies
2009-06-04 10:17 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-04 10:17 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-06-04 10:17 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-04 10:17 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-06-04 10:17 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-04 10:17 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-06-04 10:17 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-04 10:08 . 2009-06-06 10:09 -------- dc-h--w- c:\windows\ie8
2009-06-04 09:51 . 2009-03-18 09:41 -------- d--h--w- c:\windows\$hf_mig$
2009-06-04 09:48 . 2009-06-04 09:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-04 09:09 . 2009-04-30 21:22 1207808 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-06-04 09:09 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-06-04 09:09 . 2009-03-02 23:12 1499136 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-06-04 09:09 . 2009-05-13 05:15 5936128 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-06-04 09:05 . 2009-02-03 19:59 56832 ----a-w- c:\windows\system32\dllcache\secur32.dll
2009-06-04 09:04 . 2009-03-21 14:06 989696 ----a-w- c:\windows\system32\dllcache\kernel32.dll
2009-06-04 09:04 . 2008-12-16 12:30 354304 ----a-w- c:\windows\system32\dllcache\winhttp.dll
2009-06-04 09:04 . 2008-06-12 14:23 91648 ----a-w- c:\windows\system32\dllcache\mtxoci.dll
2009-06-04 09:04 . 2008-06-12 14:23 161792 ----a-w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-06-04 09:04 . 2008-06-12 14:23 956928 ----a-w- c:\windows\system32\dllcache\msdtctm.dll
2009-06-04 09:04 . 2008-06-12 14:23 66560 ----a-w- c:\windows\system32\dllcache\mtxclu.dll
2009-06-04 09:04 . 2008-06-12 14:23 58880 ----a-w- c:\windows\system32\dllcache\msdtclog.dll
2009-06-04 09:03 . 2009-03-06 13:49 284160 ----a-w- c:\windows\system32\dllcache\pdh.dll
2009-06-04 09:03 . 2009-02-09 10:56 401408 ----a-w- c:\windows\system32\dllcache\rpcss.dll
2009-06-04 09:03 . 2009-02-06 10:36 35328 ----a-w- c:\windows\system32\dllcache\sc.exe
2009-06-04 09:03 . 2009-02-09 10:56 729088 ----a-w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-04 09:03 . 2009-02-09 10:56 473600 ----a-w- c:\windows\system32\dllcache\fastprox.dll
2009-06-04 09:03 . 2009-02-09 10:56 453120 ----a-w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-04 09:03 . 2009-02-06 11:06 110592 ----a-w- c:\windows\system32\dllcache\services.exe
2009-06-04 09:03 . 2009-02-06 10:15 227840 ----a-w- c:\windows\system32\dllcache\wmiprvse.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 04:55 . 2009-05-17 00:03 2776 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-18 04:55 . 2009-05-17 00:03 2776 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-15 05:11 . 2009-05-16 18:28 -------- d-----w- c:\program files\Winamp
2009-06-15 05:09 . 2009-05-16 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Winamp
2009-06-11 13:44 . 2009-05-16 18:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-11 13:44 . 2009-05-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-06-11 13:44 . 2009-05-16 18:31 -------- d-----w- c:\program files\ACD Systems
2009-06-11 00:40 . 2009-05-17 00:03 154680 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 07:44 . 2009-05-16 18:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-08 08:45 . 2009-05-16 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-06-05 00:56 . 2009-05-16 19:28 -------- d-----w- c:\program files\Microsoft.NET
2009-06-04 12:46 . 2009-05-16 17:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-03 19:43 . 2009-05-16 17:48 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-29 04:01 . 2009-03-18 07:51 46864 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-05-29 04:01 . 2009-03-18 07:51 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-05-29 04:01 . 2009-03-18 07:51 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-05-22 09:03 . 2009-05-17 01:36 -------- d-----w- c:\program files\eSPTPPn
2009-05-22 09:03 . 2009-05-17 01:36 -------- d-----w- c:\program files\eSPTPPhTahunan2003
2009-05-22 09:03 . 2009-05-17 01:36 -------- d-----w- c:\program files\eSPT PPN 1107
2009-05-19 02:45 . 2009-05-17 00:57 -------- d-----w- c:\program files\Yahoo!
2009-05-17 01:36 . 2009-05-17 01:35 -------- d-----w- c:\program files\eSPT PPh Masa
2009-05-17 01:30 . 2009-05-16 18:51 -------- d-----w- c:\program files\WinFlip
2009-05-17 00:57 . 2009-05-17 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-17 00:56 . 2009-05-17 00:56 0 ----a-w- c:\windows\nsreg.dat
2009-05-17 00:48 . 2009-05-17 00:48 -------- d-----w- c:\documents and settings\User\Application Data\Ahead
2009-05-17 00:47 . 2009-05-17 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-17 00:15 . 2009-05-17 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-17 00:15 . 2009-05-17 00:15 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-17 00:03 . 2009-05-17 00:03 -------- d-----w- c:\documents and settings\User\Application Data\Corel
2009-05-17 00:03 . 2009-05-17 00:03 8 --sha-r- c:\documents and settings\All Users\Application Data\AE4E6DB0D5.sys
2009-05-17 00:03 . 2009-05-17 00:03 8 --sha-r- c:\documents and settings\All Users\Application Data\AE4E6DB0D5.sys
2009-05-16 19:47 . 2009-05-16 19:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-16 19:41 . 2009-05-16 19:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-16 19:17 . 2009-05-16 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-16 18:56 . 2009-05-16 18:50 -------- d-----w- c:\program files\Thoosje Sidebar V2.3
2009-05-16 18:51 . 2009-05-16 18:51 -------- d-----w- c:\program files\VisualTaskTips
2009-05-16 18:51 . 2009-05-16 18:51 -------- d-----w- c:\program files\VistaDriveIcon
2009-05-16 18:51 . 2009-05-16 18:51 -------- d-----w- c:\program files\TrueTransparency
2009-05-16 18:50 . 2009-05-16 18:50 -------- d-----w- c:\program files\Styler
2009-05-16 18:50 . 2009-05-16 18:50 -------- d-----w- c:\program files\glass2k
2009-05-16 18:50 . 2009-05-16 18:50 -------- d-----w- c:\program files\Blaero Start Orb
2009-05-16 18:37 . 2009-05-16 18:37 -------- d-----w- c:\documents and settings\User\Application Data\TuneUp Software
2009-05-16 18:37 . 2009-05-16 18:37 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-16 18:37 . 2009-05-16 18:36 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-05-16 18:37 . 2009-05-16 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-16 18:34 . 2009-05-16 18:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-16 18:27 . 2009-05-16 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-16 17:51 . 2009-05-16 17:51 -------- d-----w- c:\program files\microsoft frontpage
2009-05-13 05:15 . 2009-06-10 07:14 915456 ----a-w- c:\windows\system32\SET4E.tmp
2009-05-13 05:15 . 2009-06-10 07:14 5936128 ----a-w- c:\windows\system32\SET50.tmp
2009-05-13 05:15 . 2008-10-15 23:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:14 . 2008-05-15 13:39 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 21:22 . 2009-06-10 07:14 1985024 ----a-w- c:\windows\system32\SET53.tmp
2009-04-30 21:22 . 2009-06-10 07:14 1207808 ----a-w- c:\windows\system32\SET4F.tmp
2009-04-30 21:22 . 2009-06-10 07:14 11064832 ----a-w- c:\windows\system32\SET54.tmp
2009-04-17 08:20 . 2008-10-31 13:52 1847808 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-06-10 07:12 585216 ----a-w- c:\windows\system32\SET4A.tmp
2009-04-15 14:51 . 2008-04-14 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-12-30 04:52 361600 5AE1C2695F6523AD98B948F2887D8C5E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-18_06.27.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-18 07:48 . 2009-02-05 21:06 51376 c:\windows\system32\drivers\aswTdi.sys
- 2009-06-06 10:59 . 2009-02-05 21:06 51376 c:\windows\system32\drivers\aswTdi.sys
+ 2009-03-18 07:48 . 2009-02-05 21:06 23152 c:\windows\system32\drivers\aswRdr.sys
- 2009-06-06 10:59 . 2009-02-05 21:06 23152 c:\windows\system32\drivers\aswRdr.sys
+ 2009-03-18 07:48 . 2009-02-05 21:08 94032 c:\windows\system32\drivers\aswmon2.sys
- 2009-06-06 10:59 . 2009-02-05 21:08 94032 c:\windows\system32\drivers\aswmon2.sys
- 2009-06-06 10:59 . 2009-02-05 21:08 93296 c:\windows\system32\drivers\aswmon.sys
+ 2009-03-18 07:48 . 2009-02-05 21:08 93296 c:\windows\system32\drivers\aswmon.sys
+ 2009-03-18 07:48 . 2009-02-05 21:07 20560 c:\windows\system32\drivers\aswFsBlk.sys
- 2009-06-06 10:59 . 2009-02-05 21:07 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-03-18 07:48 . 2009-02-05 21:05 26944 c:\windows\system32\drivers\aavmker4.sys
- 2009-06-06 10:59 . 2009-02-05 21:05 26944 c:\windows\system32\drivers\aavmker4.sys
+ 2009-03-18 07:48 . 2009-02-05 21:04 97480 c:\windows\system32\AvastSS.scr
- 2009-06-06 10:59 . 2009-02-05 21:04 97480 c:\windows\system32\AvastSS.scr
+ 2009-06-18 05:20 . 2009-03-18 06:32 3014 c:\windows\SoftwareDistribution\EventCache\{13C58B8D-D880-445E-884A-D55D44F5D630}.bin
- 2009-06-06 10:59 . 2009-02-05 21:07 114768 c:\windows\system32\drivers\aswSP.sys
+ 2009-03-18 07:48 . 2009-02-05 21:07 114768 c:\windows\system32\drivers\aswSP.sys
+ 2009-03-18 09:03 . 2008-05-01 14:38 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-03-18 09:42 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2009-03-18 09:42 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
- 2009-06-06 10:59 . 2009-02-05 21:11 1256296 c:\windows\system32\aswBoot.exe
+ 2009-03-18 07:47 . 2009-02-05 21:11 1256296 c:\windows\system32\aswBoot.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-05-29 259344]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-12-15 176128]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-07 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kaspersky Anti-Hacker.lnk - c:\program files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-7-19 2195583]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Novosoft\\Handy Backup\\BackupNetworkWorkstation.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\RDShutdown.exe"=
"c:\\Program Files\\Common Files\\Acronis\\Agent\\agent.exe"=
"c:\\Program Files\\Common Files\\Acronis\\TrueImage\\TrueImageService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4444:UDP"= 4444:UDP:Remote Shutdown

R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [5/11/2006 10:05 PM 28979]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [5/11/2006 10:06 PM 36534]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [6/17/2009 11:52 AM 134272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/18/2009 3:48 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/18/2009 3:48 PM 20560]
S2 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [1/18/2009 8:07 PM 517848]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/3/2009 2:19 AM 108289]
S2 NovosoftBackupNetworkWorkstation;Novosoft Backup Network Workstation;c:\program files\Novosoft\Handy Backup\BackupNetworkWorkstation.exe [10/31/2008 6:04 PM 300632]
S2 RDShutdown;RDShutdown Service;C:\RDShutdown.exe [6/11/2009 9:13 PM 78336]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 FHSTBPYB;FHSTBPYB;c:\docume~1\User\LOCALS~1\Temp\FHSTBPYB.exe --> c:\docume~1\User\LOCALS~1\Temp\FHSTBPYB.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07ca941-5271-11de-83ed-806d6172696f}]
\Shell\AutoRun\command - d:\hbcd\wintools\autorun.exe
\Shell\Option1\Command - d:\hbcd\wintools\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 18:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="81EE0539CA2172EF9056754320B1588D77C7DCB90BF02C8051A77F03C297BD7834B123D29C4A21244D2A0E2A94905AB5541257691ED253F9BC77876B4E6F277B4FCB0AB249DC393FF74DEAAC0EDC1D068188EA7C843CCEA406D9DEDA66293FEAC18EDD037092A618AC0DC5B4EB1AB1E5E98E07BEFA9C779AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B555FEBC9E127BECC74CE78A571E970806AD6A172C9899A9516BD087726C4B0E9B56022849C61A1A47346A83193FC50AAF29E72369E2307A28D0855400D90AF83C5F0985CC123DA84CE04FB03379BB6F7678F85493D50DC1CE37E702AC1B3569630A06F14E5D68F19EA6E9355A5190956497BF6812D423431351058737933F2DC7D7133D80B12AEE77780359D60D8F3D588C50BFE208182A9A51DFFC73ECC9F7EF4EC0D9AB58437A63CD558883383609055FB4DF165DC982DCF16D23C61531DF3AF7915FAADE29D4C62091D4D2A13882701A6770530246BEA56E19592ABD7EDED6E0FC07EB18059FD4EE5B6F475DF99676CDDCBED16D52339407BFA6AD5A74534A1BEBB0F39AB56398BBCBB17A411814C50D773DE055641A9C02B4B4F22506006E3E40DF593F4C0CEF8E6D1797E9E0B16170917EDF3628100727BB51B09ADD0B6E60CB3A47250DE80CF0423FDEB555059F13F7BDC351FC17EE4311EEAFFC56FE4C23540C7D2EF3AB7272BBEFA6C72D0D2A946A5518AA7794C326E2A3CF51804ADCA496C3CD012BEDFEA5448E5407D3A882999F48F809DD51C8A6D0A7835F21BF488D4172A18618A9DCA037A8E51F651D78C740BA96792C7C181BF2DACFB431940B8577D1F3EDCC3F0F7D63EC6BFEB611B4CBE9F5B7CC13259AE0D3BDCE23DC64773ACFBBD2A915706B5C0E3089DACC93B1D6ABE53596744212596E77B040042DB05F55AE61EE6D661B5F6FE9F6A763933D9A8C1C7B2EE72C12E73851B564BCD0302787CD58B8882D1DAD323601A1E665FA4E04CC8DB0BAA1027716B836ACCD17C14E58DF0244CAB1C1EFF7558948FC42E2AF01D2FE7DEA429DF1603F9A7BB4A88891B0CF3F154DC82F5753AA82DE7945BD7DE1297A3AAB95F349E69C61F3A215F6B2692C806F5EA96094CD3EF3EBE86FA97A7F71BC4EE583EA726B299D00FACED7F553294FDE006F21DE623C7CBA08A59CEF9EEF96E434D9B76524E3F54DD52CC527301CC5B0669A95F101F34ADA4A305AA7FE8E6E6FE549E79FB96D234D80E63292B7021478FB0D318B0E59221FD6BA00F2D05ABB217F68D9A1CC0DF4B37C9D638A15F67C8BDE8E3FEDE1845D1F07D6FA2439820D73373043EEEC2CCC7B7C53EFE367C05783DFCBDCE048B1673569F60D14515E04A17AFD2A1121D721DFEA6D4778"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\WININET.dll
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\oodag.exe
c:\program files\HP\HP Software Update\HPWUCli.exe
.
**************************************************************************
.
Completion time: 2009-06-18 18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 10:05
ComboFix2.txt 2009-03-18 08:26
ComboFix3.txt 2009-03-18 08:03
ComboFix4.txt 2009-03-18 07:35
ComboFix5.txt 2009-06-18 09:53

Pre-Run: 23,598,477,312 bytes free
Post-Run: 23,585,783,808 bytes free

371 --- E O F --- 2009-03-18 09:42

HitjackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:46 PM, on 6/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\RDShutdown.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FHSTBPYB - Unknown owner - C:\DOCUME~1\User\LOCALS~1\Temp\FHSTBPYB.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Novosoft Backup Network Workstation (NovosoftBackupNetworkWorkstation) - Unknown owner - C:\Program Files\Novosoft\Handy Backup\BackupNetworkWorkstation.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: RDShutdown Service (RDShutdown) - ND - C:\RDShutdown.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 8075 bytes

Voila!!! :) 
J'en profite aussi pour vous demander vos avis sur la cohabitation d'antivirus (en configurant correctement avira, pas de friction avec avast). J'ai lu sur un forum qu'avast + ThreatFire font un tres bon couple.
Bref, est-ce qu'a 2, voire 3, c'est vraiment mieux ? hehehe
Et est-ce qu'un voyeur comme spybot est alors vraiment necessaire? bon hum... je m'arrete la !;)

Merci d'avance de me lire ! Et que vos reponses puissent me soulager l'esprit

Autres pages sur : avast avira neutralises helllllp

21 Mars 2010 08:28:08

Bonjour Pat2com

Sur le sujet de fond: je n'apporte rien de nouveau. Par contre, je suis en Indonésie aussi, ou j'ai monté une activité informatique. on peut prendre contact ? e_tienne92 sur yahoo point fr
bonne journée.
m
0
l
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS