Se connecter / S'enregistrer
Votre question

Security center alert win32.brontok

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Mai 2009 22:50:54

Bonjour,

Depuis hier, je recois ce message de security center alert disant que mon pc pourrait être infecté par win32.brontok.. j'ai scanné et rien trouvé. De plus, lorsque j'essais d'ouvrir IE, il se ferme immédiatement... je recois quelques fois un runtime error 216. Je ne sais pas si ces problèmes sont reliés, mais on ma laisser savoir que ce message de win32.brontok est un "fake" pour faire acheter un logiciel anti-virus...

Merci de votre aide!

Autres pages sur : security center alert win32 brontok

a c 267 8 Sécurité
2 Mai 2009 22:53:13

Bonjour,

XP ou Vista ?
2 Mai 2009 23:15:19

XP
Contenus similaires
a c 267 8 Sécurité
2 Mai 2009 23:25:43

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    3 Mai 2009 00:24:08

    Voilà le rapport, et merci pour ton aide!
    ---------------------------------------------------------------------------------
    ComboFix 09-05-02.4 - Utilisateur 2009-05-02 18:15.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.2047.1576 [GMT -4:00]
    Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
    AV: Panda Antivirus 2008 *On-access scanning disabled* (Updated)

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Utilisateur\Application Data\Google\aestf16724249.exe
    c:\documents and settings\Utilisateur\Application Data\Google\Shell32.dll
    c:\program files\INSTALL.LOG
    c:\windows\admintxt.txt
    c:\windows\system32\drivers\svchost.exe
    c:\windows\Sysvxd.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-02 au 2009-05-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-15 05:14 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 05:14 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-15 05:14 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-15 05:14 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 05:14 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 05:14 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 05:14 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-15 05:14 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 05:14 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 05:13 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
    2009-04-15 05:13 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-02 22:18 . 2008-01-01 06:16 6 ---ha-w c:\windows\Tasks\SA.DAT
    2009-05-02 22:18 . 2008-01-01 20:25 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
    2009-05-02 20:22 . 2009-03-08 16:40 189496 ----a-w c:\windows\system32\PnkBstrB.exe
    2009-05-02 20:03 . 2009-03-08 16:41 139984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-04-29 03:27 . 2009-02-24 13:54 16 ----a-w c:\windows\popcinfo.dat
    2009-04-27 15:06 . 2008-12-24 02:35 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
    2009-04-15 07:14 . 2004-08-05 11:00 85022 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-15 07:14 . 2004-08-05 11:00 511066 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-10 19:50 . 2008-01-01 18:35 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-16 23:19 . 2009-03-08 16:41 22328 ----a-w c:\documents and settings\Utilisateur\Application Data\PnkBstrK.sys
    2009-03-16 23:19 . 2009-03-08 16:40 682280 ----a-w c:\windows\system32\pbsvc.exe
    2009-03-16 22:10 . 2009-03-06 23:00 -------- d-----w c:\program files\Activision
    2009-03-16 21:47 . 2008-03-24 21:12 -------- d-----w c:\program files\Fichiers communs\Adobe
    2009-03-09 22:55 . 2009-03-08 16:40 75064 ----a-w c:\windows\system32\PnkBstrA.exe
    2009-03-06 14:20 . 2004-08-05 11:00 286720 ----a-w c:\windows\system32\pdh.dll
    2009-03-06 02:27 . 2008-01-01 19:08 21128 ----a-w c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-03-03 00:13 . 2007-01-04 13:55 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2004-08-05 11:00 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-09 14:05 . 2007-04-11 06:46 1846912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 11:23 . 2007-02-28 16:02 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-09 11:23 . 2007-02-28 16:02 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-09 11:23 . 2004-08-05 11:00 111104 ----a-w c:\windows\system32\services.exe
    2009-02-09 10:53 . 2006-08-17 11:29 735744 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:53 . 2004-08-05 11:00 739840 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 10:53 . 2004-08-05 11:00 685568 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:53 . 2004-08-05 11:00 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-06 10:39 . 2004-08-05 11:00 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-03 19:58 . 2004-08-05 11:00 56832 ----a-w c:\windows\system32\secur32.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-08-26 15:32 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-11-20 290088]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    2007-02-16 01:02 50736 ----a-w c:\windows\system32\avldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\UO\\client.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\iTunes\\iTunes.exe"=
    "d:\\NOUVEAU\\UT3\\Binaries\\UT3Demo.exe"=
    "d:\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "d:\\Perfect World\\Program Files\\Perfect World Entertainment\\Perfect World International\\patcher\\patcher.exe"=

    S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-02-07 38968]
    S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 178872]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]

    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-05-02 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-realteks - c:\documents and settings\Utilisateur\Application Data\Google\aestf16724249.exe
    Notify-AtiExtEvent - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://sympatico.msn.ca/?lang=fr-CA
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-02 18:18
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\TEMP\TMP000000122F4F8B206C6CCC86 524288 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(692)
    c:\windows\system32\avldr.dll

    - - - - - - - > 'explorer.exe'(5476)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
    c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
    c:\program files\Fichiers communs\Panda Software\PavShld\PavPrSrv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Panda Security\Panda Antivirus 2008\WebProxy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-02 18:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-02 22:20

    Avant-CF: 127 593 971 712 octets libres
    Après-CF: 128 771 760 128 octets libres

    187 --- E O F --- 2009-05-01 10:16

    EDIT: Le message du security center alert semble avoir disparu et je peux de nouveau ouvrir Interner Explorer!! Merci! :D 
    a c 267 8 Sécurité
    3 Mai 2009 00:42:54

    /!\ Seul Pat181 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Folder::
    c:\program files\AskBarDis

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\drivers\\svchost.exe"=-


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    30 Juillet 2009 19:52:51

    Bonjour Destrio5, j'ai le même problème que Pat181, peux-tu m'aider,stp?
    Tu trouvera ci-dessous le rapport de combofix.

    Merci


    ComboFix 09-07-29.04 - utilisateur 30/07/2009 19:24.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.508 [GMT 2:00]
    Running from: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090729-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\utilisateur\Application Data\020000007ce9ab58579C.manifest
    c:\documents and settings\utilisateur\Application Data\020000007ce9ab58579O.manifest
    c:\documents and settings\utilisateur\Application Data\020000007ce9ab58579P.manifest
    c:\documents and settings\utilisateur\Application Data\020000007ce9ab58579S.manifest
    c:\documents and settings\utilisateur\Application Data\FunWebProducts
    c:\documents and settings\utilisateur\Application Data\FunWebProducts\Data\utilisateur\avatar.dat
    c:\documents and settings\utilisateur\Application Data\FunWebProducts\Data\utilisateur\zbucks.dat
    c:\documents and settings\utilisateur\Application Data\Google\cqvgl19623160.exe
    c:\documents and settings\utilisateur\Application Data\Google\Shell32.dll
    c:\documents and settings\utilisateur\Local Settings\Application Data\ogaaw.dat
    c:\documents and settings\utilisateur\Local Settings\Application Data\ogaaw.exe
    c:\documents and settings\utilisateur\Local Settings\Application Data\ogaaw_nav.dat
    c:\documents and settings\utilisateur\Local Settings\Application Data\ogaaw_navps.dat
    c:\documents and settings\utilisateur\RavMonLog
    c:\documents and settings\Val\RavMonLog
    c:\program files\AntiSpyware Pro
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
    c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    c:\program files\GamesBar\oberontb.dll
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
    c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
    c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
    c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
    c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
    c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
    c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
    c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
    c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
    c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
    c:\program files\MyWebSearch\bar\Cache\00407901.bin
    c:\program files\MyWebSearch\bar\Cache\00407AA7.bin
    c:\program files\MyWebSearch\bar\Cache\00407C0E.bin
    c:\program files\MyWebSearch\bar\Cache\00407EAE
    c:\program files\MyWebSearch\bar\Cache\01031CD3.bin
    c:\program files\MyWebSearch\bar\Cache\01031E3A.bin
    c:\program files\MyWebSearch\bar\Cache\038700B3
    c:\program files\MyWebSearch\bar\Cache\03870288.bin
    c:\program files\MyWebSearch\bar\Cache\038705D4.bin
    c:\program files\MyWebSearch\bar\Cache\03870789.bin
    c:\program files\MyWebSearch\bar\Cache\0387097D.bin
    c:\program files\MyWebSearch\bar\Cache\03870B42.bin
    c:\program files\MyWebSearch\bar\Cache\1A37CD7F
    c:\program files\MyWebSearch\bar\Cache\files.ini
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search3
    c:\program files\MyWebSearch\bar\icons\CM.ICO
    c:\program files\MyWebSearch\bar\icons\MFC.ICO
    c:\program files\MyWebSearch\bar\icons\PSS.ICO
    c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files\MyWebSearch\bar\icons\WB.ICO
    c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files\webmediaplayer
    c:\program files\webmediaplayer\resources\languages_v2.xml
    c:\program files\webmediaplayer\resources\webmedias
    c:\program files\webmediaplayer\skins\classic.skn
    c:\program files\webmediaplayer\sqlite3.dll
    c:\program files\webmediaplayer\uninst.exe
    c:\windows\GnuHashes.ini
    c:\windows\LClock.exe
    c:\windows\system32\f3PSSavr.scr
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\msconfig.exe
    c:\windows\system32\ntoskrnl.bak2
    c:\windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Service_Boonty Games
    -------\Service_MyWebSearchService


    ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
    .

    2009-07-30 17:09 . 2009-07-30 17:09 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Malwarebytes
    2009-07-30 17:09 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-30 17:09 . 2009-07-30 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-07-30 17:09 . 2009-07-30 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-30 17:09 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-30 17:02 . 2009-07-30 17:02 -------- d-----w- c:\program files\Trend Micro
    2009-07-29 13:11 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-07-29 13:11 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-07-29 13:11 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-07-29 13:11 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-07-29 13:11 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-07-29 13:11 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-07-29 13:11 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-07-29 13:11 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-07-29 13:10 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
    2009-07-29 12:38 . 2009-07-29 12:38 4956408 ----a-w- c:\documents and settings\utilisateur\Application Data\pdinstall.exe
    2009-07-28 21:40 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-07-28 19:48 . 2009-07-28 19:48 422 ----a-w- c:\documents and settings\utilisateur\Application Data\AdSigner\mario.exe
    2009-07-28 19:48 . 2009-07-28 19:48 16141 ----a-w- c:\documents and settings\utilisateur\Application Data\Canneverbe_Limited\flamiks32.exe
    2009-07-28 19:48 . 2009-07-28 19:48 145131 ----a-w- c:\documents and settings\utilisateur\Application Data\Apple Computer\pingo.dll
    2009-07-28 19:48 . 2009-07-28 19:48 13221 ----a-w- c:\documents and settings\utilisateur\Application Data\Adobe\xl12.exe
    2009-07-28 19:48 . 2009-07-28 19:48 11232 ----a-w- c:\documents and settings\utilisateur\Application Data\.trackballs\norigami.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-30 17:32 . 2009-06-07 16:42 -------- d-----w- c:\program files\GamesBar
    2009-07-30 16:05 . 2007-04-22 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-07-29 12:44 . 2008-09-29 20:57 -------- d-----w- c:\program files\LimeWire
    2009-07-28 23:05 . 2007-11-28 11:06 -------- d-----w- c:\program files\Sony Ericsson
    2009-07-28 23:03 . 2007-03-31 17:10 -------- d-----w- c:\program files\eMule
    2009-07-26 22:39 . 2008-08-20 09:21 -------- d-----w- c:\documents and settings\utilisateur\Application Data\EoRezo
    2009-07-20 18:40 . 2009-06-07 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar
    2009-06-26 16:18 . 2004-08-19 18:09 663552 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 16:18 . 2004-08-19 18:09 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-23 16:05 . 2009-06-23 16:05 -------- d-----w- c:\program files\Microids
    2009-06-16 14:54 . 2004-08-19 18:09 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:54 . 2001-08-28 16:00 82432 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-10 10:22 . 2009-06-10 10:22 -------- d-----w- c:\documents and settings\utilisateur\Application Data\AdSigner
    2009-06-09 06:22 . 2007-03-30 10:49 76776 ----a-w- c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-08 15:01 . 2007-03-27 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-06-08 15:00 . 2007-03-27 20:21 -------- d-----w- c:\program files\Microsoft Works
    2009-06-08 14:17 . 2007-03-29 22:08 -------- d-----w- c:\program files\Everest Poker
    2009-06-08 11:33 . 2009-06-08 11:33 1878984 ----a-w- c:\documents and settings\utilisateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-06-07 16:41 . 2009-06-07 16:41 -------- d-----w- c:\program files\Oberon Media
    2009-06-07 16:41 . 2009-06-07 16:41 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
    2009-06-07 16:41 . 2009-06-07 16:41 -------- d-----w- c:\program files\orange
    2009-06-03 19:27 . 2004-08-19 18:09 1296896 ----a-w- c:\windows\system32\quartz.dll
    2009-06-02 00:28 . 2007-05-06 09:16 -------- d-----w- c:\program files\lbreakout2
    2009-05-07 15:43 . 2004-08-19 18:09 347136 ----a-w- c:\windows\system32\localspl.dll
    2008-10-22 13:19 . 2008-10-22 13:01 3037 ----a-w- c:\program files\Infos65.is
    2009-04-15 18:36 . 2007-03-27 20:55 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2009-04-15 18:36 . 2007-03-27 20:55 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2009-04-15 18:36 . 2007-03-27 20:55 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2009-04-15 18:36 . 2007-03-27 20:55 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2009-04-15 18:36 . 2007-03-27 20:55 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    2007-07-14 16:47 . 2007-07-14 16:47 8192 --sha-w- c:\windows\o2cLicStore.bin
    .

    ------- Sigcheck -------

    [-] 2005-06-15 21:01 1036288 CC5B99AF6247175A151B0CC4E71C7F58 c:\windows\explorer.exe
    [-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe

    [-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfcfiles.dll
    [-] 2004-11-28 16:36 8704 AB3D62010AF342203FFA60C2D94DBC68 c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DigiClock"="none" [X]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 68856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-10-30 3166720]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-03-28 413696]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
    .security [2009-4-22 0]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    .security [2009-4-22 0]
    D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\World of Warcraft\\Launcher.exe"=
    "c:\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe"=
    "c:\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-frFR-downloader.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16065:TCP"= 16065:TCP:NortonAV
    "15960:TCP"= 15960:TCP:NortonAV
    "17576:TCP"= 17576:TCP:NortonAV
    "17304:TCP"= 17304:TCP:NortonAV
    "16055:TCP"= 16055:TCP:NortonAV
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "13568:TCP"= 13568:TCP:NortonAV
    "16675:TCP"= 16675:TCP:NortonAV
    "13258:TCP"= 13258:TCP:NortonAV
    "13727:TCP"= 13727:TCP:NortonAV
    "13628:TCP"= 13628:TCP:NortonAV
    "12452:TCP"= 12452:TCP:NortonAV
    "16774:TCP"= 16774:TCP:NortonAV
    "14178:TCP"= 14178:TCP:NortonAV
    "14333:TCP"= 14333:TCP:NortonAV
    "14096:TCP"= 14096:TCP:NortonAV
    "15374:TCP"= 15374:TCP:NortonAV
    "17333:TCP"= 17333:TCP:NortonAV
    "12555:TCP"= 12555:TCP:NortonAV
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [27/03/2007 21:42 11264]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/07/2009 15:11 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/07/2009 15:11 20560]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [30/11/2007 19:28 13352]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
    S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
    S4 mchInjDrv;mchInjDrv; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

    2009-07-30 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-22 14:33]

    2007-11-28 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
    HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe
    HKCU-Run-ogaaw - c:\documents and settings\utilisateur\local settings\application data\ogaaw.exe
    HKCU-Run-LClock - lclock.exe
    HKLM-Run-realteks - c:\documents and settings\utilisateur\Application Data\Google\cqvgl19623160.exe
    Notify-2c86972a579 - c:\windows\System32\hppldcoi32.dll


    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://lo.st
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\utilisateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\57yjdxja.default\
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://lo.st/
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0...
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-30 19:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-436374069-1958367476-839522115-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:ad,27,21,61,3c,4f,30,db,b1,a5,fc,fb,b2,be,43,8d,45,0b,52,63,67,17,b1,
    98,91,36,4c,f9,4f,1f,86,da,ce,09,93,aa,de,c6,e0,e8,03,58,c8,4d,aa,91,b5,56,\
    "??"=hex:0d,0d,44,2c,3a,73,8c,22,31,3e,58,78,41,13,07,21
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3248)
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Executive Software\Diskeeper\DkService.exe
    c:\windows\system32\imapi.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\HP\digital imaging\bin\hpqgalry.exe
    c:\program files\ASUS\ASUS DH Remote\AsDHRemote.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-30 19:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-30 17:42

    Pre-Run: 72 529 915 904 octets libres
    Post-Run: 73 187 958 784 octets libres

    379 --- E O F --- 2009-07-29 19:01
    a c 267 8 Sécurité
    30 Juillet 2009 20:41:12

    Bonjour Valvar,

    Comme l'auteur du topic n'a pas donné de nouvelle, je vais t'aider sur ce topic.

    /!\ Seul Valvar peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    c:\documents and settings\utilisateur\Application Data\AdSigner\mario.exe
    c:\documents and settings\utilisateur\Application Data\Canneverbe_Limited\flamiks32.exe
    c:\documents and settings\utilisateur\Application Data\Apple Computer\pingo.dll
    c:\documents and settings\utilisateur\Application Data\Adobe\xl12.exe
    c:\documents and settings\utilisateur\Application Data\.trackballs\norigami.dll
    c:\documents and settings\utilisateur\Menu Démarrer\Programmes\Démarrage\.security
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\.security

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\drivers\\svchost.exe"=-

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    31 Juillet 2009 23:34:47

    bonjour destrio5, pourrais tu m'aider également?
    j'ai également ce virus sur windows XP et voici mon rapport:

    ComboFix 09-07-31.02 - ACAdmin 31/07/2009 23:15.1.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.2039.1506 [GMT 2:00]
    Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\eksplorasi.exe
    c:\windows\system32\Drivers\svchost.exe
    c:\windows\Sysvxd.exe
    d:\documents and settings\Administrator\Application Data\Google\ocprg23017248.exe
    d:\documents and settings\Administrator\Application Data\Google\Shell32.dll
    d:\documents and settings\Administrator\Local Settings\Application Data\csrss.exe
    d:\documents and settings\Administrator\Local Settings\Application Data\inetinfo.exe
    d:\documents and settings\Administrator\Local Settings\Application Data\lsass.exe
    d:\documents and settings\Administrator\Local Settings\Application Data\services.exe
    d:\documents and settings\Administrator\Local Settings\Application Data\smss.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
    .

    2009-07-26 18:36 . 2009-07-26 18:36 -------- d-----w- C:\Downloads
    2009-07-26 18:36 . 2009-07-26 18:36 -------- d-----w- C:\Bases
    2009-07-26 18:29 . 2009-07-26 18:29 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-07-24 23:01 . 2009-07-25 13:39 4956408 ----a-w- d:\documents and settings\Administrator\Application Data\pdinstall.exe
    2009-07-24 22:54 . 2009-07-24 22:54 422 ----a-w- d:\documents and settings\Administrator\Application Data\Sonic\mario.exe
    2009-07-24 22:54 . 2009-07-24 22:54 16141 ----a-w- d:\documents and settings\Administrator\Application Data\Macromedia\flamiks32.exe
    2009-07-24 22:54 . 2009-07-24 22:54 145131 ----a-w- d:\documents and settings\Administrator\Application Data\Leadertech\pingo.dll
    2009-07-24 22:54 . 2009-07-24 22:54 13221 ----a-w- d:\documents and settings\Administrator\Application Data\InstallShield\xl12.exe
    2009-07-24 22:54 . 2009-07-24 22:54 11232 ----a-w- d:\documents and settings\Administrator\Application Data\Identities\norigami.dll
    2009-07-14 15:13 . 2009-07-14 15:13 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-14 15:12 . 2009-07-14 15:12 152576 ----a-w- d:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2006-09-12 13:21 . 2006-09-13 13:47 319 ----a-w- c:\program files\VersionMarker.dat
    2009-06-16 22:00 . 2009-06-15 23:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2008-08-26 19:38 . 2008-08-20 12:02 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2006-05-03 10:06 . 2009-04-04 16:27 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 . 2009-04-04 16:27 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2009-04-04 16:27 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2005-08-31 1658592]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 48800]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 85744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-02 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-02 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-02 138008]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]
    "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-01 404248]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 185896]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-26 29744]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "LogonType"= 0 (0x0)
    "disablecad"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
    path=d:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    backup=c:\windows\pss\DVD Check.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "64213:TCP"= 64213:TCP:eMule_TCP
    "64092:UDP"= 64092:UDP:eMule_UDP
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [1/15/2008 4:44 PM 1489688]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/13/2006 10:06 PM 101936]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/12/2007 4:57 PM 36608]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [10/5/2007 11:42 AM 47616]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/20/2008 2:02 PM 29744]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5/27/2006 3:06 PM 169200]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
    rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\wmactedp.inf,PerUserStub
    .
    Contents of the 'Scheduled Tasks' folder

    2008-04-01 c:\windows\Tasks\At1.job
    - c:\program files\ACMT\ACMT.exe [2006-09-13 10:58]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-realteks - d:\documents and settings\Administrator\Application Data\Google\ocprg23017248.exe


    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.wanadoo.fr/
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2pmy3gf3.default\
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-31 23:20
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3732)
    c:\windows\system32\xpsp3res.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
    c:\program files\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    c:\program files\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    c:\windows\SYSTEM32\SCARDSVR.EXE
    c:\program files\SYMANTEC ANTIVIRUS\VPTRAY.EXE
    c:\windows\SYSTEM32\IGFXSRVC.EXE
    c:\program files\INTEL\AMT\ATCHKSRV.EXE
    c:\program files\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    c:\program files\INTEL\INTEL MATRIX STORAGE MANAGER\IAANTMON.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\program files\INTEL\AMT\LMS.EXE
    c:\program files\MESSENGER\MSMSGS.EXE
    c:\program files\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
    c:\program files\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE
    .
    **************************************************************************
    .
    Completion time: 2009-07-31 23:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-31 21:22

    Pre-Run: 8 469 430 272 bytes free
    Post-Run: 8 504 852 480 bytes free

    170
    a c 267 8 Sécurité
    31 Juillet 2009 23:57:26

    Chacun son topic merci ;) 
    1 Août 2009 00:07:39

    okapi pas de problème :-)
    5 Décembre 2009 22:20:15

    salut, je crois avoir le même virus publicitaire, avec security center qui ouvre une fenetre tout les é minutes, qquelqu'un peut m'aider? svp
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS