[Résolu] Fenetre internet s'ouvre toute seule
Dernière réponse : dans Sécurité
Bonjour,
J'ai reçu via facebook un message malveillant et malheureusement mon pc est infecté. Merci de m'aider, je joins en 1 le fichier rsit et en 2 le fichier malwarebytes
1 rsit
Logfile of random's system information tool 1.08 (written by random/random)
Run by veland at 2010-09-05 19:35:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (17%) free of 114 GB
Total RAM: 1015 MB (50% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-12-10 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-06-16 320928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-12-10 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-12-10 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-06-16 320928]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-12-10 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"OfficeScanNT Monitor"=C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe [2008-06-25 709928]
"IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"hpWirelessAssistant"=C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-18 137752]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
"QlbCtrl"=C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Acrobat Assistant 8.0"=C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2010-06-16 624056]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"NPSStartup"= []
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"LexWebUpdate"=C:\Programme\Lexmark\Install\InstallWeb\InstallWeb.exe /S /L:FRENCH []
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-08-10 421888]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552]
"xuri49tkd"=C:\windows\andy128.exe [2010-09-04 166400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-10 39408]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-08 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe"="C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\WINDOWS\system32\LMabcoms.exe"="C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2010-09-05 19:35:13 ----D---- C:\rsit
2010-09-05 16:03:04 ----D---- C:\Dokumente und Einstellungen\veland\Anwendungsdaten\Malwarebytes
2010-09-05 16:02:56 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-05 16:02:54 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-09-05 16:02:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-05 16:02:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-05 14:50:32 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-05 11:01:44 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-09-04 16:40:51 ----D---- C:\Programme\webserver
2010-09-04 16:39:34 ----A---- C:\WINDOWS\system32\drivers\dev.sys
2010-09-04 16:39:34 ----A---- C:\WINDOWS\system32\dev.dll
2010-09-04 16:39:14 ----H---- C:\WINDOWS\andy128.exe
2010-09-04 07:38:09 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-09-04 07:35:34 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-04 07:35:34 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-04 07:35:34 ----A---- C:\WINDOWS\system32\java.exe
2010-08-21 13:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-21 13:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-21 13:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-21 13:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-21 13:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-21 13:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-21 13:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-21 13:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-19 23:40:02 ----D---- C:\Dokumente und Einstellungen\veland\Anwendungsdaten\vlc
2010-08-19 08:55:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-08-06 22:34:13 ----D---- C:\Dokumente und Einstellungen\veland\Anwendungsdaten\Apple Computer
======List of files/folders modified in the last 1 months======
2010-09-05 19:35:13 ----D---- C:\WINDOWS\Prefetch
2010-09-05 19:23:03 ----D---- C:\WINDOWS\Temp
2010-09-05 19:20:40 ----SHD---- C:\WINDOWS\CSC
2010-09-05 16:56:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-05 16:51:33 ----D---- C:\WINDOWS\system32\drivers
2010-09-05 16:45:55 ----D---- C:\WINDOWS
2010-09-05 16:02:54 ----RD---- C:\Programme
2010-09-05 16:01:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-05 15:41:43 ----D---- C:\WINDOWS\system32
2010-09-05 15:41:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-05 11:02:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-05 11:02:12 ----D---- C:\WINDOWS\system32\HouseCall 6.6
2010-09-04 17:01:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-04 16:40:35 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-04 07:38:10 ----SHD---- C:\WINDOWS\Installer
2010-09-04 07:38:10 ----SHD---- C:\Config.Msi
2010-09-04 07:38:09 ----D---- C:\Programme\Gemeinsame Dateien
2010-09-04 07:35:28 ----D---- C:\Programme\Java
2010-08-27 11:23:05 ----D---- C:\firmware
2010-08-26 15:24:47 ----A---- C:\WINDOWS\hpmssnpjt.ini
2010-08-21 17:49:31 ----D---- C:\Programme\Internet Explorer
2010-08-21 13:36:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-21 13:36:37 ----RSD---- C:\WINDOWS\assembly
2010-08-21 13:34:58 ----HD---- C:\WINDOWS\inf
2010-08-21 13:34:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-21 13:34:48 ----A---- C:\WINDOWS\imsins.BAK
2010-08-21 13:34:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-21 13:33:32 ----D---- C:\Programme\Movie Maker
2010-08-21 13:30:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-21 13:27:47 ----D---- C:\WINDOWS\WinSxS
2010-08-19 08:55:48 ----D---- C:\Programme\QuickTime
2010-08-17 07:45:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 dev;dev; \??\C:\WINDOWS\system32\drivers\dev.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-06-25 72072]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-18 10384]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Programme\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Programme\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-12 625664]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-08 5776864]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2008-11-04 16800]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-07-15 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-07-15 25512]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-11-04 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-11-04 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-11-04 21568]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ddev;ddev; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-01-08 233472]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-06-25 906536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 tmlisten;OfficeScan NT Listener; C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe [2008-06-25 984360]
R2 webserver;webserver; C:\Programme\webserver\webserver.exe [2010-09-04 41984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-12 654848]
R3 hpqwmiex;hpqwmiex; C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-10 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 lmab_device;lmab_device; C:\WINDOWS\system32\LMabcoms.exe [2005-12-01 491520]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe [2008-06-25 652552]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
2 malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4550
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05.09.2010 19:47:03
mbam-log-2010-09-05 (19-47-03).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 164352
Temps écoulé: 19 minute(s), 42 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\Programme\webserver\webserver.exe (Worm.Koobface) -> No action taken.
C:\WINDOWS\andy128.exe (Trojan.Dropper.Gen) -> No action taken.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\dev.dll (Worm.KoobFace) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddev (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.Koobface) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xuri49tkd (Trojan.Dropper.Gen) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\dev.dll (Worm.KoobFace) -> No action taken.
C:\Programme\webserver\webserver.exe (Worm.Koobface) -> No action taken.
C:\WINDOWS\andy128.exe (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\drivers\dev.sys (Worm.KoobFace) -> No action taken.
C:\Dokumente und Einstellungen\veland\Lokale Einstellungen\Temp\zpskon_1283642704.exe (Worm.Koobface) -> No action taken.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
J'ai reçu via facebook un message malveillant et malheureusement mon pc est infecté. Merci de m'aider, je joins en 1 le fichier rsit et en 2 le fichier malwarebytes
1 rsit
Logfile of random's system information tool 1.08 (written by random/random)
Run by veland at 2010-09-05 19:35:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (17%) free of 114 GB
Total RAM: 1015 MB (50% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-12-10 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-06-16 320928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-12-10 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-12-10 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-06-16 320928]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-12-10 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"OfficeScanNT Monitor"=C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe [2008-06-25 709928]
"IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"hpWirelessAssistant"=C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-18 137752]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
"QlbCtrl"=C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Acrobat Assistant 8.0"=C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2010-06-16 624056]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"NPSStartup"= []
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"LexWebUpdate"=C:\Programme\Lexmark\Install\InstallWeb\InstallWeb.exe /S /L:FRENCH []
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-08-10 421888]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552]
"xuri49tkd"=C:\windows\andy128.exe [2010-09-04 166400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-10 39408]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-08 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe"="C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\WINDOWS\system32\LMabcoms.exe"="C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2010-09-05 19:35:13 ----D---- C:\rsit
2010-09-05 16:03:04 ----D---- C:\Dokumente und Einstellungen\veland\Anwendungsdaten\Malwarebytes
2010-09-05 16:02:56 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-05 16:02:54 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-09-05 16:02:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-05 16:02:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-05 14:50:32 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-05 11:01:44 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-09-04 16:40:51 ----D---- C:\Programme\webserver
2010-09-04 16:39:34 ----A---- C:\WINDOWS\system32\drivers\dev.sys
2010-09-04 16:39:34 ----A---- C:\WINDOWS\system32\dev.dll
2010-09-04 16:39:14 ----H---- C:\WINDOWS\andy128.exe
2010-09-04 07:38:09 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-09-04 07:35:34 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-04 07:35:34 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-04 07:35:34 ----A---- C:\WINDOWS\system32\java.exe
2010-08-21 13:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-21 13:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-21 13:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-21 13:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-21 13:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-21 13:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-21 13:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-21 13:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-19 23:40:02 ----D---- C:\Dokumente und Einstellungen\veland\Anwendungsdaten\vlc
2010-08-19 08:55:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-08-06 22:34:13 ----D---- C:\Dokumente und Einstellungen\veland\Anwendungsdaten\Apple Computer
======List of files/folders modified in the last 1 months======
2010-09-05 19:35:13 ----D---- C:\WINDOWS\Prefetch
2010-09-05 19:23:03 ----D---- C:\WINDOWS\Temp
2010-09-05 19:20:40 ----SHD---- C:\WINDOWS\CSC
2010-09-05 16:56:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-05 16:51:33 ----D---- C:\WINDOWS\system32\drivers
2010-09-05 16:45:55 ----D---- C:\WINDOWS
2010-09-05 16:02:54 ----RD---- C:\Programme
2010-09-05 16:01:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-05 15:41:43 ----D---- C:\WINDOWS\system32
2010-09-05 15:41:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-05 11:02:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-05 11:02:12 ----D---- C:\WINDOWS\system32\HouseCall 6.6
2010-09-04 17:01:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-04 16:40:35 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-04 07:38:10 ----SHD---- C:\WINDOWS\Installer
2010-09-04 07:38:10 ----SHD---- C:\Config.Msi
2010-09-04 07:38:09 ----D---- C:\Programme\Gemeinsame Dateien
2010-09-04 07:35:28 ----D---- C:\Programme\Java
2010-08-27 11:23:05 ----D---- C:\firmware
2010-08-26 15:24:47 ----A---- C:\WINDOWS\hpmssnpjt.ini
2010-08-21 17:49:31 ----D---- C:\Programme\Internet Explorer
2010-08-21 13:36:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-21 13:36:37 ----RSD---- C:\WINDOWS\assembly
2010-08-21 13:34:58 ----HD---- C:\WINDOWS\inf
2010-08-21 13:34:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-21 13:34:48 ----A---- C:\WINDOWS\imsins.BAK
2010-08-21 13:34:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-21 13:33:32 ----D---- C:\Programme\Movie Maker
2010-08-21 13:30:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-21 13:27:47 ----D---- C:\WINDOWS\WinSxS
2010-08-19 08:55:48 ----D---- C:\Programme\QuickTime
2010-08-17 07:45:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 dev;dev; \??\C:\WINDOWS\system32\drivers\dev.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-06-25 72072]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-18 10384]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Programme\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Programme\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-12 625664]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-08 5776864]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2008-11-04 16800]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-07-15 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-07-15 25512]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-11-04 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-11-04 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-11-04 21568]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ddev;ddev; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-01-08 233472]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-06-25 906536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 tmlisten;OfficeScan NT Listener; C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe [2008-06-25 984360]
R2 webserver;webserver; C:\Programme\webserver\webserver.exe [2010-09-04 41984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-12 654848]
R3 hpqwmiex;hpqwmiex; C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-10 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 lmab_device;lmab_device; C:\WINDOWS\system32\LMabcoms.exe [2005-12-01 491520]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe [2008-06-25 652552]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
2 malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4550
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05.09.2010 19:47:03
mbam-log-2010-09-05 (19-47-03).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 164352
Temps écoulé: 19 minute(s), 42 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\Programme\webserver\webserver.exe (Worm.Koobface) -> No action taken.
C:\WINDOWS\andy128.exe (Trojan.Dropper.Gen) -> No action taken.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\dev.dll (Worm.KoobFace) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddev (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.Koobface) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xuri49tkd (Trojan.Dropper.Gen) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\dev.dll (Worm.KoobFace) -> No action taken.
C:\Programme\webserver\webserver.exe (Worm.Koobface) -> No action taken.
C:\WINDOWS\andy128.exe (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\drivers\dev.sys (Worm.KoobFace) -> No action taken.
C:\Dokumente und Einstellungen\veland\Lokale Einstellungen\Temp\zpskon_1283642704.exe (Worm.Koobface) -> No action taken.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
Autres pages sur : resolu fenetre internet ouvre seule
Lassé par la pub ? Créez un compte
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumFenetre internet qui s'ouvre toute seule
- ForumFenetre internet s'ouvre seule
- ForumFenetre internet s'ouvre toute seul
- ForumFenetre internet qui s'ouvre tout seul
- ForumFenetre internet s'ouvre seul
- ForumFenetre intempestive internet explorer résolu
- ForumFenetre internet s ouvre toute seule
- ForumFenetre internet qui souvre toute seule
- ForumFenetre internet se ferme toute seule
- ForumVirus fenetre internet ce lance toute seule
- Voir plus
