High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Virus x.bat

Dernière réponse le 8 oct 2009 à 21:45:25 collu0608, le 27 sep 2009 à 20:43:07 
 Signaler ce message aux modérateurs

Bonjour,

j ai avast antivirus et il me detecte un virus x.bat avec une erreur generic host... et une impossibilite d acces a internet au final.

ci joint rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-27 20:41:26
Microsoft Windows XP Professional Service Pack 3, v.3264
System drive C: has 49 GB (86%) free of 57 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:06, on 27/09/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\AT9Jg05.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Data Serivce] 9new.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User '?')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Service Google Update (gupdate1c9a0139cd648b0) (gupdate1c9a0139cd648b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
End of file - 9969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-18 4866048]
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded []
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-03 172032]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-18 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-18 159744]
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-10-17 258048]
"CrossMenu"=C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [2003-10-19 798720]
"TapButt"=C:\Program Files\Toshiba\TapButton\TapButt.exe [2003-10-24 163840]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-24 24576]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2003-10-24 278528]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2003-12-10 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2003-10-07 77824]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-10-16 73728]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2003-12-03 131072]
"TAcelMgr"=C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [2003-10-15 86016]
"TSkrMain"=C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe [2003-10-21 45056]
"TosRotation"=C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2004-01-30 266240]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-22 126976]
"Sensiva"=C:\Symbol Commander\Sensiva.exe [2002-10-01 2052096]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-09-10 49152]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2003-10-20 159744]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2007-12-01 271872]
"PRONoMgr.exe"=c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2007-12-01 16384]
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe [2002-08-20 40960]
"Drag'n Drop CD+DVD"=C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe [2003-08-09 1175552]
"IVPServiceMgr"=C:\toshiba\ivp\ism\ivpsvmgr.exe [2003-10-20 475136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Windows Data Serivce"=C:\WINDOWS\system32\9new.exe [2009-09-27 274432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]
"NVIEW"=nview.dll,nViewLoadHook []
"Zinio DLM"=C:\Program Files\Zinio\ZDLM.exe /hide []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2007-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2007-12-01 32256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-27 20:32:10 ----A---- C:\x.bat
2009-09-27 19:50:13 ----A---- C:\WINDOWS\system32\x.exe
2009-09-27 19:48:10 ----A---- C:\WINDOWS\system32\9new.exe
2009-09-27 19:42:36 ----D---- C:\Program Files\trend micro
2009-09-27 19:42:35 ----D---- C:\rsit
2009-09-27 19:16:46 ----A---- C:\WINDOWS\system32\nigzss.txt
2009-09-27 19:14:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-27 19:14:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-27 19:14:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-27 17:07:03 ----A---- C:\WINDOWS\nigzss.txt
2009-09-27 17:06:50 ----RSH---- C:\WINDOWS\9new.exe
2009-09-27 12:15:59 ----A---- C:\AT9Jg05.exe
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-09-26 20:15:20 ----D---- C:\Program Files\Alwil Software

======List of files/folders modified in the last 1 months======

2009-09-27 20:41:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-27 20:39:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-27 20:39:43 ----D---- C:\WINDOWS\Temp
2009-09-27 20:32:07 ----D---- C:\WINDOWS
2009-09-27 20:31:59 ----SD---- C:\WINDOWS\Tasks
2009-09-27 20:31:54 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-09-27 19:52:44 ----D---- C:\WINDOWS\system32
2009-09-27 19:48:20 ----D---- C:\WINDOWS\Prefetch
2009-09-27 19:42:36 ----RD---- C:\Program Files
2009-09-27 19:14:11 ----D---- C:\WINDOWS\system32\drivers
2009-09-27 18:55:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-27 10:45:47 ----D---- C:\WINDOWS\system32\config
2009-09-26 17:53:31 ----D---- C:\Program Files\Bonjour
2009-09-26 17:52:46 ----D---- C:\WINDOWS\system32\wbem
2009-09-26 17:52:46 ----D---- C:\WINDOWS\Registration
2009-09-26 17:52:09 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2007-12-01 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2007-12-01 14592]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-02-01 90416]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2002-09-26 5760]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2007-12-01 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2008-03-27 14037]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-30 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
R2 tossmbnt;tossmbnt; C:\WINDOWS\system32\drivers\tossmbnt.sys [2002-04-07 19607]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-12-20 1164576]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-12-13 99577]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2007-12-01 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-17 165496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-18 1371740]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-11 578752]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\System32\DRIVERS\TBtnKey.sys [2002-09-13 8832]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-15 25888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2007-12-01 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2007-12-01 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2007-12-01 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\System32\DRIVERS\wacompen.sys [2007-12-01 14208]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-19 30976]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2000-01-06 6912]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 15143]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\Drivers\Tbiosdrv.sys []
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-14 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2006-02-09 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2007-12-01 26368]
S3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-12-05 979840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2003-12-03 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-18 77824]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2003-10-21 53248]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2003-12-10 126976]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2007-12-01 267776]
S2 gupdate1c9a0139cd648b0;Service Google Update (gupdate1c9a0139cd648b0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2007-12-01 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

-----------------EOF-----------------

Configuration: Windows XP Internet Explorer 7.0

Meilleures réponses pour « virus x.bat » dans :
Mythe - Linux est invulnérable face aux virus VoirMythe GNU/Linux est invulnérable face aux virus. Réalité FAUX Explications GNU/Linux - tout comme Windows ou MacOS X - possède des failles de sécurité. Ces failles peuvent être exploitées par des programmes malveillants. GNU/Linux est donc...
[Virus] Que faire quand on est infecté ? VoirSi vous savez ou vous pensez être infecté par un virus Si vous savez ou vous pensez être infecté par un virus, il faut s'en occuper le plus rapidement possible car l'infection peut inviter d'autres infections dans votre PC et votre système risque...
Virus et Malwares ... Le truc pour les éliminer Voir
Virus - Introduction aux virus VoirVirus Un virus est un petit programme informatique situé dans le corps d'un autre, qui, lorsqu'on l'exécute, se charge en mémoire et exécute les instructions que son auteur a programmé. La définition d'un virus pourrait être la suivante : « Tout...
Utilitaires de désinfection des principaux virus et vers VoirQu'est-ce qu'un kit de désinfection ? Un kit de désinfection est un petit exécutable dont le but est de nettoyer une machine infectée par un virus particulier. Chaque kit de désinfection est donc uniquement capable d'éradiquer un type de virus...
Posez votre question Répondre

1

jlpjlp, le 27 sep 2009 à 20:46:10

Slt,



• Télécharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

   
Répondre à jlpjlp

2

crapoulou, le 27 sep 2009 à 20:46:15

Salut,
Adit : Pour suivre.
Salut jlpjlp ;-).

   
Répondre à crapoulou

3

collu0608, le 27 sep 2009 à 20:51:07

Ci joint rapport usb fix


############################## | UsbFix V6.037 |

User : Administrator () # USER-OLR8VOMPRQ
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 8:49:33 PM | 9/27/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3, v.3264
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1356 [VPS 090926-0] 4.8.1356 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 55.88 Go (47.89 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\AT9Jg05.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\WINDOWS\system32\x.exe
C:\x.bat

################## | Registre # Clés Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Data Serivce"

################## | Registre # Mountpoints2 |


################## | ! Fin du rapport # UsbFix V6.037 ! |

   
Répondre à collu0608

4

jlpjlp, le 27 sep 2009 à 20:54:24

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

   
Répondre à jlpjlp

5

collu0608, le 27 sep 2009 à 21:11:51

Ci joint nouveau rapport apres redemarrage


############################## | UsbFix V6.037 |

User : Administrator (Administrators) # USER-OLR8VOMPRQ
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 9:06:31 PM | 9/27/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3, v.3264
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1356 [VPS 090926-1] 4.8.1356 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 55.88 Go (47.86 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\system32\x.exe
Supprimé ! C:\x.bat

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Data Serivce"

################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[27/09/2009 20:32|--a------|167936] C:\AT9Jg05.exe
[04/02/2004 00:25|--a------|0] C:\AUTOEXEC.BAT
[27/03/2008 22:14|-rahs----|211] C:\boot.ini
[04/02/2004 00:25|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[04/02/2004 00:25|-rahs----|0] C:\IO.SYS
[04/02/2004 00:25|-rahs----|0] C:\MSDOS.SYS
[27/03/2008 22:09|-rahs----|47564] C:\NTDETECT.COM
[06/01/2000 03:55|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[27/09/2009 21:08|--a------|2938] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\ADMINI~1\Desktop\UsbFix_Upload_Me_USER-OLR8VOMPRQ.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php
Merci pour votre contribution .

   
Répondre à collu0608

6

collu0608, le 27 sep 2009 à 21:22:24

Apres redemarrage le pb persiste.

   
Répondre à collu0608

7

collu0608, le 27 sep 2009 à 21:40:18

Apres un autre lancement de usbfix ci joint nouveau rapport


############################## | UsbFix V6.037 |

User : Administrator (Administrators) # USER-OLR8VOMPRQ
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 9:29:05 PM | 9/27/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3, v.3264
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1356 [VPS 090927-0] 4.8.1356 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 55.88 Go (48.03 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\autorun.inf

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Data Serivce"

################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[27/09/2009 21:19|--a------|167936] C:\AT9Jg05.exe
[04/02/2004 00:25|--a------|0] C:\AUTOEXEC.BAT
[27/03/2008 22:14|-rahs----|211] C:\boot.ini
[04/02/2004 00:25|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[04/02/2004 00:25|-rahs----|0] C:\IO.SYS
[04/02/2004 00:25|-rahs----|0] C:\MSDOS.SYS
[27/03/2008 22:09|-rahs----|47564] C:\NTDETECT.COM
[06/01/2000 03:55|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[27/09/2009 21:30|--a------|2871] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\ADMINI~1\Desktop\UsbFix_Upload_Me_USER-OLR8VOMPRQ.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.037 ! |

   
Répondre à collu0608

8

crapoulou, le 27 sep 2009 à 21:46:50

Patiente jusqu'au retour de jlpjlp ;-). T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

   
Répondre à crapoulou

9

collu0608, le 27 sep 2009 à 21:52:20
  • +1

C est un truc de malade ce virus je sais meme pas comment j ai pu recuperer ca...

   
Répondre à collu0608

10

crapoulou, le 27 sep 2009 à 22:00:38

Par des disques amovibles (USB) infectés.
Allez, je vous laisse tous les deux (on interrompt pas une désinfection pour causer).
Attends patiemment. T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

   
Répondre à crapoulou

11

jlpjlp, le 27 sep 2009 à 22:11:23

Remets un rapport RSIT

   
Répondre à jlpjlp

12

collu0608, le 27 sep 2009 à 22:19:29

Voici un rapport apres une nouvelle manip avec usbfix


############################## | UsbFix V6.037 |

User : Administrator (Administrators) # USER-OLR8VOMPRQ
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 10:15:53 PM | 9/27/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3, v.3264
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1356 [VPS 090927-0] 4.8.1356 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 55.88 Go (47.98 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\autorun.inf
Supprimé ! C:\x.bat

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Data Serivce"

################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[27/09/2009 22:12|--a------|167936] C:\AT9Jg05.exe
[04/02/2004 00:25|--a------|0] C:\AUTOEXEC.BAT
[27/03/2008 22:14|-rahs----|211] C:\boot.ini
[04/02/2004 00:25|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[04/02/2004 00:25|-rahs----|0] C:\IO.SYS
[04/02/2004 00:25|-rahs----|0] C:\MSDOS.SYS
[27/03/2008 22:09|-rahs----|47564] C:\NTDETECT.COM
[06/01/2000 03:55|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[27/09/2009 22:17|--a------|2927] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\ADMINI~1\Desktop\UsbFix_Upload_Me_USER-OLR8VOMPRQ.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.037 ! |

   
Répondre à collu0608

13

jlpjlp, le 27 sep 2009 à 22:42:30

Bis

remets un rapport RSIT

_________________

et analyse ce fichier sur virus total et colle le rapport ici: http://www.virustotal.com/fr/

C:\AT9Jg05.exe

   
Répondre à jlpjlp

14

collu0608, le 28 sep 2009 à 13:05:44

Voici un rapport RSIT


############################## | UsbFix V6.037 |

User : Administrator (Administrators) # USER-OLR8VOMPRQ
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 1:04:10 PM | 9/28/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3, v.3264
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1356 [VPS 090927-0] 4.8.1356 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 55.88 Go (47.99 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe

################## | Fichiers # Dossiers infectieux |

C:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | ! Fin du rapport # UsbFix V6.037 ! |

   
Répondre à collu0608

15

collu0608, le 28 sep 2009 à 13:09:24

Et voici le rapport apres analye sur virus total

Fichier AT9Jg05.exe reçu le 2009.09.26 17:26:38 (UTC)
Situation actuelle: terminé

Résultat: 0/41 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.09.26 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 -
BitDefender 7.2 2009.09.26 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.26 -
Comodo 2446 2009.09.26 -
DrWeb 5.0.0.12182 2009.09.26 -
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet None 2009.09.25 -
F-Prot 4.5.1.85 2009.09.25 -
F-Secure 8.0.14470.0 2009.09.26 -
Fortinet 3.120.0.0 2009.09.26 -
GData 19 2009.09.26 -
Ikarus T3.1.1.72.0 2009.09.26 -
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.26 -
McAfee 5753 2009.09.26 -
McAfee+Artemis 5753 2009.09.26 -
McAfee-GW-Edition 6.8.5 2009.09.26 -
Microsoft 1.5005 2009.09.23 -
NOD32 4459 2009.09.26 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.26 -
Panda 10.0.2.2 2009.09.26 -
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.26 -
Rising 21.48.52.00 2009.09.26 -
Sophos 4.45.0 2009.09.26 -
Sunbelt 3.2.1858.2 2009.09.26 -
Symantec 1.4.4.12 2009.09.26 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.26 -
Information additionnelle
File size: 167936 bytes
MD5 : f5dd60e12ca7b5ff60eb069367998bfb
SHA1 : 8f3f9aa6930c0de6d1a5c3f84a9e6e79ceaae06d
SHA256: 9ea8086b2069b569f06f0865ed2bf074b3d598016be0984ce3f726d04145­4631
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1600
timedatestamp.....: 0x4AB5A6B6 (Sun Sep 20 05:51:18 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10484 0x11000 5.23 ba45511746a483e9bcdc551b9b142f1e
.data 0x12000 0x3EC 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x13000 0x15A55 0x16000 7.54 94b5f0785e713821693d4eb43e544cd2

( 1 imports )

> msvbvm60.dll: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, __vbaVarZero, __vbaChkstk, __vbaFileClose, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, -, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaUbound, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaFileOpen, -, -, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, -, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, _CIatan, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaI4ErrVar

( 0 exports )

TrID : File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:Q2cBDnSP0nZgMiZTuAhzaGLMjWsOh7wO0skzjvRDEbFU8MiGcgVWZKdxhJ+F:Q2cBLQ0ZQxwDEpUziGcjqJ+
PEiD : -
RDS : NSRL Reference Data Set
-

   
Répondre à collu0608

16

jlpjlp, le 28 sep 2009 à 16:03:04

Non un rapport rsit et non usbfix!

(tu en as mis un dans ton premier message !)

sinon encore des soucis?

   
Répondre à jlpjlp

17

collu0608, le 28 sep 2009 à 18:40:56

Oups pardon voici un rapport rsit, sinon tjs 1pb avast ne me detecte plus le virus x.bat peu apres le demarrage de l'ordi, mais j'ai tjs l'erreur generic host process for win32 services qui apparait 5min meme pas apres le demarrage de l'ordi, qui provoque par la suite une impossibilite a utiliser internet.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-28 18:38:01
Microsoft Windows XP Professional Service Pack 3, v.3264
System drive C: has 49 GB (86%) free of 57 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:06, on 28/09/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZDLM.exe /hide
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Service Google Update (gupdate1c9a0139cd648b0) (gupdate1c9a0139cd648b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
End of file - 10006 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-18 4866048]
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded []
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-03 172032]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-18 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-18 159744]
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-10-17 258048]
"CrossMenu"=C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [2003-10-19 798720]
"TapButt"=C:\Program Files\Toshiba\TapButton\TapButt.exe [2003-10-24 163840]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-24 24576]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2003-10-24 278528]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2003-12-10 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2003-10-07 77824]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-10-16 73728]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2003-12-03 131072]
"TAcelMgr"=C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [2003-10-15 86016]
"TSkrMain"=C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe [2003-10-21 45056]
"TosRotation"=C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2004-01-30 266240]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-22 126976]
"Sensiva"=C:\Symbol Commander\Sensiva.exe [2002-10-01 2052096]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-09-10 49152]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2003-10-20 159744]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2007-12-01 271872]
"PRONoMgr.exe"=c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2007-12-01 16384]
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe [2002-08-20 40960]
"Drag'n Drop CD+DVD"=C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe [2003-08-09 1175552]
"IVPServiceMgr"=C:\toshiba\ivp\ism\ivpsvmgr.exe [2003-10-20 475136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]
"NVIEW"=nview.dll,nViewLoadHook []
"Zinio DLM"=C:\Program Files\Zinio\ZDLM.exe /hide []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2007-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2007-12-01 32256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-27 22:17:37 ----RASHD---- C:\autorun.inf
2009-09-27 22:15:33 ----A---- C:\UsbFix.txt
2009-09-27 21:56:20 ----A---- C:\WINDOWS\system32\repsvc.exe
2009-09-27 21:09:49 ----A---- C:\WINDOWS\system32\man8.exe
2009-09-27 20:49:05 ----D---- C:\UsbFix
2009-09-27 19:48:10 ----A---- C:\WINDOWS\system32\9new.exe
2009-09-27 19:42:36 ----D---- C:\Program Files\trend micro
2009-09-27 19:42:35 ----D---- C:\rsit
2009-09-27 19:16:46 ----A---- C:\WINDOWS\system32\nigzss.txt
2009-09-27 19:14:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-27 19:14:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-27 19:14:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-27 17:07:03 ----A---- C:\WINDOWS\nigzss.txt
2009-09-27 17:06:50 ----RSH---- C:\WINDOWS\9new.exe
2009-09-27 12:15:59 ----A---- C:\AT9Jg05.exe
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-09-26 20:15:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-09-26 20:15:20 ----D---- C:\Program Files\Alwil Software

======List of files/folders modified in the last 1 months======

2009-09-28 18:37:31 ----D---- C:\WINDOWS\Temp
2009-09-28 18:37:14 ----D---- C:\WINDOWS\Prefetch
2009-09-28 18:36:32 ----D---- C:\WINDOWS
2009-09-28 18:36:18 ----SD---- C:\WINDOWS\Tasks
2009-09-28 18:36:16 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-09-28 13:10:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-27 22:17:34 ----SHD---- C:\RECYCLER
2009-09-27 21:56:21 ----D---- C:\WINDOWS\system32
2009-09-27 21:27:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-27 19:42:36 ----RD---- C:\Program Files
2009-09-27 19:14:11 ----D---- C:\WINDOWS\system32\drivers
2009-09-27 18:55:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-27 10:45:47 ----D---- C:\WINDOWS\system32\config
2009-09-26 17:53:31 ----D---- C:\Program Files\Bonjour
2009-09-26 17:52:46 ----D---- C:\WINDOWS\system32\wbem
2009-09-26 17:52:46 ----D---- C:\WINDOWS\Registration
2009-09-26 17:52:09 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2007-12-01 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2007-12-01 14592]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-02-01 90416]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2002-09-26 5760]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2007-12-01 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2008-03-27 14037]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-30 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
R2 tossmbnt;tossmbnt; C:\WINDOWS\system32\drivers\tossmbnt.sys [2002-04-07 19607]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-12-20 1164576]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-12-13 99577]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2007-12-01 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-17 165496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-18 1371740]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-11 578752]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\System32\DRIVERS\TBtnKey.sys [2002-09-13 8832]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-15 25888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2007-12-01 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2007-12-01 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2007-12-01 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\System32\DRIVERS\wacompen.sys [2007-12-01 14208]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-19 30976]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2000-01-06 6912]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 15143]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\Drivers\Tbiosdrv.sys []
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-14 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2006-02-09 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2007-12-01 26368]
S3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-12-05 979840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2003-12-03 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2007-12-01 14336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-18 77824]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2003-10-21 53248]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2003-12-10 126976]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2007-12-01 267776]
S2 gupdate1c9a0139cd648b0;Service Google Update (gupdate1c9a0139cd648b0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

-----------------EOF-----------------

   
Répondre à collu0608

18

jlpjlp, le 28 sep 2009 à 19:36:28

Analyse ces 3 fichiers sur virus total et colle les rapports: http://www.virustotal.com/fr/
C:\WINDOWS\system32\man8.exe
C:\WINDOWS\system32\9new.exe
C:\WINDOWS\system32\nigzss.txt



si tu peux pas tu diras
________________


je mets ceci de coté:

C:\WINDOWS\nigzss.txt
C:\WINDOWS\9new.exe
C:\AT9Jg05.exe

   
Répondre à jlpjlp

19

crapoulou, le 28 sep 2009 à 22:18:33

Bonsoir, doublon !
http://www.infos-du-net.com/forum/289259-11-virus-help

Mettez-vous d'accord ;-). T'as un problème ? Passe sur CCM!
Il n'y a pas de problème sans solution.

   
Répondre à crapoulou
24 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net