BUMP, please
virut reader_s.exe
Hello,
Here is the situation before using SDfix(about 1 moth ago)
1/process reader_s.exe starts running after logging in and a copy of the file reader_s.exe is found in 'c:\documents and settings\user\' and 'c:\windows\system32\' and a file called restore.sys created in 'C:\WINDOWS\system32\drivers\'. these file come back even when kaspersky delete them, when I connect to the Internet
2/Processes called A.tmp, 2.tmp, 3.tmp, 6.tmp, 8.tmp, 9.tmp, VRT4.tmp etc run in random from the 'system32' folder and the 'temp' folder.
3/ 4 Svchost.exe start running just after my connection to the Internet
--------------------------------------------------------------------------------------------------------------------------------------------------
Now after using SDF there is no more reader_s.exe/restore.sys and no more tmp file running
But till now 4 process svchost.exe start running when I connect, they lag the pc because they use much memory.
DDS.txt logs
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrateur at 19:16:26,46 on 08/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1256.216.1036.18.248.64 [GMT 1:00]
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\Administrateur.Admin\Bureau\MF\procexp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur.Admin\Bureau\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = hxxp://uds2k.cjb.net
mStart Page = hxxp://fr.yahoo.com
mWindow Title = TopNet
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {0a87e45f-537a-40b4-b812-e2544c21a09f} - SpywareBlock Class
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: : {fffffef0-5b30-21d4-945d-000000000000} - c:\progra~1\stardo~1\SDIEInt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmesfr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\utilit~1.lnk - c:\program files\sagem wifi manager\WLANUTL.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Outil de d?©monstration Google AdSense
IE: Outil de d?©monstration Google AdSense - http://pagead2.googlesyndication.com/pagea...fr/preview.html
IE: Sothink SWF Catcher - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: Télécharger avec IDM - c:\program files\internet download manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\internet download manager\IEGetAll.htm
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmesfr.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {091CDD73-1401-4643-9B9C-65B091C88685} - hxxp://ccmlove.contents.mylinker.co.kr/module/MyLinker.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://webscanner.kaspersky.fr/kavwebscan_unicode.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} - hxxp://download.howudodat.com/chatterbox/download/appdl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220575106621
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - hxxp://metaboli.clubic.com/components/Metaboli.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192030426703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_09-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1.adm\applic~1\mozilla\firefox\profiles\vgltgntk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Godaddy.com
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr
fficial
FF - component: c:\documents and settings\administrateur.admin\application data\mozilla\firefox\profiles\vgltgntk.default\extensions\[email protected]\components\idmmzcc.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2008-4-14 24786]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-10-27 226832]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2005-12-1 17072]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
S2 gupdate1c98571f4eac016;Google Update Service (gupdate1c98571f4eac016);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S2 Vcs;Vcs support;\??\c:\windows\system32\drivers\vcs.sys --> c:\windows\system32\drivers\Vcs.sys [?]
S3 DIGIRPS;Pilote PortServer Digi;c:\windows\system32\drivers\digirlpt.sys [2007-3-26 42656]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2008-4-14 45534]
S3 Gizmo Plugin;Gizmo VoIP Service;c:\program files\gizmoplugin\GizmoPlugin.exe [2007-7-1 962048]
S3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-11 596328]
S3 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-11 596328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2007-11-3 402432]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-1 603904]
S3 xAntiArp;xAntiArpSpoof Service;c:\windows\system32\drivers\xantiarp.sys --> c:\windows\system32\drivers\xAntiArp.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]
S4 DS;RA Directory Server; [x]
S4 GuiHook;GuiHook; [x]
S4 mchInjDrv;mchInjDrv; [x]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-05-01 14:51 26,624 a------- C:\userinit.exe
2009-04-21 20:28 161,792 a------- c:\windows\SWREG.exe
2009-04-21 20:28 98,816 a------- c:\windows\sed.exe
2009-04-21 19:32 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-04-21 12:58 <DIR> --d----- C:\Regsearch
2009-04-21 12:06 <DIR> --d----- C:\_OTMoveIt
2009-04-20 18:51 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\Malwarebytes
2009-04-20 18:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-20 18:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 18:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-19 08:54 <DIR> --d----- c:\windows\system32\Kaspersky Lab
2009-04-19 06:01 <DIR> --d----- c:\windows\system32\xircom
2009-04-18 21:05 578,048 a------- c:\windows\system32\dllcache\user32.dll
2009-04-18 20:57 <DIR> --d----- c:\windows\ERUNT
2009-04-18 20:50 <DIR> --d----- C:\SDFix
2009-04-18 19:14 <DIR> --d----- c:\program files\Trend Micro
==================== Find3M ====================
2009-05-08 18:52 1,310,752 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-08 18:52 92,596 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-08 18:52 6,608 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-08 18:52 11,579,936 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-17 18:47 470,894 a------- c:\windows\system32\perfh00C.dat
2009-04-17 18:47 76,248 a------- c:\windows\system32\perfc00C.dat
2009-04-08 09:01 2,944 a------- c:\windows\system32\WSSPOOL.TMP
2009-04-07 20:03 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-04-07 20:03 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-07 20:03 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-04-07 17:34 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-07 17:34 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2008-08-04 22:20 3,225 a------- c:\program files\fichiers communs\cfgbak.tgb
2007-08-17 12:31 25,937,136 a------- c:\program files\Valve.rar
============= FINISH: 19:17:50,31 ===============
Here is the situation before using SDfix(about 1 moth ago)
1/process reader_s.exe starts running after logging in and a copy of the file reader_s.exe is found in 'c:\documents and settings\user\' and 'c:\windows\system32\' and a file called restore.sys created in 'C:\WINDOWS\system32\drivers\'. these file come back even when kaspersky delete them, when I connect to the Internet
2/Processes called A.tmp, 2.tmp, 3.tmp, 6.tmp, 8.tmp, 9.tmp, VRT4.tmp etc run in random from the 'system32' folder and the 'temp' folder.
3/ 4 Svchost.exe start running just after my connection to the Internet
--------------------------------------------------------------------------------------------------------------------------------------------------
Now after using SDF there is no more reader_s.exe/restore.sys and no more tmp file running
But till now 4 process svchost.exe start running when I connect, they lag the pc because they use much memory.
DDS.txt logs
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrateur at 19:16:26,46 on 08/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1256.216.1036.18.248.64 [GMT 1:00]
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\Administrateur.Admin\Bureau\MF\procexp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur.Admin\Bureau\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = hxxp://uds2k.cjb.net
mStart Page = hxxp://fr.yahoo.com
mWindow Title = TopNet
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {0a87e45f-537a-40b4-b812-e2544c21a09f} - SpywareBlock Class
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: : {a6984c00-c6eb-11d4-b4a4-080000180323} - c:\progra~1\rapidown\rapi310.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: : {fffffef0-5b30-21d4-945d-000000000000} - c:\progra~1\stardo~1\SDIEInt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmesfr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\utilit~1.lnk - c:\program files\sagem wifi manager\WLANUTL.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm
IE: Download all by Rapidown... - c:\program files\rapidown\rapidownGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download by Rapidown... - c:\program files\rapidown\rapidownGet.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Outil de d?©monstration Google AdSense
IE: Outil de d?©monstration Google AdSense - http://pagead2.googlesyndication.com/pagea...fr/preview.html
IE: Sothink SWF Catcher - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: Télécharger avec IDM - c:\program files\internet download manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\internet download manager\IEGetAll.htm
IE: {57E91B47-F40A-11D1-B792-444553540011} - c:\program files\rapidown\rapidown.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmesfr.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {091CDD73-1401-4643-9B9C-65B091C88685} - hxxp://ccmlove.contents.mylinker.co.kr/module/MyLinker.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://webscanner.kaspersky.fr/kavwebscan_unicode.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} - hxxp://download.howudodat.com/chatterbox/download/appdl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220575106621
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - hxxp://metaboli.clubic.com/components/Metaboli.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192030426703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_09-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1.adm\applic~1\mozilla\firefox\profiles\vgltgntk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Godaddy.com
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr
fficialFF - component: c:\documents and settings\administrateur.admin\application data\mozilla\firefox\profiles\vgltgntk.default\extensions\[email protected]\components\idmmzcc.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2008-4-14 24786]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-10-27 226832]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2005-12-1 17072]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
S2 gupdate1c98571f4eac016;Google Update Service (gupdate1c98571f4eac016);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S2 Vcs;Vcs support;\??\c:\windows\system32\drivers\vcs.sys --> c:\windows\system32\drivers\Vcs.sys [?]
S3 DIGIRPS;Pilote PortServer Digi;c:\windows\system32\drivers\digirlpt.sys [2007-3-26 42656]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2008-4-14 45534]
S3 Gizmo Plugin;Gizmo VoIP Service;c:\program files\gizmoplugin\GizmoPlugin.exe [2007-7-1 962048]
S3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-11 596328]
S3 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-11 596328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2007-11-3 402432]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-1 603904]
S3 xAntiArp;xAntiArpSpoof Service;c:\windows\system32\drivers\xantiarp.sys --> c:\windows\system32\drivers\xAntiArp.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]
S4 DS;RA Directory Server; [x]
S4 GuiHook;GuiHook; [x]
S4 mchInjDrv;mchInjDrv; [x]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-05-01 14:51 26,624 a------- C:\userinit.exe
2009-04-21 20:28 161,792 a------- c:\windows\SWREG.exe
2009-04-21 20:28 98,816 a------- c:\windows\sed.exe
2009-04-21 19:32 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-04-21 12:58 <DIR> --d----- C:\Regsearch
2009-04-21 12:06 <DIR> --d----- C:\_OTMoveIt
2009-04-20 18:51 <DIR> --d----- c:\docume~1\admini~1.adm\applic~1\Malwarebytes
2009-04-20 18:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-20 18:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 18:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-19 08:54 <DIR> --d----- c:\windows\system32\Kaspersky Lab
2009-04-19 06:01 <DIR> --d----- c:\windows\system32\xircom
2009-04-18 21:05 578,048 a------- c:\windows\system32\dllcache\user32.dll
2009-04-18 20:57 <DIR> --d----- c:\windows\ERUNT
2009-04-18 20:50 <DIR> --d----- C:\SDFix
2009-04-18 19:14 <DIR> --d----- c:\program files\Trend Micro
==================== Find3M ====================
2009-05-08 18:52 1,310,752 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-08 18:52 92,596 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-08 18:52 6,608 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-08 18:52 11,579,936 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-17 18:47 470,894 a------- c:\windows\system32\perfh00C.dat
2009-04-17 18:47 76,248 a------- c:\windows\system32\perfc00C.dat
2009-04-08 09:01 2,944 a------- c:\windows\system32\WSSPOOL.TMP
2009-04-07 20:03 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-04-07 20:03 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-07 20:03 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-04-07 17:34 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-07 17:34 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2008-08-04 22:20 3,225 a------- c:\program files\fichiers communs\cfgbak.tgb
2007-08-17 12:31 25,937,136 a------- c:\program files\Valve.rar
============= FINISH: 19:17:50,31 ===============
