Reply to thread

Message

<blockquote data-quote="sushi-33" data-source="post: 48046" data-attributes="member: 1380">Thank you for your help ! I&#039;ve run ComboFix, you can see the log below. It is still impossible to do a system restore and Panda Internet Security can go further in the analysis but is still blocked at some point (when analysing c:\cmdcons\kdcom.dl).ComboFix 12-04-07.03 - ssesion 08/04/2012&nbsp;&nbsp; 9:39.1.2 - x86Microsoft Windows XP Professionnel&nbsp; 5.1.2600.3.1252.33.1036.18.2046.1100 [GMT 2:00]Lancé depuis: c:\documents and settings\ssesion\Bureau\ComboFix.exeAV: Panda Internet Security 2012 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}..((((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Autres suppressions&nbsp;&nbsp; ))))))))))))))))))))))))))))))))))))))))))))))))..C:\datac:\data\gastro4_DESCR.logc:\data\IVE.dtac:\documents and settings\Administrateur\WINDOWSc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Default User\WINDOWSc:\documents and settings\ssesion\WINDOWSc:\windows\jestertb.dllc:\windows\system32\config\systemprofile\WINDOWS..(((((((((((((((((((((((((((((&nbsp;&nbsp; Fichiers créés du 2012-03-08 au 2012-04-08&nbsp; ))))))))))))))))))))))))))))))))))))..2012-04-07 12:19 . 2012-04-07 12:19&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\Fichiers communs\Java2012-04-07 12:19 . 2012-04-07 12:18&nbsp; &nbsp; 73728&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\javacpl.cpl2012-04-07 10:40 . 2012-04-07 10:40&nbsp; &nbsp; 26400&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\hitmanpro36.sys2012-04-07 10:10 . 2012-04-07 10:35&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users\Application Data\HitmanPro2012-04-07 10:00 . 2012-04-07 10:00&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\ssesion\Local Settings\Application Data\Threat Expert2012-04-06 20:04 . 2012-04-07 18:40&nbsp; &nbsp; 13880&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\COMFiltr.sys2012-04-06 18:40 . 2012-04-06 18:40&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrateur\Local Settings\Application Data\Help2012-04-06 18:40 . 2012-04-06 18:40&nbsp; &nbsp; --------&nbsp; &nbsp; d-s---w-&nbsp; &nbsp; c:\documents and settings\Administrateur\UserData2012-04-06 18:32 . 2012-04-06 18:32&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrateur\Application Data\Malwarebytes2012-04-06 18:31 . 2012-04-06 18:31&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrateur\Local Settings\Application Data\Panda Security2012-04-06 18:23 . 2011-09-28 11:14&nbsp; &nbsp; 56840&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\PCTBD.sys2012-04-06 18:23 . 2012-02-17 13:08&nbsp; &nbsp; 149456&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SGDetectionTool.dll2012-04-06 18:23 . 2012-02-17 13:08&nbsp; &nbsp; 2250704&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\PCTBDCore.dll2012-04-06 18:23 . 2012-02-17 13:08&nbsp; &nbsp; 1681360&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\PCTBDRes.dll2012-04-06 18:23 . 2012-02-17 13:08&nbsp; &nbsp; 767952&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\BDTSupport.dll2012-04-06 18:21 . 2012-04-06 18:21&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\PC Tools2012-04-06 18:14 . 2012-04-07 08:48&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\Fichiers communs\PC Tools2012-04-06 18:14 . 2012-02-24 08:36&nbsp; &nbsp; 185560&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\PCTSD.sys2012-04-06 18:13 . 2012-04-06 21:07&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users\Application Data\PC Tools2012-04-06 18:13 . 2012-04-06 18:13&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrateur\Application Data\TestApp2012-04-05 19:39 . 2012-04-05 19:39&nbsp; &nbsp; 70304&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\FlashPlayerCPLApp.cpl2012-04-05 19:39 . 2012-04-05 19:39&nbsp; &nbsp; 418464&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\FlashPlayerApp.exe2012-04-01 16:23 . 2012-04-01 17:14&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; C:\Pre_Scan2012-04-01 16:06 . 2012-04-01 16:08&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; C:\ZHP2012-04-01 16:06 . 2012-04-01 16:08&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\ZHPDiag2012-04-01 15:06 . 2012-04-01 15:06&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\windows\system32\GroupPolicy2012-04-01 09:33 . 2012-04-01 09:33&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\ssesion\Application Data\Malwarebytes2012-04-01 09:33 . 2012-04-01 09:33&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users\Application Data\Malwarebytes2012-04-01 09:33 . 2012-04-01 09:33&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\Malwarebytes&#039; Anti-Malware2012-04-01 09:33 . 2011-12-10 13:24&nbsp; &nbsp; 20464&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\mbam.sys2012-03-30 15:53 . 2012-03-30 15:53&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\iPod2012-03-27 18:48 . 2012-03-27 18:48&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\Paint.NET2012-03-27 18:48 . 2012-03-27 19:03&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\ssesion\Local Settings\Application Data\Paint.NET2012-03-27 18:41 . 2012-04-01 09:23&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users\Application Data\SweetIM2012-03-27 18:41 . 2012-03-27 18:42&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\SweetIM...((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Compte-rendu de Find3M&nbsp;&nbsp; )))))))))))))))))))))))))))))))))))))))))))))))).2012-04-07 12:18 . 2011-12-17 20:50&nbsp; &nbsp; 472808&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\deployJava1.dll2012-02-15 09:01 . 2010-12-04 15:11&nbsp; &nbsp; 4547944&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\usbaaplrc.dll2012-02-15 09:01 . 2010-12-04 15:11&nbsp; &nbsp; 43520&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\usbaapl.sys2012-02-03 09:58 . 2006-09-15 12:24&nbsp; &nbsp; 1860224&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\win32k.sys2012-01-19 07:23 . 2012-02-12 16:55&nbsp; &nbsp; 339320&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\HMIPCore.dll2012-01-09 16:20 . 2006-09-15 12:35&nbsp; &nbsp; 139784&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\rdpwd.sys2012-03-13 04:38 . 2012-04-07 12:09&nbsp; &nbsp; 97208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\mozilla firefox\components\browsercomps.dll..(((((((((((((((((((((((((((((((((&nbsp;&nbsp; Points de chargement Reg&nbsp;&nbsp; ))))))))))))))))))))))))))))))))))))))))))))))))..*Note* les éléments vides &amp; les éléments initiaux légitimes ne sont pas listés REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@=&quot;{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}&quot;[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02&nbsp; &nbsp; 94208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@=&quot;{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}&quot;[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02&nbsp; &nbsp; 94208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@=&quot;{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}&quot;[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02&nbsp; &nbsp; 94208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@=&quot;{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}&quot;[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02&nbsp; &nbsp; 94208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]&quot;NvCplDaemon&quot;=&quot;c:\windows\system32\NvCpl.dll&quot; [2006-05-01 7557120]&quot;NVRotateSysTray&quot;=&quot;c:\windows\system32\nvsysrot.dll&quot; [2006-05-01 49152]&quot;SynTPEnh&quot;=&quot;c:\program files\Synaptics\SynTP\SynTPEnh.exe&quot; [2006-03-02 761948]&quot;LtMoh&quot;=&quot;c:\program files\ltmoh\Ltmoh.exe&quot; [2004-08-18 184320]&quot;IntelZeroConfig&quot;=&quot;c:\program files\Intel\Wireless\bin\ZCfgSvc.exe&quot; [2006-08-02 802816]&quot;IntelWireless&quot;=&quot;c:\program files\Intel\Wireless\Bin\ifrmewrk.exe&quot; [2006-08-02 696320]&quot;LVCOMSX&quot;=&quot;c:\windows\system32\LVCOMSX.EXE&quot; [2004-05-21 221184]&quot;APSDaemon&quot;=&quot;c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe&quot; [2012-02-20 59240]&quot;QuickTime Task&quot;=&quot;c:\program files\QuickTime\QTTask.exe&quot; [2011-10-24 421888]&quot;APVXDWIN&quot;=&quot;c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE&quot; [2011-04-13 1000768]&quot;SCANINICIO&quot;=&quot;c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe&quot; [2011-02-02 70464]&quot;iTunesHelper&quot;=&quot;c:\program files\iTunes\iTunesHelper.exe&quot; [2012-03-27 421736]&quot;SunJavaUpdateSched&quot;=&quot;c:\program files\Fichiers communs\Java\Java Update\jusched.exe&quot; [2012-01-18 254696].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]&quot;CTFMON.EXE&quot;=&quot;c:\windows\system32\CTFMON.EXE&quot; [2008-04-13 15360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]&quot;PromptOnSecureDesktop&quot;= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]&quot;{56F9679E-7826-4C84-81F3-532071A8BCC5}&quot;= &quot;c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll&quot; [2006-03-13 233472].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]2010-03-24 11:55&nbsp; &nbsp; 55552&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\avldr.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]@=&quot;Service&quot;.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@=&quot;Driver&quot;.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]2005-09-09 01:18&nbsp; &nbsp; 57344&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]2005-12-13 14:50&nbsp; &nbsp; 88204&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\agrsmmsg.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-04 16:43&nbsp; &nbsp; 69632&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-08-05 11:34&nbsp; &nbsp; 64512&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-03-27 03:09&nbsp; &nbsp; 421736&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]2004-06-01 10:46&nbsp; &nbsp; 196608&nbsp; &nbsp; ------w-&nbsp; &nbsp; c:\program files\Logitech\Video\ManifestEngine.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]2004-06-01 11:09&nbsp; &nbsp; 458752&nbsp; &nbsp; ------w-&nbsp; &nbsp; c:\program files\Logitech\Video\ISStart.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]2004-06-01 11:03&nbsp; &nbsp; 217088&nbsp; &nbsp; ------w-&nbsp; &nbsp; c:\program files\Logitech\Video\LogiTray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-13 19:34&nbsp; &nbsp; 1695232&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]2006-05-01 20:04&nbsp; &nbsp; 1519616&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nwiz.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2011-10-24 13:28&nbsp; &nbsp; 421888&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-05-05 13:59&nbsp; &nbsp; 16206848&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]2006-08-25 11:47&nbsp; &nbsp; 356352&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Toshiba\TOSHIBA Applet\THotkey.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]2005-04-11 14:08&nbsp; &nbsp; 65536&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]2005-08-03 14:09&nbsp; &nbsp; 266240&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\TPSMain.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]2006-02-02 11:11&nbsp; &nbsp; 73728&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Toshiba\Tvs\TvsTray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]&quot;DisableMonitoring&quot;=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]&quot;EnableFirewall&quot;= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]&quot;%windir%\\system32\\sessmgr.exe&quot;=&quot;c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE&quot;=&quot;c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe&quot;=&quot;c:\\Program Files\\BitLord\\BitLord.exe&quot;=&quot;c:\\Program Files\\Messenger\\msmsgs.exe&quot;=&quot;%windir%\\Network Diagnostic\\xpnetdiag.exe&quot;=&quot;c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache.exe&quot;=&quot;c:\\Program Files\\Bonjour\\mDNSResponder.exe&quot;=&quot;c:\\Documents and Settings\\ssesion\\Application Data\\Dropbox\\bin\\Dropbox.exe&quot;=&quot;c:\\Program Files\\Skype\\Phone\\Skype.exe&quot;=&quot;c:\\WINDOWS\\system32\\msiexec.exe&quot;=&quot;c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe&quot;=&quot;c:\\Program Files\\iTunes\\iTunes.exe&quot;=.R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [21/02/2012 11:57 26696]R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [21/02/2012 11:57 83528]R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [21/02/2012 11:58 53256]R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [21/02/2012 11:57 22024]R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [21/02/2012 11:58 193864]R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [21/02/2012 11:57 159112]R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [21/02/2012 11:56 37448]R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [21/02/2012 11:58 46856]R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [21/02/2012 11:56 59080]R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [06/04/2012 20:23 550864]R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [21/02/2012 11:56 163848]R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [21/02/2012 11:57 28992]R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --&gt; c:\windows\system32\drivers\av5flt.sys [?]R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [06/04/2012 22:04 13880]R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [12/02/2012 18:55 3337216]R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [21/02/2012 11:56 201032]R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --&gt; c:\windows\system32\PavSRK.sys [?]R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --&gt; c:\windows\system32\PavTPK.sys [?]R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [22/09/2006 13:56 7040]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 21:39 253600]S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [07/04/2012 12:40 26400]S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [14/02/2011 21:44 13824]S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [14/02/2011 21:44 17408]S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [06/04/2012 20:23 56840]S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [06/12/2009 22:46 163328]S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --&gt; c:\windows\system32\drivers\RkPavproc1.sys [?]S3 RMWPService;RMWPService;c:\program files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [28/01/2004 17:25 20537].Contenu du dossier &#039;Tâches planifiées&#039;.2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:39].2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57].2012-04-07 c:\windows\Tasks\PandaUSBVaccine.job- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2012-02-21 16:09]..------- Examen supplémentaire -------.uStart Page = about:blankmStart Page = about:blankuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBRIE: Add to Google Photos Screensa&amp;ver - c:\windows\system32\GPhotos.scr/200IE: E&amp;xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.htmlLSP: c:\windows\system32\HMIPCore.dllTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\ssesion\Application Data\Mozilla\Firefox\Profiles\n5l7aomg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig|http://du110w.dub110.mail.live.com/default.aspx#fid=1&amp;n=357179671FF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.type - 0.- - - - ORPHELINS SUPPRIMES - - - -.WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeMSConfigStartUp-NDSTray - NDSTray.exeMSConfigStartUp-SmoothView - c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exeMSConfigStartUp-Symantec PIF AlertEng - c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeMSConfigStartUp-TFncKy - TFncKy.exeMSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-04-08 09:47Windows 5.1.2600 Service Pack 3 NTFS.Recherche de processus cachés ... .Recherche d&#039;éléments en démarrage automatique cachés ... .Recherche de fichiers cachés ... .Scan terminé avec succèsFichiers cachés: 0.**************************************************************************.--------------------- DLLs chargées dans les processus actifs ---------------------.- - - - - - - &gt; &#039;winlogon.exe&#039;(1484)c:\windows\system32\Ati2evxx.dllc:\windows\system32\avldr.dll.- - - - - - - &gt; &#039;lsass.exe&#039;(1544)c:\windows\system32\HMIPCore.dll.Heure de fin: 2012-04-08&nbsp; 09:54:55ComboFix-quarantined-files.txt&nbsp; 2012-04-08 07:54.Avant-CF: 36,050,264,064 octets libresAprès-CF: 36,285,865,984 octets libres.WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT=&quot;Microsoft Windows Recovery Console&quot; /cmdconsUnsupportedDebug=&quot;do not select this&quot; /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS=&quot;Windows XP Media Center Edition&quot; /noexecute=optin /fastdetect.- - End Of File - - 9EDF61F8666814C7B6FED3B039898928</blockquote>

[QUOTE="sushi-33, post: 48046, member: 1380"] Thank you for your help ! I've run ComboFix, you can see the log below. It is still impossible to do a system restore and Panda Internet Security can go further in the analysis but is still blocked at some point (when analysing c:\cmdcons\kdcom.dl). ComboFix 12-04-07.03 - ssesion 08/04/2012 9:39.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1100 [GMT 2:00] Lancé depuis: c:\documents and settings\ssesion\Bureau\ComboFix.exe AV: Panda Internet Security 2012 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\gastro4_DESCR.log c:\data\IVE.dta c:\documents and settings\Administrateur\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Default User\WINDOWS c:\documents and settings\ssesion\WINDOWS c:\windows\jestertb.dll c:\windows\system32\config\systemprofile\WINDOWS . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-03-08 au 2012-04-08 )))))))))))))))))))))))))))))))))))) . . 2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\program files\Fichiers communs\Java 2012-04-07 12:19 . 2012-04-07 12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-07 10:40 . 2012-04-07 10:40 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-04-07 10:10 . 2012-04-07 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-04-07 10:00 . 2012-04-07 10:00 -------- d-----w- c:\documents and settings\ssesion\Local Settings\Application Data\Threat Expert 2012-04-06 20:04 . 2012-04-07 18:40 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2012-04-06 18:40 . 2012-04-06 18:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Help 2012-04-06 18:40 . 2012-04-06 18:40 -------- d-s---w- c:\documents and settings\Administrateur\UserData 2012-04-06 18:32 . 2012-04-06 18:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2012-04-06 18:31 . 2012-04-06 18:31 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Panda Security 2012-04-06 18:23 . 2011-09-28 11:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-04-06 18:23 . 2012-02-17 13:08 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-04-06 18:23 . 2012-02-17 13:08 2250704 ----a-w- c:\windows\PCTBDCore.dll 2012-04-06 18:23 . 2012-02-17 13:08 1681360 ----a-w- c:\windows\PCTBDRes.dll 2012-04-06 18:23 . 2012-02-17 13:08 767952 ----a-w- c:\windows\BDTSupport.dll 2012-04-06 18:21 . 2012-04-06 18:21 -------- d-----w- c:\program files\PC Tools 2012-04-06 18:14 . 2012-04-07 08:48 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2012-04-06 18:14 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-04-06 18:13 . 2012-04-06 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-04-06 18:13 . 2012-04-06 18:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TestApp 2012-04-05 19:39 . 2012-04-05 19:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-05 19:39 . 2012-04-05 19:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-01 16:23 . 2012-04-01 17:14 -------- d-----w- C:\Pre_Scan 2012-04-01 16:06 . 2012-04-01 16:08 -------- d-----w- C:\ZHP 2012-04-01 16:06 . 2012-04-01 16:08 -------- d-----w- c:\program files\ZHPDiag 2012-04-01 15:06 . 2012-04-01 15:06 -------- d-----w- c:\windows\system32\GroupPolicy 2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\documents and settings\ssesion\Application Data\Malwarebytes 2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-01 09:33 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 15:53 . 2012-03-30 15:53 -------- d-----w- c:\program files\iPod 2012-03-27 18:48 . 2012-03-27 18:48 -------- d-----w- c:\program files\Paint.NET 2012-03-27 18:48 . 2012-03-27 19:03 -------- d-----w- c:\documents and settings\ssesion\Local Settings\Application Data\Paint.NET 2012-03-27 18:41 . 2012-04-01 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM 2012-03-27 18:41 . 2012-03-27 18:42 -------- d-----w- c:\program files\SweetIM . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-07 12:18 . 2011-12-17 20:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-15 09:01 . 2010-12-04 15:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 09:01 . 2010-12-04 15:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-03 09:58 . 2006-09-15 12:24 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-19 07:23 . 2012-02-12 16:55 339320 ----a-w- c:\windows\system32\HMIPCore.dll 2012-01-09 16:20 . 2006-09-15 12:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 04:38 . 2012-04-07 12:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120] "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184] "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 11:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-09 01:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2005-12-13 14:50 88204 ----a-w- c:\windows\agrsmmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 16:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 11:34 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2004-06-01 10:46 196608 ------w- c:\program files\Logitech\Video\ManifestEngine.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2004-06-01 11:09 458752 ------w- c:\program files\Logitech\Video\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2004-06-01 11:03 217088 ------w- c:\program files\Logitech\Video\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 19:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-05-01 20:04 1519616 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-05-05 13:59 16206848 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] 2006-08-25 11:47 356352 ----a-w- c:\program files\Toshiba\TOSHIBA Applet\THotkey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] 2005-04-11 14:08 65536 ----a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] 2005-08-03 14:09 266240 ----a-w- c:\windows\system32\TPSMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2006-02-02 11:11 73728 ----a-w- c:\program files\Toshiba\Tvs\TvsTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\ssesion\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [21/02/2012 11:57 26696] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [21/02/2012 11:57 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [21/02/2012 11:58 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [21/02/2012 11:57 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [21/02/2012 11:58 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [21/02/2012 11:57 159112] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [21/02/2012 11:56 37448] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [21/02/2012 11:58 46856] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [21/02/2012 11:56 59080] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [06/04/2012 20:23 550864] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [21/02/2012 11:56 163848] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [21/02/2012 11:57 28992] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [06/04/2012 22:04 13880] R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [12/02/2012 18:55 3337216] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [21/02/2012 11:56 201032] R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [22/09/2006 13:56 7040] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 21:39 253600] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [07/04/2012 12:40 26400] S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [14/02/2011 21:44 13824] S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [14/02/2011 21:44 17408] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [06/04/2012 20:23 56840] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [06/12/2009 22:46 163328] S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?] S3 RMWPService;RMWPService;c:\program files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [28/01/2004 17:25 20537] . Contenu du dossier 'Tâches planifiées' . 2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:39] . 2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57] . 2012-04-07 c:\windows\Tasks\PandaUSBVaccine.job - c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2012-02-21 16:09] . . ------- Examen supplémentaire ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html LSP: c:\windows\system32\HMIPCore.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\ssesion\Application Data\Mozilla\Firefox\Profiles\n5l7aomg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig|http://du110w.dub110.mail.live.com/default.aspx#fid=1&n=357179671 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHELINS SUPPRIMES - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe MSConfigStartUp-NDSTray - NDSTray.exe MSConfigStartUp-SmoothView - c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe MSConfigStartUp-TFncKy - TFncKy.exe MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-08 09:47 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(1484) c:\windows\system32\Ati2evxx.dll c:\windows\system32\avldr.dll . - - - - - - - > 'lsass.exe'(1544) c:\windows\system32\HMIPCore.dll . Heure de fin: 2012-04-08 09:54:55 ComboFix-quarantined-files.txt 2012-04-08 07:54 . Avant-CF: 36,050,264,064 octets libres Après-CF: 36,285,865,984 octets libres . WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 9EDF61F8666814C7B6FED3B039898928 [/QUOTE]

Verification