sniperzep

Membres

Afficher le profil Afficher son activité

Compteur de contenus
14
Inscription
le 21 octobre 2008
Dernière visite
le 7 novembre 2008

Autres informations

Mes langues
francais anglais

sniperzep's Achievements

Junior Member (3/12)

Réputation sur la communauté

[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

OK, merci, Le Pc fonctionne tout a fait normalement, RAS !! Merci encore pour ton aide, grâce à toi le formatage a été évité ! Merci
- le 6 novembre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut Thanos, Désolé du retard mais j'ai pas beaucoup de temps en ce moment ! Je n'ai pas gardé le rapport Kaspersky mais il ne détectait aucune infection. Voici le log de RSIT : Logfile of random's system information tool 1.04 (written by random/random) Run by Thomas at 2008-11-06 19:01:15 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 40 GB (57%) free of 71 GB Total RAM: 2047 MB (47% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Thomas.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] G DATA WebFilter - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll [2008-02-21 656968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-03 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-03 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-03 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll [2008-02-21 656968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-16 8491008] "nwiz"=nwiz.exe /install [] "SysMetrix"=C:\Program Files\SysMetrix\SysMetrix.exe [2005-05-20 2613248] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-30 2595616] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-30 909208] "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-10-30 140568] "Profiler"=C:\Program Files\Saitek\Software\ProfilerU.exe [2006-08-09 184320] "SaiMfd"=C:\Program Files\Saitek\Software\SaiMfd.exe [2006-08-21 126976] "SBCSTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe [2007-11-28 698864] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-08 1036288] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2007-09-16 81920] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-05-29 520192] "EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-05-24 28672] "Tweak UI"=C:\WINDOWS\system32\TWEAKUI.CPL [2001-03-18 110640] "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392] "RivaTuner"=C:\Program Files\RivaTuner v2.02\RivaTuner.exe [2007-07-01 2596864] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-06-16 81920] "Classic TV Pro Remote"=C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Remote.exe [2006-04-04 241664] "Schedule"=C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Schedule.exe [2006-06-22 98304] "ATITool"=C:\Program Files\ATITool\ATITool.exe [2006-12-08 3035136] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312] "USB Antivirus"=C:\Program Files\USB Disk Security\USBGuard.exe [2008-09-23 798720] "USBFW"=C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe [2008-09-01 1330688] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504] "AVKTray"=C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe [2008-02-21 607816] "OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2008-04-23 1098568] "OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2008-04-22 419144] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-03 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2008-04-22 154880] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "Fraps"=C:\PROGRAM FILES\FRAPS\FRAPS.EXE [2006-12-19 2842624] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] "Core Temp"=C:\Program Files\CoreTemp\Core Temp.exe [2008-05-18 256528] "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-06-06 114688] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-18 4608] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2008-01-28 1413120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [2008-01-28 1352704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2007-10-01 1126400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-07-12 380928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-11-30 881152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe [2006-11-01 2154496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner] C:\Program Files\ASUS\AI Direct Link\AsCmd.exe [2007-04-11 376832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link] C:\Program Files\ASUS\AI Direct Link\AsShare.exe [2007-08-20 1209856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II] C:\Program Files\ASUS\PC Probe II\Probe2.exe [2008-02-14 2135552] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage NxSensor.exe.lnk - C:\Program Files\NXsensor\NxSensor.exe SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSharedDocuments"=1 "ForceClassicControlPanel"=1 "NoUserNameInStartMenu"=1 "MaxRecentDocs"=9 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "NoDrives"=0 "NoDriveTypeAutoRun"=159 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Program Files\NXsensor\NxSensor.exe"="C:\Program Files\NXsensor\NxSensor.exe:*:Enabled:NxSensor" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" ======List of files/folders created in the last 1 months====== 2008-11-06 18:40:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-06 18:39:28 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-04 02:01:37 ----D---- C:\WINDOWS\BDOSCAN8 2008-11-03 14:00:19 ----D---- C:\WINDOWS\Sun 2008-11-03 13:59:09 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-03 13:59:09 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-03 13:59:09 ----A---- C:\WINDOWS\system32\java.exe 2008-11-03 13:59:09 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-03 13:58:52 ----D---- C:\Program Files\Java 2008-11-03 13:56:30 ----D---- C:\Documents and Settings\Thomas\Application Data\Sun 2008-11-03 12:53:06 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-31 02:46:45 ----D---- C:\Program Files\trend micro 2008-10-31 02:46:38 ----D---- C:\rsit 2008-10-31 02:43:48 ----D---- C:\Sniperzep 2008-10-30 23:27:58 ----D---- C:\Program Files\Panda Security 2008-10-30 19:50:28 ----HD---- C:\AUTORUN.INF 2008-10-30 17:13:36 ----D---- C:\WINDOWS\system32\Filt 2008-10-30 17:13:36 ----D---- C:\Program Files\Agnitum 2008-10-30 17:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum 2008-10-30 15:16:50 ----D---- C:\Program Files\G DATA InternetSecurity 2008-10-30 13:53:45 ----D---- C:\Documents and Settings\Thomas\Application Data\Malwarebytes 2008-10-30 13:53:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-30 13:53:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-29 17:43:02 ----SHD---- C:\RECYCLER 2008-10-29 17:09:16 ----D---- C:\Program Files\Pocket Informant 2008-10-29 15:12:46 ----A---- C:\ComboFix.txt 2008-10-29 12:56:11 ----D---- C:\Bagle 2008-10-29 01:21:23 ----D---- C:\Documents and Settings\Thomas\Application Data\InstallShield 2008-10-28 21:44:30 ----D---- C:\Documents and Settings\Thomas\Application Data\Grisoft 2008-10-23 21:37:29 ----D---- C:\Program Files\Net Studio 2008-10-23 21:35:41 ----D---- C:\Program Files\USB Disk Security 2008-10-23 21:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-23 21:30:31 ----D---- C:\Program Files\Grisoft 2008-10-23 01:22:01 ----D---- C:\WINDOWS\ERDNT 2008-10-21 14:55:34 ----D---- C:\Program Files\Microsoft Device Emulator 2008-10-21 14:55:19 ----D---- C:\Program Files\Windows Mobile 6 SDK 2008-10-18 12:14:31 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2008-10-15 17:03:21 ----D---- C:\Program Files\Jeyo 2008-10-15 17:03:21 ----D---- C:\Documents and Settings\Thomas\Application Data\Jeyo 2008-10-15 15:58:29 ----D---- C:\Program Files\Spb Backup ======List of files/folders modified in the last 1 months====== 2008-11-06 19:01:12 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-06 18:58:59 ----D---- C:\WINDOWS\Temp 2008-11-06 18:47:24 ----D---- C:\Program Files\SysMetrix 2008-11-06 18:45:26 ----HD---- C:\WINDOWS\system32\drivers 2008-11-06 18:44:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-06 18:44:58 ----D---- C:\Program Files\SpeedFan 2008-11-06 18:44:48 ----D---- C:\WINDOWS\Minidump 2008-11-06 18:44:48 ----D---- C:\WINDOWS 2008-11-06 18:38:38 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-06 18:36:40 ----D---- C:\WINDOWS\system32\LogFiles 2008-11-06 17:36:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2008-11-06 02:32:13 ----D---- C:\Program Files\Mozilla Firefox 2008-11-05 18:08:44 ----A---- C:\WINDOWS\iTouch.ini 2008-11-04 17:23:01 ----SHD---- C:\System Volume Information 2008-11-04 17:23:01 ----D---- C:\WINDOWS\system32\Restore 2008-11-04 03:42:32 ----A---- C:\WINDOWS\avisplitter.INI 2008-11-04 02:30:39 ----D---- C:\WINDOWS\system32 2008-11-04 02:01:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-04 02:01:37 ----HD---- C:\WINDOWS\inf 2008-11-03 15:54:55 ----D---- C:\Program Files\SuperCopier2 2008-11-03 13:59:29 ----SHD---- C:\WINDOWS\Installer 2008-11-03 13:58:52 ----RD---- C:\Program Files 2008-11-03 12:50:20 ----D---- C:\WINDOWS\system32\oodag 2008-10-30 17:14:54 ----D---- C:\WINDOWS\system32\config 2008-10-30 15:17:23 ----D---- C:\Program Files\Fichiers communs\G DATA 2008-10-30 15:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2008-10-30 15:16:48 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-30 14:56:57 ----SD---- C:\WINDOWS\Tasks 2008-10-29 15:11:33 ----A---- C:\WINDOWS\system.ini 2008-10-29 15:10:11 ----D---- C:\WINDOWS\AppPatch 2008-10-29 15:10:11 ----D---- C:\Program Files\Fichiers communs 2008-10-28 21:39:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-27 20:34:44 ----RD---- C:\Unzipped 2008-10-23 01:44:13 ----D---- C:\WINDOWS\repair 2008-10-21 14:56:16 ----SD---- C:\Documents and Settings\Thomas\Application Data\Microsoft 2008-10-21 14:56:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-20 20:08:47 ----A---- C:\WINDOWS\system32\program.txt 2008-10-20 19:04:59 ----A---- C:\WINDOWS\win.ini 2008-10-17 23:27:00 ----D---- C:\WINDOWS\Debug 2008-10-17 23:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-17 23:23:26 ----D---- C:\Program Files\Internet Explorer 2008-10-17 23:23:20 ----D---- C:\WINDOWS\ie7updates 2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-15 17:03:22 ----D---- C:\Program Files\Microsoft Office 2008-10-15 15:58:50 ----D---- C:\Program Files\Microsoft ActiveSync 2008-10-15 01:45:21 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2008-10-14 23:36:36 ----D---- C:\WINDOWS\Prefetch 2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136] R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064] R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-03-12 449184] R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2006-06-14 257152] R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [] R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys [] R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-06-27 44384] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-09 313856] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424] R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-27 206352] R3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\Thomas\LOCALS~1\Temp\ALSysIO.sys [] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432] R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys [] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2002-05-23 10432] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-07-26 10368] R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys [2002-05-21 23270] R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys [2002-05-21 5846] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys [2002-05-21 68886] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-16 6853088] R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys [] R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.02\RivaTuner32.sys [] R3 SaiH0004;SaiH0004; C:\WINDOWS\system32\DRIVERS\SaiH0004.sys [2006-09-14 182528] R3 SaiL0004;SaiL0004; C:\WINDOWS\system32\DRIVERS\SaiL0004.sys [2006-09-14 15104] R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2006-09-14 13824] R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2006-09-14 35328] R3 SaiU0004;SaiU0004; C:\WINDOWS\system32\DRIVERS\SaiU0004.sys [2006-09-14 27392] R3 SBAPIFS;SBAPIFS; \??\C:\WINDOWS\system32\drivers\sbapifs.sys [] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752] R3 xpvcom;XPVCOM Port; C:\WINDOWS\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 41792] R4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064] S3 a4v6b6fy;a4v6b6fy; C:\WINDOWS\system32\drivers\a4v6b6fy.sys [] S3 aqo6o8eg;aqo6o8eg; C:\WINDOWS\system32\drivers\aqo6o8eg.sys [] S3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-03-12 33472] S3 catchme;catchme; \??\C:\Sniperzep\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-07-07 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-07-07 79488] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\Sandra.sys [] S3 SkLaggProtocol;Marvell Link Aggregation Protocol; C:\WINDOWS\system32\DRIVERS\yk51x32l.sys [2007-12-14 57344] S3 SkVlanProtocol;Marvell VLAN Protocol; C:\WINDOWS\system32\DRIVERS\yk51x32v.sys [2007-11-23 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-29 611664] R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-10-30 427288] R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 1181000] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880] R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-02-19 718408] R2 AVKService;G DATA Scheduler; C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [2008-02-07 427592] R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [2008-02-05 1127816] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-03 152984] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640] R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-06-06 155648] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-16 155716] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-11 66872] R2 SBCSSvc;Sunbelt CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe [2007-11-28 788976] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152] R2 UpdateCenterService;Update Center Service; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\RpcDataSrv.exe [2005-07-01 173040] S3 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\RpcSandraSrv.exe [2005-07-01 1160168] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 354560] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF----------------- Si tu avais quelques conseils sur des logiciels de securité je suis preneur !!!! Merci
- le 6 novembre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut Thanos, j'ai fais le scan kaspersky et il n'a rien trouvé d 'anormal ! Le rapport RSIT a l'air bon (meme si je suis pas un pro!!!) Qu'en penses tu ?
- le 4 novembre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut Thanos, voici le rapport de RSIT (j'ai pas eu encore le temps de faire le scan antivirus par internet): info.txt logfile of random's system information tool 1.04 2008-10-31 02:47:00 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}\setup.exe" -l0x9 -removeonly ACDSee 3.1 (SR-1)-->MsiExec.exe /I{8D3725DE-48F9-49E4-93C3-A6152AA009D5} Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Reader Extended Language Support Font Pack-->MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-800000000003} adsl TV-->C:\Program Files\adslTV\Uninstal.exe Agnitum Outpost Firewall Pro-->"C:\Program Files\Agnitum\Outpost Firewall Pro\unins000.exe" AI Direct Link-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C312984C-E386-4C2D-B33E-7B54355FB16E}\Setup.exe" -l0x9 AI Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x40c AIDA32 v3.93-->"C:\Program Files\AIDA32 - Enterprise System Information\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} ASUS GameFace Library-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D} ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly ASUS Smart Doctor-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1036 ASUS VideoSecurity Online-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7} ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe" AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Battlefield 2 : Forces Spéciales-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x40c -removeonly Battlefield 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003} Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003} Classic TV Pro Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2E2AF13B-0E03-42F1-B290-08AF0BD6AE0B} Classic TV Pro-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{ABE397F7-9C1B-43B9-BF59-39884FE3A7EB} /l1036 Crysis® Tournament Map Pack-->MsiExec.exe /X{63DAD698-7FB0-4094-BDD5-342AB1763D11} Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4} Dream Aquarium-->"C:\Program Files\Dream Aquarium\UnInstall.exe" Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe" G DATA InternetSecurity-->C:\Program Files\InstallShield Installation Information\{EBC48410-C292-412D-A72A-4F2855988D55}\setup.exe -runfromtemp -l0x040c -removeonly GameFace Messenger-->C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini" GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658} G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe Half-Life 2: Deathmatch-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/320 Half-Life 2: Episode One-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/380 Half-Life 2: Lost Coast-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/340 Half-Life 2-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/220 Half-Life Deathmatch: Source-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/360 Half-Life: Source-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/280 InterVideo MediaOne Gallery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003} Jeyo Mobile Extender 2.5 pour Outlook-->"C:\Program Files\Jeyo\JME_WM\unins000.exe" JkDefrag 3.34a-->"C:\Program Files\JkDefrag\unins000.exe" K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Korean Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LifeGlobe Goldfish Aquarium 2.0-->"C:\Program Files\Prolific Publishing, Inc\Goldfish Aquarium 2.0\unins000.exe" LifeGlobe Sharks, Terrors of the Deep 2-->"C:\Program Files\Prolific Publishing, Inc\Sharks2\unins000.exe" Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x40c UNINSTALL Logitech MouseWare 9.61 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x40c -l040c UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe Marvell Network Configuration Utility-->MsiExec.exe /X{7A351AAA-E651-41B1-89B6-972A676FF78B} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI NVIDIA Performance-->"C:\Program Files\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x040c -removeonly NVIDIA Performance-->MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} NVIDIA System Monitor-->"C:\Program Files\InstallShield Installation Information\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\setup.exe" -runfromtemp -l0x040c -removeonly NVIDIA System Monitor-->MsiExec.exe /I{E9CFBE78-ED91-4FCF-9E6F-210E477E527D} NVIDIA System Update-->"C:\Program Files\InstallShield Installation Information\{6F69C969-2942-4E7B-B594-75B37664B8BA}\setup.exe" -runfromtemp -l0x040c -removeonly NVIDIA System Update-->MsiExec.exe /I{6F69C969-2942-4E7B-B594-75B37664B8BA} O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50} Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" Pocket Informant 8.1-->C:\Program Files\Pocket Informant\uninst.exe PowerQuest PartitionMagic 8.0 Demo-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u Saitek SST Programming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{967FB80D-56BD-42EF-A942-9E8C78F984A4}\Setup.exe" -l0x40c -removeonly Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe" SiSoftware Sandra Professionnel 2005.SR2a (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\unins000.exe" Sony Ericsson Software-->C:\Program Files\SEMC\Sony Ericsson Handset Software\USBDriver\ZEBRUninstall.exe SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly Spb Backup 2.0.1-->"C:\Program Files\Spb Backup\unins000.exe" Spb Backup-->C:\Program Files\Microsoft ActiveSync\Spb Backup\Uninstall.exe Spb Backup SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe" SyncBackSE-->"C:\Program Files\2BrightSparks\SyncBackSE\unins000.exe" SysMetrix 3.40-->C:\Program Files\SysMetrix\uninst.exe TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB932080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9} USB Disk Security 5.1.0.15-->"C:\Program Files\USB Disk Security\unins000.exe" USB FireWall 1.1.3-->"C:\Program Files\InstallShield Installation Information\{E12683F4-89CF-4C10-BB15-013B415AA03A}\setup.exe" -runfromtemp -l0x040c -removeonly VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2} VirtualDub 1.6.9 Fr-->C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Tools 4.0-->C:\Program Files\Windows Media Components\Tools\_insttoo.exe /U Windows Mobile 6.1 Professional Emulator Images - USA-->MsiExec.exe /I{596717E1-5508-4932-BDFA-8B33CC49295B} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf ======Security center information====== AV: G DATA InternetSecurity 2008 FW: Outpost Firewall Pro ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Smart Projects\IsoBuster "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- et le deuxieme rapport : Logfile of random's system information tool 1.04 (written by random/random) Run by Thomas at 2008-10-31 02:46:38 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 31 GB (44%) free of 71 GB Total RAM: 2047 MB (72% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Thomas.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] G DATA WebFilter - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll [2008-02-21 656968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll [2008-02-21 656968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-16 8491008] "nwiz"=nwiz.exe /install [] "SysMetrix"=C:\Program Files\SysMetrix\SysMetrix.exe [2005-05-20 2613248] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-30 2595616] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-30 909208] "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-10-30 140568] "Profiler"=C:\Program Files\Saitek\Software\ProfilerU.exe [2006-08-09 184320] "SaiMfd"=C:\Program Files\Saitek\Software\SaiMfd.exe [2006-08-21 126976] "SBCSTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe [2007-11-28 698864] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-08 1036288] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2007-09-16 81920] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-05-29 520192] "EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-05-24 28672] "Tweak UI"=C:\WINDOWS\system32\TWEAKUI.CPL [2001-03-18 110640] "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392] "RivaTuner"=C:\Program Files\RivaTuner v2.02\RivaTuner.exe [2007-07-01 2596864] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-06-16 81920] "Classic TV Pro Remote"=C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Remote.exe [2006-04-04 241664] "Schedule"=C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Schedule.exe [2006-06-22 98304] "ATITool"=C:\Program Files\ATITool\ATITool.exe [2006-12-08 3035136] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312] "USB Antivirus"=C:\Program Files\USB Disk Security\USBGuard.exe [2008-09-23 798720] "USBFW"=C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe [2008-09-01 1330688] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504] "AVKTray"=C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe [2008-02-21 607816] "OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2008-04-23 1098568] "OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2008-04-22 419144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2008-04-22 154880] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "Fraps"=C:\PROGRAM FILES\FRAPS\FRAPS.EXE [2006-12-19 2842624] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] "Core Temp"=C:\Program Files\CoreTemp\Core Temp.exe [2008-05-18 256528] "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-06-06 114688] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-18 4608] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2008-01-28 1413120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [2008-01-28 1352704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2007-10-01 1126400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-07-12 380928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-11-30 881152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe [2006-11-01 2154496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner] C:\Program Files\ASUS\AI Direct Link\AsCmd.exe [2007-04-11 376832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link] C:\Program Files\ASUS\AI Direct Link\AsShare.exe [2007-08-20 1209856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II] C:\Program Files\ASUS\PC Probe II\Probe2.exe [2008-02-14 2135552] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage NxSensor.exe.lnk - C:\Program Files\NXsensor\NxSensor.exe SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSharedDocuments"=1 "ForceClassicControlPanel"=1 "NoUserNameInStartMenu"=1 "MaxRecentDocs"=9 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "NoDrives"=0 "NoDriveTypeAutoRun"=159 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Program Files\NXsensor\NxSensor.exe"="C:\Program Files\NXsensor\NxSensor.exe:*:Enabled:NxSensor" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc51d7be-4453-11dd-be07-001fc664e301}] shell\AutoRun\command - Q:\Autorun.exe ======List of files/folders created in the last 1 months====== 2008-10-31 02:46:45 ----D---- C:\Program Files\trend micro 2008-10-31 02:46:38 ----D---- C:\rsit 2008-10-31 02:43:48 ----D---- C:\Sniperzep 2008-10-30 23:27:58 ----D---- C:\Program Files\Panda Security 2008-10-30 23:27:57 ----D---- C:\WINDOWS\LastGood 2008-10-30 19:50:28 ----HD---- C:\AUTORUN.INF 2008-10-30 17:13:36 ----D---- C:\WINDOWS\system32\Filt 2008-10-30 17:13:36 ----D---- C:\Program Files\Agnitum 2008-10-30 17:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum 2008-10-30 15:16:50 ----D---- C:\Program Files\G DATA InternetSecurity 2008-10-30 13:53:45 ----D---- C:\Documents and Settings\Thomas\Application Data\Malwarebytes 2008-10-30 13:53:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-30 13:53:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-29 17:43:02 ----SHD---- C:\RECYCLER 2008-10-29 17:09:16 ----D---- C:\Program Files\Pocket Informant 2008-10-29 15:12:46 ----A---- C:\ComboFix.txt 2008-10-29 12:56:11 ----D---- C:\Bagle 2008-10-29 01:21:23 ----D---- C:\Documents and Settings\Thomas\Application Data\InstallShield 2008-10-28 23:18:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-28 21:44:30 ----D---- C:\Documents and Settings\Thomas\Application Data\Grisoft 2008-10-23 21:37:29 ----D---- C:\Program Files\Net Studio 2008-10-23 21:35:41 ----D---- C:\Program Files\USB Disk Security 2008-10-23 21:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-23 21:30:31 ----D---- C:\Program Files\Grisoft 2008-10-23 01:22:01 ----D---- C:\WINDOWS\ERDNT 2008-10-21 14:55:34 ----D---- C:\Program Files\Microsoft Device Emulator 2008-10-21 14:55:19 ----D---- C:\Program Files\Windows Mobile 6 SDK 2008-10-18 12:14:31 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2008-10-15 17:03:21 ----D---- C:\Program Files\Jeyo 2008-10-15 17:03:21 ----D---- C:\Documents and Settings\Thomas\Application Data\Jeyo 2008-10-15 15:58:29 ----D---- C:\Program Files\Spb Backup 2008-10-02 15:40:38 ----D---- C:\Program Files\Microsoft ActiveSync 2008-10-02 15:24:43 ----D---- C:\Program Files\SEMC ======List of files/folders modified in the last 1 months====== 2008-10-31 02:46:45 ----RD---- C:\Program Files 2008-10-31 02:46:32 ----D---- C:\WINDOWS\Temp 2008-10-31 02:45:14 ----D---- C:\WINDOWS 2008-10-31 02:45:07 ----D---- C:\WINDOWS\system32 2008-10-31 02:43:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-31 01:48:31 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2008-10-30 23:29:33 ----HD---- C:\WINDOWS\system32\drivers 2008-10-30 23:27:57 ----HD---- C:\WINDOWS\inf 2008-10-30 23:27:39 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-30 23:27:38 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-30 23:23:26 ----A---- C:\WINDOWS\iTouch.ini 2008-10-30 23:15:18 ----D---- C:\Program Files\Mozilla Firefox 2008-10-30 23:14:47 ----D---- C:\Program Files\SysMetrix 2008-10-30 23:12:30 ----D---- C:\Program Files\SpeedFan 2008-10-30 19:49:10 ----D---- C:\Program Files\SuperCopier2 2008-10-30 19:07:34 ----A---- C:\WINDOWS\avisplitter.INI 2008-10-30 17:24:03 ----D---- C:\WINDOWS\Minidump 2008-10-30 17:14:54 ----D---- C:\WINDOWS\system32\config 2008-10-30 17:14:04 ----SHD---- C:\WINDOWS\Installer 2008-10-30 16:42:40 ----D---- C:\WINDOWS\system32\LogFiles 2008-10-30 16:13:33 ----SHD---- C:\System Volume Information 2008-10-30 16:13:33 ----D---- C:\WINDOWS\system32\Restore 2008-10-30 15:17:23 ----D---- C:\Program Files\Fichiers communs\G DATA 2008-10-30 15:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2008-10-30 15:16:48 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-30 14:56:57 ----SD---- C:\WINDOWS\Tasks 2008-10-29 15:11:33 ----A---- C:\WINDOWS\system.ini 2008-10-29 15:10:11 ----D---- C:\WINDOWS\AppPatch 2008-10-29 15:10:11 ----D---- C:\Program Files\Fichiers communs 2008-10-28 21:39:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-27 20:40:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-27 20:34:44 ----RD---- C:\Unzipped 2008-10-26 23:04:24 ----D---- C:\WINDOWS\system32\oodag 2008-10-23 01:44:13 ----D---- C:\WINDOWS\repair 2008-10-21 14:56:16 ----SD---- C:\Documents and Settings\Thomas\Application Data\Microsoft 2008-10-21 14:56:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-20 20:08:47 ----A---- C:\WINDOWS\system32\program.txt 2008-10-20 19:04:59 ----A---- C:\WINDOWS\win.ini 2008-10-17 23:27:00 ----D---- C:\WINDOWS\Debug 2008-10-17 23:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-17 23:23:26 ----D---- C:\Program Files\Internet Explorer 2008-10-17 23:23:20 ----D---- C:\WINDOWS\ie7updates 2008-10-15 17:03:22 ----D---- C:\Program Files\Microsoft Office 2008-10-15 01:45:21 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2008-10-14 23:36:36 ----D---- C:\WINDOWS\Prefetch 2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-10-02 15:40:38 ----D---- C:\WINDOWS\Help 2008-10-02 15:40:38 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-10-02 12:22:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-02 12:22:05 ----D---- C:\Program Files\Fichiers communs\Adobe 2008-10-02 12:21:49 ----D---- C:\Program Files\Adobe 2008-10-01 01:51:00 ----D---- C:\WINDOWS\Registration 2008-10-01 01:50:23 ----RSD---- C:\WINDOWS\assembly ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136] R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064] R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-03-12 449184] R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2006-06-14 257152] R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [] R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys [] R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-06-27 44384] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-09 313856] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424] R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-27 206352] R3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\Thomas\LOCALS~1\Temp\ALSysIO.sys [] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432] R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys [] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2002-05-23 10432] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-07-26 10368] R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys [2002-05-21 23270] R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys [2002-05-21 5846] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys [2002-05-21 68886] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-16 6853088] R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys [] R3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.02\RivaTuner32.sys [] R3 SaiH0004;SaiH0004; C:\WINDOWS\system32\DRIVERS\SaiH0004.sys [2006-09-14 182528] R3 SaiL0004;SaiL0004; C:\WINDOWS\system32\DRIVERS\SaiL0004.sys [2006-09-14 15104] R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2006-09-14 13824] R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2006-09-14 35328] R3 SaiU0004;SaiU0004; C:\WINDOWS\system32\DRIVERS\SaiU0004.sys [2006-09-14 27392] R3 SBAPIFS;SBAPIFS; \??\C:\WINDOWS\system32\drivers\sbapifs.sys [] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752] R3 xpvcom;XPVCOM Port; C:\WINDOWS\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 41792] S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064] S3 ae6tqcsc;ae6tqcsc; C:\WINDOWS\system32\drivers\ae6tqcsc.sys [] S3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-03-12 33472] S3 avg1joxv;avg1joxv; C:\WINDOWS\system32\drivers\avg1joxv.sys [] S3 catchme;catchme; \??\C:\Sniperzep\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-07-07 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-07-07 79488] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\Sandra.sys [] S3 SkLaggProtocol;Marvell Link Aggregation Protocol; C:\WINDOWS\system32\DRIVERS\yk51x32l.sys [2007-12-14 57344] S3 SkVlanProtocol;Marvell VLAN Protocol; C:\WINDOWS\system32\DRIVERS\yk51x32v.sys [2007-11-23 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-29 611664] R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-10-30 427288] R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 1181000] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880] R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-02-19 718408] R2 AVKService;G DATA Scheduler; C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [2008-02-07 427592] R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [2008-02-05 1127816] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640] R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-06-06 155648] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-16 155716] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-11 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-31 183128] R2 SBCSSvc;Sunbelt CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe [2007-11-28 788976] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152] R2 UpdateCenterService;Update Center Service; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\RpcDataSrv.exe [2005-07-01 173040] S3 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR2a\RpcSandraSrv.exe [2005-07-01 1160168] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 354560] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF----------------- Merci, bon week end, moi je ne serais pas devant mon pc avant dimanche soir !
- le 31 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut Thanos, eh bien c'est efficace ton petit logiciel la, ça marche nickel le net maintenant !! J'ai scanné avec malwarebytes et il n'a rien trouvé d 'anormal (bien ce petit soft aussi !! je le garde) J'ai réussi à réinstaller G Data antivirus (version complete officielle (non crackée)) grâce à ton désinstaleur ainsi que le firewall (mais j'ai perdu toutes mes règles ! ) Existe t il un soft pour faire le ménage de tout les logiciels de desinfection (si besoin est) ? A tu quelques bons logiciel de securité et de reparation à me conseiller pour l'avenir ? Sinon un grand merci à toi, c'est du tres bon boulot tout ça ! merci encore PS: desolé df06 j'ai vu ton post après avoir posté le miens, merci quand même de l'info !
- le 30 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut, j'ai essayé ta méthode avec Dos mais ça na rien changé ! J'ai tenté un ping mais rien ne se passe ! "requête impossible" Je suis tombé sur ce topic dans un forum où j'ai exactement les mêmes symptômes (câble réseau bien reconnu comme connecté avec des paquets de données considérés comme envoyés et fonctionnant bien en 100Mb/s et les pilotes et périphériques fonctionnent correctement): http://www.3000fr.com/forum/viewthread.php?tid=2372 en bas de page surtout ou i explique une demarche, qu'en penses tu ?
- le 30 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut Thanos, J'ai essayé de réinstaller mon antivirus (je l'ai désinstallé avant) mais il m'indique un problème lors de la réinstallation et du coup le gardien est des activé ! peut être existe t'il une façon plus propre de désinstallation? J'ai suivi ta méthode pour réactiver internet mais dès que je clique sur réparer il m'affiche le message suivant : windows n'a pas pu réparer le problème car l'opération suivante n'a pas été menée à bien : échec de la demande des paramètres TCP/IP de la connexion. Impossible de continuer. Pour l'antivirus et le firewall y a t il une solution pour garder tous ses paramètres et règles lors de la réinstallation ?
- le 29 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut Thanos, je croyais que tu ne voulais plus m'aider parce que j'avais pris une initiative solo !!! merci de ton retour. J'ai un peu avancé tout seul car je commençais a désespérer, voici les nouveautés que j'ai fait: - J'ai débranché mon disque C: que j'ai mis dans un boitier externe et que j'ai scanné sur mon pc sain avec G Data 2008 + bitdefender 2009 + AVG Antispyware 7.5 ---------> Fichiers c:\windows\system32\drivers\Winfilse.exe (bagle) supprimé c:\windows\system32\drivers\srosa.sys (bagle) supprimé et également 2 ou 3 petites saloperies qui trainaient sans importance ! - remontage du disque dans son pc infecté ---------> exécution de elibagla et combofix puis redemmarage - désormais j'ai un accès continuel aux fichiers cachés et également à spybot et ccleaner - exécution de spybot et ccleaner : processus win32.bagle.hi supprimé - exécution d'un fichier .reg pour restaurer le safeboot - redémarrage en safeboot et scan de la machine par G Data et AVG Antispyware et ccleaner et spybot - redémarrage en mode normal: pc apparemment sain mais il subsiste l'impossibilité de réactiver l'antivirus et le firewall (à moins qu'il faille carrément les réinstaller ce qui ne m'arrange pas, je préférerai les réactiver ! ) et internet ne fonctionne pas (demande de renouveler l'adresse ip je crois) En résumé tout à l'air d'être redevenu normal mais les softs de sécurité restent inaccessibles et j'ai une petite fenêtre qui s'affiche très rarement comme quoi outlook essai d'envoyer un message sans mon autorisation ! Pourrai tu me donner une solution temporaire pour réactiver l'antivirus et le firewall et internet parce que j'ai besoin de me connecter au net pour le boulot (j'utilise un logiciel de simulation numérique de déformation mécanique). Je fais ce que tu me propose (je pense que hijackthis fonctionne maintenant si tu préfère ce soft) : ComboFix 08-10-29.06 - Thomas 2008-10-29 15:09:56.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1536 [GMT 1:00] Lancé depuis: C:\Sniperzep.exe * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 )))))))))))))))))))))))))))))))))))) . 2008-10-29 15:11 . 2008-10-29 15:03 2,997,616 -ra------ C:\Sniperzep.exe 2008-10-29 01:21 . 2008-10-29 01:21 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\InstallShield 2008-10-28 21:44 . 2008-10-28 21:44 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Grisoft 2008-10-28 21:37 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-10-23 21:37 . 2008-10-23 21:37 <REP> d-------- C:\Program Files\Net Studio 2008-10-23 21:35 . 2008-10-29 12:41 <REP> d-------- C:\Program Files\USB Disk Security 2008-10-23 21:30 . 2008-10-23 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-21 14:55 . 2008-10-21 14:55 <REP> d-------- C:\Program Files\Windows Mobile 6 SDK 2008-10-21 14:55 . 2008-10-21 14:55 <REP> d-------- C:\Program Files\Microsoft Device Emulator 2008-10-15 17:03 . 2008-10-15 17:03 <REP> d-------- C:\Program Files\Jeyo 2008-10-15 17:03 . 2008-10-15 17:03 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Jeyo 2008-10-15 15:58 . 2008-10-15 15:58 <REP> d-------- C:\Program Files\Spb Backup 2008-10-03 11:33 . 2005-07-07 15:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys 2008-10-03 11:32 . 2005-07-07 15:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys 2008-10-03 11:32 . 2005-07-07 15:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys 2008-10-03 11:32 . 2005-07-07 15:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys 2008-10-03 11:32 . 2005-07-07 15:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys 2008-10-03 11:32 . 2005-07-07 15:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys 2008-10-03 11:31 . 2005-07-07 15:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys 2008-10-03 11:31 . 2005-07-07 15:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys 2008-10-03 11:31 . 2005-07-07 15:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys 2008-10-02 15:40 . 2008-10-15 15:58 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2008-10-02 15:25 . 2006-02-01 09:01 41,792 -ra------ C:\WINDOWS\system32\drivers\zebrceb.sys 2008-10-02 15:25 . 2006-02-01 09:01 5,776 -ra------ C:\WINDOWS\system32\drivers\zebrwhnt.sys 2008-10-02 15:25 . 2006-02-01 09:01 5,776 -ra------ C:\WINDOWS\system32\drivers\zebrwh.sys 2008-10-02 15:24 . 2008-10-02 15:24 <REP> d-------- C:\Program Files\SEMC 2008-09-29 12:33 . 2008-10-02 12:22 <REP> d-------- C:\Program Files\Fichiers communs\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 14:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-29 14:11 --------- d-----w C:\Program Files\SysMetrix 2008-10-29 14:11 --------- d-----w C:\Program Files\SpeedFan 2008-10-29 00:40 --------- d-----w C:\Program Files\Fichiers communs\G DATA 2008-10-28 09:08 --------- d-----w C:\Program Files\SuperCopier2 2008-10-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-21 11:48 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-10-20 23:47 138,464 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-20 23:46 183,128 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-10-17 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 00:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-09-26 14:04 --------- d-----w C:\Program Files\adslTV 2008-09-25 11:27 --------- d-----w C:\Documents and Settings\Thomas\Application Data\SoundSpectrum 2008-09-23 22:31 --------- d-----w C:\Documents and Settings\Thomas\Application Data\vlc 2008-09-23 21:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-18 21:33 --------- d-----w C:\Program Files\Alcohol Soft 2008-09-18 21:29 --------- d-----w C:\Program Files\Smart Projects 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-11 20:35 22,328 ----a-w C:\Documents and Settings\Thomas\Application Data\PnkBstrK.sys 2008-09-11 20:34 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-09-11 20:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-09-11 20:31 --------- d-----w C:\Program Files\Electronic Arts 2008-09-10 23:50 --------- d-----w C:\Program Files\Steam 2008-09-09 00:14 --------- d-----w C:\Program Files\Prolific Publishing, Inc 2008-09-09 00:11 --------- d-----w C:\Program Files\SereneScreen 2008-09-09 00:07 --------- d-----w C:\Program Files\Dream Aquarium 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-04 23:29 --------- d-----w C:\Program Files\Orthos 2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2005-07-01 14:20 10,026,288 ----a-w C:\Program Files\fo-sr2a.exe 2005-06-13 19:41 372,705 ----a-w C:\Program Files\Boot-CD.exe . ------- Sigcheck ------- 2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2008-06-26 17:42 512000 8d71f28deb37cc9c2e344095d8bfe1ee C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-22 154880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Fraps"="C:\PROGRAM FILES\FRAPS\FRAPS.EXE" [2006-12-19 2842624] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Core Temp"="C:\Program Files\CoreTemp\Core Temp.exe" [2008-05-18 256528] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-06-06 114688] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-18 4608] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008] "SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2005-05-20 2613248] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] "Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2006-08-09 184320] "SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2006-08-21 126976] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 698864] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-10-08 1036288] "OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-10-26 1098568] "OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-10-26 419144] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 520192] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 2512392] "RivaTuner"="C:\Program Files\RivaTuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Classic TV Pro Remote"="C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Remote.exe" [2006-04-04 241664] "Schedule"="C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Schedule.exe" [2006-06-22 98304] "ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 3035136] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [2008-09-23 798720] "USBFW"="C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688] "AVKTray"="C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2008-02-21 607816] "nwiz"="nwiz.exe" [2007-09-16 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-09-16 C:\WINDOWS\system32\nvmctray.dll] "Tweak UI"="TWEAKUI.CPL" [2001-03-18 C:\WINDOWS\system32\TWEAKUI.CPL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ NxSensor.exe.lnk - C:\Program Files\NXsensor\NxSensor.exe [2008-07-25 362048] SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-02-28 2796544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) "MaxRecentDocs"= 9 (0x9) "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll "VIDC.VDOM"= vdowave.drv "VIDC.TR20"= tr2032.dll "vidc.vivo"= ivvideo.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] --a------ 2008-01-28 11:55 1413120 C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving] --a------ 2008-01-28 09:42 1352704 C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2007-10-01 20:58 1126400 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD] --a------ 2007-07-12 09:03 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help] --a------ 2007-11-30 19:03 881152 C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor] --a------ 2008-01-09 09:17 627200 C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger] --a------ 2006-11-01 13:50 2154496 C:\Program Files\GameFace Messenger\GameFace.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner] --a------ 2007-04-11 16:34 376832 C:\Program Files\ASUS\AI Direct Link\AsCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link] --a------ 2007-08-20 10:42 1209856 C:\Program Files\ASUS\AI Direct Link\AsShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II] --a------ 2008-02-14 12:55 2135552 C:\Program Files\ASUS\PC Probe II\Probe2.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\NXsensor\\NxSensor.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-07-28 15544] R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-06-27 368544] R2 AVKService;G DATA Scheduler;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [2008-02-07 427592] R2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys [2008-05-23 36640] R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-07-11 2208] R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720] R2 UpdateCenterService;Update Center Service;C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R3 ALSysIO;ALSysIO;C:\DOCUME~1\Thomas\LOCALS~1\Temp\ALSysIO.sys [ ] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432] R3 SaiH0004;SaiH0004;C:\WINDOWS\system32\DRIVERS\SaiH0004.sys [2006-09-14 182528] R3 SaiL0004;SaiL0004;C:\WINDOWS\system32\DRIVERS\SaiL0004.sys [2006-09-14 15104] R3 SaiU0004;SaiU0004;C:\WINDOWS\system32\DRIVERS\SaiU0004.sys [2006-09-14 27392] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [ ] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752] R3 xpvcom;XPVCOM Port;C:\WINDOWS\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 41792] S1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [ ] S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064] S2 AVKProxy;G DATA AntiVirus Proxy;C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-02-19 718408] S3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [ ] S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [ ] S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-27 46536] S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-07-31 32200] S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\WINDOWS\system32\DRIVERS\yk51x32l.sys [2007-12-14 57344] S3 SkVlanProtocol;Marvell VLAN Protocol;C:\WINDOWS\system32\DRIVERS\yk51x32v.sys [2007-11-23 20992] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 354560] S4 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 1181000] S4 AVKWCtl;Gardien d'AntiVirus;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [2008-02-05 1127816] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ead70e8-4baa-11dd-930b-001fc664e301}] \Shell\AutoRun\command - H:\nideiect.com \Shell\explore\Command - H:\nideiect.com \Shell\open\Command - H:\nideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc51d7be-4453-11dd-be07-001fc664e301}] \Shell\AutoRun\command - Q:\Autorun.exe *Newly Created Service* - SBAPIFS . Contenu du dossier 'Tâches planifiées' 2008-10-29 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-22 13:17] . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-sglfb.sys SafeBoot-tga.sys SafeBoot-wd.sys SafeBoot-sacsvr . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vzjdgxia.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 15:11:44 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Heure de fin: 2008-10-29 15:12:45 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-29 14:12:43 Avant-CF: 31 277 928 448 octets libres Après-CF: 31,331,545,088 octets libres 273 --- E O F --- 2008-10-17 22:23:53
- le 29 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Il n'y a plus personne ?????
- le 27 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Re, Bon, après 6 heures de recherche internet et d 'essais, j'ai effectué des scans avec différents logiciels tels que Blacklight et Elibagla, je vous poste les rapports au cas ou ça puisse vous aider : rapport blacklight : 10/24/08 02:05:53 [info]: BlackLight Engine 2.2.1092 initialized 10/24/08 02:05:53 [info]: OS: 5.1 build 2600 (Service Pack 3) 10/24/08 02:05:54 [Note]: 7019 4 10/24/08 02:05:54 [Note]: 7005 0 10/24/08 02:05:59 [Note]: 7006 0 10/24/08 02:05:59 [Note]: 7011 3352 10/24/08 02:05:59 [Note]: 7035 0 10/24/08 02:06:01 [Note]: 7026 0 10/24/08 02:06:02 [Note]: 7026 0 10/24/08 02:06:02 [Note]: 7024 3 10/24/08 02:06:02 [info]: Hidden process: C:\WINDOWS\system32\drivers\winfilse.exe 10/24/08 02:06:04 [Note]: FSRAW library version 1.7.1024 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg 10/24/08 02:06:42 [Note]: 10002 3 10/24/08 02:06:42 [Note]: 10002 2 10/24/08 02:06:42 [Note]: 10002 2 10/24/08 02:06:55 [Note]: 10002 2 10/24/08 02:06:55 [Note]: 10002 2 10/24/08 02:07:01 [info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys 10/24/08 02:07:01 [Note]: 10002 2 10/24/08 02:07:02 [Note]: 10002 2 10/24/08 02:07:02 [Note]: 10002 2 10/24/08 02:07:02 [info]: Hidden file: C:\WINDOWS\system32\drivers\winfilse.exe 10/24/08 02:07:02 [Note]: 10002 2 10/24/08 02:09:33 [Note]: 7007 0 et le rapport elibagla : Fri Oct 24 02:09:58 2008 EliBagle v11.89 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Fri Oct 24 02:10:00 2008 EliBagle v11.89 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Oct 24 02:10:19 2008 EliBagle v11.89 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Fri Oct 24 02:10:22 2008 EliBagle v11.89 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Fri Oct 24 02:10:56 2008 EliBagle v11.89 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Fri Oct 24 02:10:58 2008 EliBagle v11.89 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ En espérant que ça vous éclair un peu ! Ben moi je vais me couché ça m'a tué tout ça!! bonne nuit
- le 24 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut, je viens de remarquer que le virus se réplique sur les clé usb (avec un autorun) mais pas sur disque dur externe branché en USB, donc j'ai eu chaud de ne pas infecter mon pc sain car je n'ai pas rebranché ma clé sur celui ci ! Si t'es dans le coin pourrai tu analyser le rapport combofix STP ? En fouillant sur le net j'ai trouvé que "Winsockfix" pourrait peut etre réparer ma connexion internet, est ce exact ? Mais je ne voudrais pas que d autres malwares viennent s'installer vu que mon firewall est desactivé. D ailleurs j'ai remarqué dans le rapport combofix que le firewall est désactiver par les cles du registre ainsi que le safeboot, est ce que si je les réinstalle manuellement (les clé registre) ça refonctionnera ? Merci
- le 23 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut, j'ai fait ce que tu m'a dis, et pas sans difficultés car les malwares tentent de désactiver la clé usb dès que je la connecte mais j'ai quand même réussi en faisant copier coller plus vite que les malwares qui essaient de désactiver la clé usb !!! trêve de plaisanteries voici ce qui s'est affiché lors du lancement de combofix : -Combofix a detecté la présence d'une activité de rootkit et a besoin de redemarrer ------> redémarrage -Combofix has detected that this machine does not have the windows recovery console (require internet connection) -----> le net est desactivé par les malwares donc j'ai coché "non" pour ne pas l installer -suppression des fichiers dans C:\windows\system32\drivers\downld\ puis demande de redémarrage -redemarrage du systeme et la gros crash ecran bleu "invalid_kernel_handle" STOP: 0x00000093 (0x00000B24, 0x00000000, 0x00000000, 0x00000000) lors de l'extinction du pc - je fais un reset manuel - redémarrage normal apparament - création du log normal - j'ai désormais accès aux fichiers cachés, bon début Voici le rapport: ComboFix 08-10-22.02 - Thomas 2008-10-23 2:37:20.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1695 [GMT 2:00] AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thomas\Application Data\m C:\Documents and Settings\Thomas\Application Data\m\flec006.exe C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\144421.exe C:\WINDOWS\system32\drivers\downld\148265.exe C:\WINDOWS\system32\drivers\downld\172453.exe C:\WINDOWS\system32\drivers\downld\183468.exe C:\WINDOWS\system32\drivers\downld\227734.exe C:\WINDOWS\system32\drivers\downld\250093.exe C:\WINDOWS\system32\drivers\downld\266250.exe C:\WINDOWS\system32\drivers\downld\273750.exe C:\WINDOWS\system32\drivers\downld\345390.exe C:\WINDOWS\system32\drivers\downld\404484.exe C:\WINDOWS\system32\drivers\downld\439015.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\mdelk.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 )))))))))))))))))))))))))))))))))))) . 2008-10-23 02:43 . 2008-10-23 02:43 <REP> d-------- C:\WINDOWS\system32\drivers\downld 2008-10-23 02:43 . 2008-10-23 02:43 117,256 --a------ C:\WINDOWS\system32\drivers\srosa.sys 2008-10-23 02:17 . 2008-10-23 02:01 2,994,310 -ra------ C:\sniperzep.exe 2008-10-22 02:52 . 2008-10-22 02:52 <REP> d-------- C:\rsit 2008-10-21 16:10 . 2004-08-27 07:01 794,632 --------- C:\WINDOWS\system32\drivers\winfilse.exe 2008-10-21 15:55 . 2008-10-21 15:55 <REP> d-------- C:\Program Files\Windows Mobile 6 SDK 2008-10-21 15:55 . 2008-10-21 15:55 <REP> d-------- C:\Program Files\Microsoft Device Emulator 2008-10-18 00:24 . 2008-10-18 00:24 244 --ah----- C:\sqmnoopt18.sqm 2008-10-18 00:24 . 2008-10-18 00:24 232 --ah----- C:\sqmdata18.sqm 2008-10-17 15:59 . 2008-10-17 15:59 244 --ah----- C:\sqmnoopt17.sqm 2008-10-17 15:59 . 2008-10-17 15:59 232 --ah----- C:\sqmdata17.sqm 2008-10-17 12:18 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-17 04:05 . 2008-10-17 04:05 244 --ah----- C:\sqmnoopt16.sqm 2008-10-17 04:05 . 2008-10-17 04:05 232 --ah----- C:\sqmdata16.sqm 2008-10-17 01:46 . 2008-10-17 01:46 244 --ah----- C:\sqmnoopt15.sqm 2008-10-17 01:46 . 2008-10-17 01:46 232 --ah----- C:\sqmdata15.sqm 2008-10-16 18:21 . 2008-10-16 18:21 244 --ah----- C:\sqmnoopt14.sqm 2008-10-16 18:21 . 2008-10-16 18:21 232 --ah----- C:\sqmdata14.sqm 2008-10-16 18:20 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 18:20 . 2008-08-14 15:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 18:20 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 18:20 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-16 18:16 . 2008-10-16 18:16 244 --ah----- C:\sqmnoopt13.sqm 2008-10-16 18:16 . 2008-10-16 18:16 232 --ah----- C:\sqmdata13.sqm 2008-10-16 12:55 . 2008-10-16 12:55 244 --ah----- C:\sqmnoopt12.sqm 2008-10-16 12:55 . 2008-10-16 12:55 232 --ah----- C:\sqmdata12.sqm 2008-10-16 11:37 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-10-16 11:37 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-10-16 10:52 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 10:52 . 2008-08-14 12:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-10-16 04:25 . 2008-10-16 04:25 244 --ah----- C:\sqmnoopt11.sqm 2008-10-16 04:25 . 2008-10-16 04:25 232 --ah----- C:\sqmdata11.sqm 2008-10-15 20:08 . 2008-10-15 20:08 244 --ah----- C:\sqmnoopt10.sqm 2008-10-15 20:08 . 2008-10-15 20:08 232 --ah----- C:\sqmdata10.sqm 2008-10-15 18:03 . 2008-10-15 18:03 <REP> d-------- C:\Program Files\Jeyo 2008-10-15 18:03 . 2008-10-15 18:03 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Jeyo 2008-10-15 17:37 . 2008-10-15 17:37 244 --ah----- C:\sqmnoopt09.sqm 2008-10-15 17:37 . 2008-10-15 17:37 232 --ah----- C:\sqmdata09.sqm 2008-10-15 17:32 . 2008-10-15 17:32 244 --ah----- C:\sqmnoopt08.sqm 2008-10-15 17:32 . 2008-10-15 17:32 232 --ah----- C:\sqmdata08.sqm 2008-10-15 17:07 . 2008-10-15 17:07 244 --ah----- C:\sqmnoopt07.sqm 2008-10-15 17:07 . 2008-10-15 17:07 232 --ah----- C:\sqmdata07.sqm 2008-10-15 16:58 . 2008-10-15 16:58 <REP> d-------- C:\Program Files\Spb Backup 2008-10-15 16:47 . 2008-10-15 16:47 244 --ah----- C:\sqmnoopt06.sqm 2008-10-15 16:47 . 2008-10-15 16:47 232 --ah----- C:\sqmdata06.sqm 2008-10-15 00:34 . 2008-10-15 00:34 244 --ah----- C:\sqmnoopt05.sqm 2008-10-15 00:34 . 2008-10-15 00:34 232 --ah----- C:\sqmdata05.sqm 2008-10-14 21:46 . 2008-10-14 21:46 244 --ah----- C:\sqmnoopt04.sqm 2008-10-14 21:46 . 2008-10-14 21:46 232 --ah----- C:\sqmdata04.sqm 2008-10-14 15:13 . 2008-10-14 15:13 244 --ah----- C:\sqmnoopt03.sqm 2008-10-14 15:13 . 2008-10-14 15:13 232 --ah----- C:\sqmdata03.sqm 2008-10-14 03:09 . 2008-10-14 03:09 244 --ah----- C:\sqmnoopt02.sqm 2008-10-14 03:09 . 2008-10-14 03:09 232 --ah----- C:\sqmdata02.sqm 2008-10-13 18:47 . 2008-10-13 18:47 244 --ah----- C:\sqmnoopt01.sqm 2008-10-13 18:47 . 2008-10-13 18:47 232 --ah----- C:\sqmdata01.sqm 2008-10-13 18:18 . 2008-10-13 18:18 244 --ah----- C:\sqmnoopt00.sqm 2008-10-13 18:18 . 2008-10-13 18:18 232 --ah----- C:\sqmdata00.sqm 2008-10-03 19:12 . 2008-10-03 19:12 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-03 12:33 . 2005-07-07 16:25 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys 2008-10-03 12:32 . 2005-07-07 16:25 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys 2008-10-03 12:32 . 2005-07-07 16:25 79,488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys 2008-10-03 12:32 . 2005-07-07 16:26 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys 2008-10-03 12:32 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys 2008-10-03 12:32 . 2005-07-07 16:26 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys 2008-10-03 12:31 . 2005-07-07 16:26 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys 2008-10-03 12:31 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys 2008-10-03 12:31 . 2005-07-07 16:25 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys 2008-10-02 16:40 . 2008-10-15 16:58 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2008-10-02 16:25 . 2006-02-01 10:01 41,792 -ra------ C:\WINDOWS\system32\drivers\zebrceb.sys 2008-10-02 16:25 . 2006-02-01 10:01 5,776 -ra------ C:\WINDOWS\system32\drivers\zebrwhnt.sys 2008-10-02 16:25 . 2006-02-01 10:01 5,776 -ra------ C:\WINDOWS\system32\drivers\zebrwh.sys 2008-10-02 16:24 . 2008-10-02 16:24 <REP> d-------- C:\Program Files\SEMC 2008-09-29 13:33 . 2008-10-02 13:22 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-09-24 00:08 . 2008-09-26 16:04 <REP> d-------- C:\Program Files\adslTV . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 00:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-23 00:43 --------- d-----w C:\Program Files\SysMetrix 2008-10-23 00:43 --------- d-----w C:\Program Files\SpeedFan 2008-10-21 11:48 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-10-20 23:47 138,464 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-20 23:46 183,128 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-10-17 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 00:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-09-25 11:27 --------- d-----w C:\Documents and Settings\Thomas\Application Data\SoundSpectrum 2008-09-23 22:31 --------- d-----w C:\Documents and Settings\Thomas\Application Data\vlc 2008-09-23 21:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-18 21:33 --------- d-----w C:\Program Files\Alcohol Soft 2008-09-18 21:29 --------- d-----w C:\Program Files\Smart Projects 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-11 20:35 22,328 ----a-w C:\Documents and Settings\Thomas\Application Data\PnkBstrK.sys 2008-09-11 20:34 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-09-11 20:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-09-11 20:31 --------- d-----w C:\Program Files\Electronic Arts 2008-09-10 23:50 --------- d-----w C:\Program Files\Steam 2008-09-09 00:14 --------- d-----w C:\Program Files\Prolific Publishing, Inc 2008-09-09 00:11 --------- d-----w C:\Program Files\SereneScreen 2008-09-09 00:07 --------- d-----w C:\Program Files\Dream Aquarium 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-04 23:29 --------- d-----w C:\Program Files\Orthos 2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2005-07-01 14:20 10,026,288 ----a-w C:\Program Files\fo-sr2a.exe 2005-06-13 19:41 372,705 ----a-w C:\Program Files\Boot-CD.exe . ------- Sigcheck ------- 2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2008-06-26 18:42 512000 8d71f28deb37cc9c2e344095d8bfe1ee C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2004-08-27 794632] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-22 154880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Fraps"="C:\PROGRAM FILES\FRAPS\FRAPS.EXE" [2006-12-19 2842624] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Core Temp"="C:\Program Files\CoreTemp\Core Temp.exe" [2008-05-19 256528] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-06-06 114688] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-18 4608] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008] "SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2005-05-20 2613248] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] "Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2006-08-09 184320] "SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2006-08-21 126976] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 698864] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-10-08 1036288] "OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-10-23 1098568] "OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-10-23 419144] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 520192] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 2512392] "AVKTray"="C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2008-02-21 607816] "RivaTuner"="C:\Program Files\RivaTuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Classic TV Pro Remote"="C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Remote.exe" [2006-04-04 241664] "Schedule"="C:\Program Files\Classic TV Pro Vision\Classic TV Pro\Schedule.exe" [2006-06-22 98304] "ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 3035136] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2007-09-16 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-09-16 C:\WINDOWS\system32\nvmctray.dll] "Tweak UI"="TWEAKUI.CPL" [2001-03-19 C:\WINDOWS\system32\TWEAKUI.CPL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ NxSensor.exe.lnk - C:\Program Files\NXsensor\NxSensor.exe [2008-07-25 362048] SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-02-28 2796544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) "MaxRecentDocs"= 9 (0x9) "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 "NoLogoff"= 0 (0x0) "NoSMHelp"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll "VIDC.VDOM"= vdowave.drv "VIDC.TR20"= tr2032.dll "vidc.vivo"= ivvideo.dll Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] --a------ 2008-01-28 12:55 1413120 C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving] --a------ 2008-01-28 10:42 1352704 C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2007-10-01 21:58 1126400 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD] --a------ 2007-07-12 10:03 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help] --a------ 2007-11-30 20:03 881152 C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor] --a------ 2008-01-09 10:17 627200 C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger] --a------ 2006-11-01 14:50 2154496 C:\Program Files\GameFace Messenger\GameFace.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner] --a------ 2007-04-11 17:34 376832 C:\Program Files\ASUS\AI Direct Link\AsCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link] --a------ 2007-08-20 11:42 1209856 C:\Program Files\ASUS\AI Direct Link\AsShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II] --a------ 2008-02-14 13:55 2135552 C:\Program Files\ASUS\PC Probe II\Probe2.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\NXsensor\\NxSensor.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-07-28 15544] R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-06-27 368544] R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-07-31 41928] R2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys [2008-05-23 36640] R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-07-11 2208] R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720] R2 UpdateCenterService;Update Center Service;C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432] R3 SaiH0004;SaiH0004;C:\WINDOWS\system32\DRIVERS\SaiH0004.sys [2006-09-14 182528] R3 SaiL0004;SaiL0004;C:\WINDOWS\system32\DRIVERS\SaiL0004.sys [2006-09-14 15104] R3 SaiU0004;SaiU0004;C:\WINDOWS\system32\DRIVERS\SaiU0004.sys [2006-09-14 27392] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752] S1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [ ] S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064] S3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [ ] S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [ ] S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-27 46536] S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-07-31 32200] S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [ ] S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\WINDOWS\system32\DRIVERS\yk51x32l.sys [2007-12-14 57344] S3 SkVlanProtocol;Marvell VLAN Protocol;C:\WINDOWS\system32\DRIVERS\yk51x32v.sys [2007-11-23 20992] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 354560] S3 xpvcom;XPVCOM Port;C:\WINDOWS\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032] S3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 41792] S4 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 1181000] S4 AVKProxy;G DATA AntiVirus Proxy;C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-02-19 718408] S4 AVKService;G DATA Scheduler;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [2008-10-22 427592] S4 AVKWCtl;Gardien d'AntiVirus;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [2008-10-22 1127816] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - SROSA . Contenu du dossier 'Tâches planifiées' 2008-10-23 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-22 14:17] . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-MMTray - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vzjdgxia.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 02:43:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... C:\WINDOWS\system32\drivers\winfilse.exe [3156] 0x8A0C8DA0 Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "drvsyskit"="C:\\WINDOWS\\system32\\drivers\\winfilse.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srosa] "ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys" . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\taskmgr.exe . ************************************************************************** . Heure de fin: 2008-10-23 2:44:24 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-23 00:44:21 Avant-CF: 34,873,442,304 octets libres Après-CF: 34,992,484,352 octets libres 349 --- E O F --- 2008-10-17 22:23:53
- le 23 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a répondu à un(e) sujet de sniperzep dans Analyses et éradication malwares

Salut, bon, c'est pas tres bon signe tout ça : - impossible de se connecter au net avec le pc infecté - RSIT.exe ne fonctionne pas sur mon pc infecté, il se lance puis se ferme direct (alors qu'il fonctionne bien sur le pc sain), et il y a pas mal de logiciel qui font ça tel que ccleaner qui se lance puis se coupe De plus mon firewall est aussi desactivé (outpost firewall) J'ai acronis true image qui permet de faire une restauration au demarrage de windows, est ce que cela pourrait servir? Voila que dire de plus, a part que j'ai vraiment pas envi de formater le disque ! merci pour ton aide EDIT 3h52 : par hasard je suis tombé sur un dossier inconnu : C:\windows\ime dans lequel il y a : dossier chsime, CHTIME, imejp, imejp98, imejp8_1, imkr6_1, et les fichiers mscandui.dll, softkbd.dll,spgrmr.dll, sptip.dll c'est quoi ce dossier? J'ai pu vérifier le contenu de C:\ avec l'invite de commande (fichiers cachés deviennent visibles ! ) et il n'y a aucun fichier autorun donc logiquement il ne devrait pas y avoir de problemes à connecter une clé usb et de l'infectée n'est ce pas? En dernier recourt je vais peut etre tenter de mettre le disque dur infecté dans un support externe et le scanné en ligne via le pc sain, pourrais tu me donner la manip a faire pour reduire au maximum le risque de propagation (en mode sans echec?). Est ce que démarrer sur le cd de restauration de windows me permettrai de démarrer en sans echec??
- le 22 octobre 2008
- 24 réponses
[résolu] Infection trojan et virus

sniperzep a posté un sujet dans Analyses et éradication malwares

Bonjour tout le monde, Voici mon problème : Après avoir extrait une archive .rar j'ai libéré un virus. J ai g data internet security 2008 + counterspy. Counterspy a detecté un changement de fichier système mais g data na rien vu et s'est même desactivé (impossible de lancer le gardien). Je n 'ai plus accès aux fichiers cachés (impossible de les faire apparaitre avec les options des dossiers). Impossible de demarrer en mode sans echec (écran bleu de plantage windows) donc impossible de scanner en sans echec. Après un scan de g data il a été trouvé : win32 Small MIH et Win32 trojan-gen {other] et Win32 Kapucen-B Counterspy ma bloqué des processus tel que 12546841.exe et d autres numeros Le pc rame bien et je l'ai deconnecté du net car j'ai un 2eme pc disponible pour vous parler. A mon avis je dois avoir un fichier autorun.inf qui est caché mais je ne peux pas le voir a cause de la desactivation de la visibilité des fichiers cachés. Voila en espérant que vous puissiez me conseiller un bon logiciel en ligne ! PS: ya til un risque de se connecter au net (jeux videos)? y a t il un risque de transferer des fichiers par clé usb avec mon pc sain ? PS 2 : Est ce que si je mets mon disque dur C dans un boitier externe et que je le connecte sur mon 2nd pc pour supprimer les fichiers vérolés il a un risque de contaminer mon 2nd pc ? Merci a tous
- le 21 octobre 2008
- 24 réponses

Connexion

sniperzep

Compteur de contenus

Inscription

Dernière visite

Autres informations

sniperzep's Achievements

Junior Member (3/12)

Réputation sur la communauté

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

[résolu] Infection trojan et virus

Zebulon

Outils en ligne

Naviguer