Aller au contenu

Maho

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    20

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français

Maho's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Maho
    Bonjour, Il y a quelques heures, j'ai constaté que l'espace libre de mon disque dur principal diminuait petit à petit sans que je fasse quoi que ce soit. Je dois environ perdre 0.50 giga toutes les trente secondes. Je pense avoir "perdu" plus de 50 gigas d'espace libre de cette manière (ce matin, il m'en restait 15). L'espace libre sur mon disque dur principal diminue sans que j'installe de nouveaux programmes / colle de nouveaux fichiers sur mon ordinateur. Mon second disque dur ne subit pas ce problème. Ces derniers jours, j'ai également constaté un ralentissement de mon PC, principalement lors du démarrage et lors de l'arrêt, mais aussi lorsque je l'utilise. Ma configuration : Je possède un PC portable avec Windows Vista Home SP2. J'utilise antivir, Online Armor (pare-feu), MBAM, CCcleaner. Mes versions de Java sont à jour (et les anciennes effacées), Internet explorer est à jour et je n'utilise pas de programme de P2P (qui pourraient, parait-il, enregistrer en continu des fichiers temporaires sur mon PC). Mes tentatives pour solutionner le problème : J'ai premièrement lancé un "examen rapide" à l'aide de MBAM qui n'a rien détecté. J'ai ensuite essayé de nettoyer mon disque à l'aide de CCcleaner qui a effacé environ 50 Mo de fichiers. J'ai enfin lancé une vérification et réparation du disque principal sans succès. Cependant, lorsque j'ai essayé de lancer la vérification, j'ai reçu un message d'erreur m'expliquant qu'il était impossible de scanner un disque en cours d'utilisation. J'ai donc programmé une vérification au démarrage qui n'a pas solutionné le problème. Le problème est peut être lié à une mise à jour que je n'arrive pas à installer. Il s'agit du SP2 pour Office 2007. L'installation ne démarre simplement pas. Voici un log Hijackthis effectué juste avant de poster ce message : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:01, on 21/09/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\OAui.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MyWinPopupExpress] C:\Program Files\Namtuk\My WinPopup Express\MyWPE.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1253548423143 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 6877 bytes D'avance, merci pour votre aide. EDIT : J'espère ne pas avoir accaparé votre temps, étant pressé par la diminution de ma mémoire disponible, j'ai tout mis en œuvre pour résoudre ce problème. Après quelques heures de recherche, j'ai enfin trouvé que les "rapports d'erreurs" de toutes les sessions communes pesaient 500 gigas. Désolé du dérangement et bonne journée.
  2. Maho
    Check x 6. Merci encore.
  3. Maho
    Voici le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:20:32, on 24/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198937638938 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201537588812 O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} (CDownloader Object) - http://www.mtv-france.com/podcast/videoDL.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C952600B-8AEE-4B3F-8CF2-1AC45AAFC608}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 6063 bytes
  4. Maho
    Bonjour, Il n'y a pas de dossier C:\QooBox, mais un dossier Combofix contenant un "interpréteur de commande". J'imagine que je dois m'en débarrasser ?
  5. Maho
    Bonjour, Tout semble clean. Il me reste deux question à te poser : Dois-je supprimer Combofix d'une manière particulière ? MBAM et Spybot semblent tous les deux être des chasseurs de Malwares, mais MBAM en détecte plus. Est-ce que conserver ces deux programmes ne fait pas double emploi ? Dois-je réserver MBAM aux situations de crise ou dois-je supprimer Spybot et utiliser MBAM à sa place ? Finalement, je tiens à te remercier sincèrement. Le nettoyage de mon PC a été rapide et efficace. Tu as été super disponible, très clair et patient. J'imagine qu'il y avait fort à faire sur mon ordi et j'ai parfois été un peu lent avec les màj de combofix ^^'. Quoi qu'il en soit, tu m'as évité de perdre pas mal de temps et aussi quelques soucis. Merci encore. Merci également à l'équipe sécurité de Zebulon, vous faites un excellent travail de prévention et de protection à long terme, en plus du cleaning. Entre les différents scans que j'ai effectué, j'ai visité la section sécurité du forum. Suite à cela, je pense perdre pas mal de mes mauvaises habitudes concernant la sécurité de mon PC.
  6. Maho
    Bonsoir, EDIT : Erf, je n'arrive pas à créer deux réponses séparées :s. Il semblerait que vous ayez un bon anti-flood. log.txt : Logfile of random's system information tool 1.06 (written by random/random) Run by AntoineD at 2009-08-22 21:06:03 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 77 GB (50%) free of 153 GB Total RAM: 1023 MB (78% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:23, on 22/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Documents and Settings\AntoineD\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\AntoineD.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198937638938 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201537588812 O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} (CDownloader Object) - http://www.mtv-france.com/podcast/videoDL.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C952600B-8AEE-4B3F-8CF2-1AC45AAFC608}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 6113 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-07-11 2121416] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-07-11 336584] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0" "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-08-22 21:06:03 ----D---- C:\rsit 2009-08-22 13:08:55 ----A---- C:\ComboFix.txt 2009-08-22 12:56:51 ----SD---- C:\ComboFix 2009-08-22 12:52:19 ----SHD---- C:\Config.Msi 2009-08-19 20:25:43 ----D---- C:\Documents and Settings\AntoineD\Application Data\OnlineArmor 2009-08-19 20:25:43 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor 2009-08-19 20:25:21 ----D---- C:\Program Files\Tall Emu 2009-08-19 20:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-17 19:52:48 ----A---- C:\WINDOWS\system32\appmgmts.dll 2009-08-16 21:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-16 18:05:06 ----RA---- C:\WINDOWS\PEV.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\zip.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\SWSC.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\SWREG.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\sed.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-16 18:05:06 ----A---- C:\WINDOWS\grep.exe 2009-08-16 18:05:04 ----D---- C:\WINDOWS\ERDNT 2009-08-16 18:05:00 ----D---- C:\Qoobox 2009-08-15 23:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-15 23:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-15 23:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-15 23:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-15 23:51:21 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-15 23:51:15 ----D---- C:\Program Files\MSBuild 2009-08-15 23:51:13 ----D---- C:\WINDOWS\system32\en-US 2009-08-15 23:51:05 ----D---- C:\Program Files\Reference Assemblies 2009-08-15 23:50:37 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-15 23:50:37 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-15 23:50:37 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-15 23:50:36 ----D---- C:\0656ce9091292e9e36d34114245569 2009-08-15 23:50:18 ----D---- C:\WINDOWS\SxsCaPendDel 2009-08-15 23:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-15 23:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-15 23:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-15 23:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-15 23:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-15 21:39:33 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-15 21:39:33 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-15 21:39:33 ----A---- C:\WINDOWS\system32\java.exe 2009-08-15 21:23:23 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-12 22:45:38 ----D---- C:\Documents and Settings\AntoineD\Application Data\Malwarebytes 2009-08-12 22:45:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-12 22:45:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-12 22:26:03 ----D---- C:\Program Files\Trend Micro ======List of files/folders modified in the last 1 months====== 2009-08-22 21:04:41 ----D---- C:\Documents and Settings\AntoineD\Application Data\vlc 2009-08-22 18:19:44 ----D---- C:\WINDOWS\Prefetch 2009-08-22 18:17:25 ----D---- C:\Program Files\Mozilla Firefox 2009-08-22 18:17:03 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-22 18:16:48 ----D---- C:\WINDOWS\Temp 2009-08-22 18:16:24 ----D---- C:\WINDOWS\system32\drivers 2009-08-22 18:15:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-22 13:09:02 ----D---- C:\WINDOWS\system32 2009-08-22 13:05:28 ----D---- C:\WINDOWS 2009-08-22 13:05:28 ----A---- C:\WINDOWS\system.ini 2009-08-22 13:04:53 ----SHD---- C:\WINDOWS\Installer 2009-08-22 13:02:48 ----D---- C:\WINDOWS\AppPatch 2009-08-22 13:02:44 ----D---- C:\Program Files\Fichiers communs 2009-08-22 12:53:45 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-08-22 12:53:43 ----D---- C:\WINDOWS\WinSxS 2009-08-22 12:53:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-08-22 12:53:23 ----D---- C:\Program Files\Adobe 2009-08-22 12:51:37 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-22 11:16:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-20 19:22:57 ----RD---- C:\Program Files 2009-08-20 18:35:36 ----D---- C:\Program Files\Hewlett-Packard 2009-08-19 21:19:09 ----D---- C:\Program Files\DivX 2009-08-19 20:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-19 20:24:47 ----HD---- C:\WINDOWS\inf 2009-08-16 21:31:06 ----A---- C:\WINDOWS\imsins.BAK 2009-08-16 21:31:01 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-16 18:37:29 ----RSD---- C:\WINDOWS\assembly 2009-08-16 18:34:18 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-16 17:58:27 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-15 23:51:11 ----RSD---- C:\WINDOWS\Fonts 2009-08-15 23:50:48 ----D---- C:\WINDOWS\system32\spool 2009-08-15 23:48:41 ----D---- C:\WINDOWS\system32\mui 2009-08-15 23:48:41 ----D---- C:\Program Files\Internet Explorer 2009-08-15 23:46:19 ----D---- C:\Program Files\Outlook Express 2009-08-15 21:40:48 ----D---- C:\Program Files\Java 2009-08-15 21:24:05 ----D---- C:\Documents and Settings 2009-08-10 20:26:42 ----D---- C:\Documents and Settings\AntoineD\Application Data\OpenOffice.org2 2009-08-10 14:00:15 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-08-05 11:03:38 ----D---- C:\Program Files\World of Warcraft 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-01 01:11:53 ----D---- C:\WINDOWS\Minidump 2009-07-31 15:17:23 ----A---- C:\WINDOWS\cdplayer.ini 2009-07-30 03:02:44 ----D---- C:\WINDOWS\system32\fr-fr 2009-07-30 03:02:29 ----D---- C:\WINDOWS\ie7updates 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys [] R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys [] R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-15 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-19 55656] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 catchme;catchme; \??\C:\DOCUME~1\AntoineD\LOCALS~1\Temp\catchme.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048] S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-15 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004] R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-07-11 362184] R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-07-11 3142344] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Info.txt : info.txt logfile of random's system information tool 1.06 2009-08-22 21:06:27 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Free FLV Converter V 6.2.0-->"C:\Program Files\Free FLV Converter\unins000.exe" GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9} Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310} OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f"C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu" Online Armor 3.5-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe" OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D} QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Scan Manager 5.2-->MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39} Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\ Sony Ericsson Media Manager 1.0-->MsiExec.exe /X{37F8E751-D19B-4445-8007-831CA42A9F9E} SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe ======Hosts File====== 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com ======Security center information====== AV: AntiVir Desktop FW: Pare-feu Online Armor ======System event log====== Computer Name: ANTOINE Event Code: 1003 Message: Code erreur 100000d1, paramètre 1 ffffffff, paramètre 2 00000002, paramètre 3 00000008, paramètre 4 ffffffff. Record Number: 5489 Source Name: System Error Time Written: 20090709202248.000000+120 Event Type: error User: Computer Name: ANTOINE Event Code: 1003 Message: Code erreur 1000008e, paramètre 1 c0000005, paramètre 2 bd17e1fb, paramètre 3 b79e094c, paramètre 4 00000000. Record Number: 5457 Source Name: System Error Time Written: 20090708200207.000000+120 Event Type: error User: Computer Name: ANTOINE Event Code: 18 Message: TIMEOUT<TeaTimer.exe> C:\...Desktop\avnotify.exe Record Number: 5374 Source Name: avgntflt Time Written: 20090707141617.000000+120 Event Type: warning User: Computer Name: ANTOINE Event Code: 18 Message: TIMEOUT<TeaTimer.exe> C:\...r Desktop\update.exe Record Number: 5373 Source Name: avgntflt Time Written: 20090707141513.000000+120 Event Type: warning User: Computer Name: ANTOINE Event Code: 1003 Message: Code erreur 10000050, paramètre 1 bdda3b22, paramètre 2 00000001, paramètre 3 0c5c245b, paramètre 4 00000002. Record Number: 5301 Source Name: System Error Time Written: 20090705142524.000000+120 Event Type: error User: =====Application event log===== Computer Name: ANTOINE Event Code: 1001 Message: Détecteur d'erreurs 836479291. Record Number: 1502 Source Name: Application Error Time Written: 20080709195414.000000+120 Event Type: error User: Computer Name: ANTOINE Event Code: 1000 Message: Application défaillante update.exe, version 1.2.10.28, module défaillant mfc71u.dll, version 7.10.3077.0, adresse de défaillance 0x00090085. Record Number: 1501 Source Name: Application Error Time Written: 20080709195411.000000+120 Event Type: error User: Computer Name: ANTOINE Event Code: 1000 Message: Application défaillante update.exe, version 1.2.10.28, module défaillant mfc71u.dll, version 7.10.3077.0, adresse de défaillance 0x00090085. Record Number: 1499 Source Name: Application Error Time Written: 20080709195359.000000+120 Event Type: error User: Computer Name: ANTOINE Event Code: 1000 Message: Application défaillante update.exe, version 1.2.10.28, module défaillant mfc71u.dll, version 7.10.3077.0, adresse de défaillance 0x00090085. Record Number: 1497 Source Name: Application Error Time Written: 20080709195352.000000+120 Event Type: error User: Computer Name: ANTOINE Event Code: 1000 Message: Application défaillante update.exe, version 1.2.10.28, module défaillant mfc71u.dll, version 7.10.3077.0, adresse de défaillance 0x00090085. Record Number: 1495 Source Name: Application Error Time Written: 20080709195345.000000+120 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2302 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF-----------------
  7. Maho
    Bonsoir, Voici le log : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2676 Windows 5.1.2600 Service Pack 3 22/08/2009 18:15:07 mbam-log-2009-08-22 (18-15-07).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 183456 Temps écoulé: 51 minute(s), 19 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
  8. Maho
    Bonjour, Voici le log Combofix. Reparbat à simplement copié des fichiers et m'a demandé de les compter. Lors du scan Combofix, je dois désactiver mon anti-virus, ca ne pose pas de problèmes ? ComboFix 09-08-21.02 - AntoineD 22/08/2009 12:58.7.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.642 [GMT 2:00] Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\83bfd.msi . ((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))) . 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu 2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies 2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569 2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-22 10:53 . 2008-02-27 11:18 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-08-22 10:50 . 2004-08-05 12:00 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-22 09:16 . 2004-08-05 12:00 658210 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-22 09:16 . 2004-08-05 12:00 157200 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-21 18:26 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc 2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX 2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java 2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2 2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft 2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 15:57 . 2004-08-05 12:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2 2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll 2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-22 09:12 . 2009-08-22 09:12 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat + 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll - 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll + 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll - 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll - 2006-06-05 13:14 . 2006-06-05 13:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll + 2006-06-05 12:14 . 2006-06-05 12:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll + 2006-06-05 12:14 . 2006-06-05 12:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll - 2006-06-05 13:14 . 2006-06-05 13:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 12:14 . 2006-06-05 12:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll - 2006-06-05 13:14 . 2006-06-05 13:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2004-08-05 12:00 . 2009-08-22 09:16 539748 c:\windows\system32\perfh009.dat + 2004-08-05 12:00 . 2009-08-22 09:16 123304 c:\windows\system32\perfc009.dat + 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll + 2004-08-05 12:00 . 2009-08-22 10:50 574976 c:\windows\system32\dllcache\ntfs.sys + 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll + 2008-04-13 19:15 . 2009-08-22 10:50 574976 c:\windows\ServicePackFiles\i386\ntfs.sys - 2008-04-13 19:15 . 2008-04-13 19:15 574976 c:\windows\ServicePackFiles\i386\ntfs.sys + 2009-08-22 10:54 . 2009-08-22 10:54 295606 c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A81300000003}\SC_Reader.exe + 2007-12-29 14:35 . 2009-08-22 10:50 574976 c:\windows\$NtUninstallKB930916$\ntfs.sys + 2008-07-09 20:33 . 2009-08-22 10:50 574976 c:\windows\$NtServicePackUninstall$\ntfs.sys - 2007-02-09 11:23 . 2007-02-09 11:23 574976 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys + 2007-02-09 11:23 . 2009-08-22 10:50 574976 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys + 2009-08-22 10:54 . 2009-08-22 10:54 4244480 c:\windows\Installer\5b8fd8.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "Regedit32"="c:\windows\system32\regedit.exe" [bU] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com TCP: {C952600B-8AEE-4B3F-8CF2-1AC45AAFC608} = 195.238.2.22 195.238.2.21 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-22 13:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-22 13:08 ComboFix-quarantined-files.txt 2009-08-22 11:08 ComboFix2.txt 2009-08-21 19:32 ComboFix3.txt 2009-08-20 20:29 ComboFix4.txt 2009-08-20 19:37 ComboFix5.txt 2009-08-22 10:57 Pre-Run: 80.635.613.184 octets libres Post-Run: 80.586.125.312 octets libres 263 --- E O F --- 2009-08-19 18:24
  9. Maho
    Bonjour, Voici le résultat de l'analyse par Virus Total : Fichier ntfs.sys reçu le 2009.08.22 10:11:13 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.22 Virus.Win32.Protector!IK AhnLab-V3 5.0.0.2 2009.08.21 - AntiVir 7.9.1.3 2009.08.21 - Antiy-AVL 2.0.3.7 2009.08.21 - Authentium 5.1.2.4 2009.08.21 - Avast 4.8.1335.0 2009.08.21 - AVG 8.5.0.406 2009.08.22 - BitDefender 7.2 2009.08.22 Rootkit.Kobcka.Patched.Gen CAT-QuickHeal 10.00 2009.08.22 W32.Protector.C ClamAV 0.94.1 2009.08.22 - Comodo 2055 2009.08.22 - DrWeb 5.0.0.12182 2009.08.22 BackDoor.Bulknet.404 eSafe 7.0.17.0 2009.08.20 - eTrust-Vet 31.6.6694 2009.08.21 - F-Prot 4.4.4.56 2009.08.21 - F-Secure 8.0.14470.0 2009.08.21 Virus.Win32.Protector.c Fortinet 3.120.0.0 2009.08.22 - GData 19 2009.08.22 Rootkit.Kobcka.Patched.Gen Ikarus T3.1.1.68.0 2009.08.22 Virus.Win32.Protector Jiangmin 11.0.800 2009.08.21 - K7AntiVirus 7.10.824 2009.08.21 - Kaspersky 7.0.0.125 2009.08.22 Virus.Win32.Protector.c McAfee 5716 2009.08.21 - McAfee+Artemis 5716 2009.08.21 Artemis!E86D39DA8D7B McAfee-GW-Edition 6.8.5 2009.08.22 - Microsoft 1.4903 2009.08.22 Virus:Win32/Cutwail.G NOD32 4357 2009.08.21 a variant of Win32/Kryptik.ABX Norman 6.01.09 2009.08.21 - nProtect 2009.1.8.0 2009.08.22 - Panda 10.0.0.14 2009.08.22 Suspicious file PCTools 4.4.2.0 2009.08.21 - Prevx 3.0 2009.08.22 - Rising 21.43.50.00 2009.08.22 - Sophos 4.44.0 2009.08.22 - Sunbelt 3.2.1858.2 2009.08.22 - Symantec 1.4.4.12 2009.08.22 - TheHacker 6.3.4.3.385 2009.08.22 - TrendMicro 8.950.0.1094 2009.08.21 - VBA32 3.12.10.9 2009.08.22 - ViRobot 2009.8.22.1897 2009.08.22 - VirusBuster 4.6.5.0 2009.08.21 - Information additionnelle File size: 626336 bytes MD5...: e86d39da8d7b1f24a79418c6650c0290 SHA1..: 161af84c767f84bc7ef9dd84a549b7409ac17ec5 SHA256: 4d33b0cee9a1dfd46afae438c6f6d05632ab32ddade198b536827f16977488e6 ssdeep: 12288:8uh1xqxz58/mV1OeoHli/Hk08Q3UlyGNdRWJ5K9QZ4eRA89UEPpDSQCX+7<br>COPNTG:LPlivk08Q3UlvNdR2Hy8KEBDSQ7COPNT<br> PEiD..: - TrID..: File type identification<br>Generic Win/DOS Executable (49.5%)<br>DOS Executable Generic (49.5%)<br>VXD Driver (0.7%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xdba<br>timedatestamp.....: 0x4a8d3a9e (Thu Aug 20 11:59:26 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x220 0xc38 0xc40 5.84 8999326cce56b209f76c55b8fa359e05<br>.data 0xe60 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533<br>.reloc 0xe80 0x98020 0x98020 6.64 33f1fd89c89aa547053a7e6425e31640<br><br>( 0 imports ) <br><br>( 0 exports ) <br> PDFiD.: - RDS...: NSRL Reference Data Set<br>- Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.22 Virus.Win32.Protector!IK AhnLab-V3 5.0.0.2 2009.08.21 - AntiVir 7.9.1.3 2009.08.21 - Antiy-AVL 2.0.3.7 2009.08.21 - Authentium 5.1.2.4 2009.08.21 - Avast 4.8.1335.0 2009.08.21 - AVG 8.5.0.406 2009.08.22 - BitDefender 7.2 2009.08.22 Rootkit.Kobcka.Patched.Gen CAT-QuickHeal 10.00 2009.08.22 W32.Protector.C ClamAV 0.94.1 2009.08.22 - Comodo 2055 2009.08.22 - DrWeb 5.0.0.12182 2009.08.22 BackDoor.Bulknet.404 eSafe 7.0.17.0 2009.08.20 - eTrust-Vet 31.6.6694 2009.08.21 - F-Prot 4.4.4.56 2009.08.21 - F-Secure 8.0.14470.0 2009.08.21 Virus.Win32.Protector.c Fortinet 3.120.0.0 2009.08.22 - GData 19 2009.08.22 Rootkit.Kobcka.Patched.Gen Ikarus T3.1.1.68.0 2009.08.22 Virus.Win32.Protector Jiangmin 11.0.800 2009.08.21 - K7AntiVirus 7.10.824 2009.08.21 - Kaspersky 7.0.0.125 2009.08.22 Virus.Win32.Protector.c McAfee 5716 2009.08.21 - McAfee+Artemis 5716 2009.08.21 Artemis!E86D39DA8D7B McAfee-GW-Edition 6.8.5 2009.08.22 - Microsoft 1.4903 2009.08.22 Virus:Win32/Cutwail.G NOD32 4357 2009.08.21 a variant of Win32/Kryptik.ABX Norman 6.01.09 2009.08.21 - nProtect 2009.1.8.0 2009.08.22 - Panda 10.0.0.14 2009.08.22 Suspicious file PCTools 4.4.2.0 2009.08.21 - Prevx 3.0 2009.08.22 - Rising 21.43.50.00 2009.08.22 - Sophos 4.44.0 2009.08.22 - Sunbelt 3.2.1858.2 2009.08.22 - Symantec 1.4.4.12 2009.08.22 - TheHacker 6.3.4.3.385 2009.08.22 - TrendMicro 8.950.0.1094 2009.08.21 - VBA32 3.12.10.9 2009.08.22 - ViRobot 2009.8.22.1897 2009.08.22 - VirusBuster 4.6.5.0 2009.08.21 - Information additionnelle File size: 626336 bytes MD5...: e86d39da8d7b1f24a79418c6650c0290 SHA1..: 161af84c767f84bc7ef9dd84a549b7409ac17ec5 SHA256: 4d33b0cee9a1dfd46afae438c6f6d05632ab32ddade198b536827f16977488e6 ssdeep: 12288:8uh1xqxz58/mV1OeoHli/Hk08Q3UlyGNdRWJ5K9QZ4eRA89UEPpDSQCX+7<br>COPNTG:LPlivk08Q3UlvNdR2Hy8KEBDSQ7COPNT<br> PEiD..: - TrID..: File type identification<br>Generic Win/DOS Executable (49.5%)<br>DOS Executable Generic (49.5%)<br>VXD Driver (0.7%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xdba<br>timedatestamp.....: 0x4a8d3a9e (Thu Aug 20 11:59:26 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x220 0xc38 0xc40 5.84 8999326cce56b209f76c55b8fa359e05<br>.data 0xe60 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533<br>.reloc 0xe80 0x98020 0x98020 6.64 33f1fd89c89aa547053a7e6425e31640<br><br>( 0 imports ) <br><br>( 0 exports ) <br> PDFiD.: - RDS...: NSRL Reference Data Set<br>-
  10. Maho
    Re-bonsoir, voici le log combofix : ComboFix 09-08-20.07 - AntoineD 21/08/2009 21:22.6.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.661 [GMT 2:00] Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd . ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu 2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies 2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569 2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro 2009-08-12 14:43 . 2009-08-12 14:43 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 18:26 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc 2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX 2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 21:54 . 2004-08-05 12:00 657124 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-15 21:54 . 2004-08-05 12:00 156700 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java 2009-08-12 14:43 . 2004-08-05 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2 2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft 2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 15:57 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2 2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll 2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-21 18:00 . 2009-08-21 18:00 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat + 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll - 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll + 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll - 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll + 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416] "Regedit32"="c:\windows\system32\regedit.exe" [bU] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com TCP: {C952600B-8AEE-4B3F-8CF2-1AC45AAFC608} = 195.238.2.22 195.238.2.21 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 21:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-21 21:32 ComboFix-quarantined-files.txt 2009-08-21 19:32 ComboFix2.txt 2009-08-20 20:29 ComboFix3.txt 2009-08-20 19:37 ComboFix4.txt 2009-08-17 18:10 ComboFix5.txt 2009-08-21 19:16 Pre-Run: 80.635.383.808 octets libres Post-Run: 80.585.633.792 octets libres 255 --- E O F --- 2009-08-19 18:24
  11. Maho
    Bonsoir, Il n'y a plus de symptômes, plus rien que je puisse remarquer. J'ai lancé un dernier scan antivir et MBAM, "au cas ou", et MBAM détecte un Trojan que j'ai bloqué avec mon pare feu. Ça me semble un peu préoccupant : > BN7.tmp bloqué à 19h53 et Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2671 Windows 5.1.2600 Service Pack 3 21/08/2009 19:59:19 mbam-log-2009-08-21 (19-59-19).txt Type de recherche: Examen rapide Eléments examinés: 93032 Temps écoulé: 3 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. > BN7.tmp, supprimé à 19h59. Ai-je mal paramétré mon firewall ? Merci, bonne soirée.
  12. Maho
    Autant pour moi. Voici le bon rapport. Bonne soirée. ComboFix 09-08-19.0C - AntoineD 20/08/2009 22:20.5.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.631 [GMT 2:00] Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\ac2d09.msi . ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu 2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies 2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569 2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro 2009-08-12 14:43 . 2009-08-12 14:43 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 20:16 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc 2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX 2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 21:54 . 2004-08-05 12:00 657124 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-15 21:54 . 2004-08-05 12:00 156700 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java 2009-08-12 14:43 . 2004-08-05 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2 2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft 2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 15:57 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2 2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll 2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-20 18:19 . 2009-08-20 18:19 16384 c:\windows\Temp\Perflib_Perfdata_594.dat + 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll - 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll + 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll - 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll + 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 22:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-20 22:29 ComboFix-quarantined-files.txt 2009-08-20 20:29 ComboFix2.txt 2009-08-20 19:37 ComboFix3.txt 2009-08-17 18:10 ComboFix4.txt 2009-08-16 16:27 ComboFix5.txt 2009-08-20 20:19 Pre-Run: 80.683.401.216 octets libres Post-Run: 80.678.096.896 octets libres 207 --- E O F --- 2009-08-19 18:24
  13. Maho
    Bonsoir, Voici le log. Il semblerait que Combofix ait fonctionné avec le "reduced functionalities mode". Je ne l'ai pas mis à jour car ce genre de programme me dépasse totalement ^^'. S'il vous faut un nouveau log, je pense rester connecté quelques heures encore. Sinon, ce sera demain. Bonne soirée. ComboFix 09-08-10.06 - AntoineD 20/08/2009 21:32.4.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.1023.651 [GMT 2:00] Running from: c:\documents and settings\AntoineD\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Pare-feu Online Armor *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2009-08-19 18:25 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-08-19 18:25 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-08-19 18:25 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\program files\Tall Emu 2009-08-19 18:23 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-08-19 18:23 . 2009-06-25 08:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-19 18:23 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-08-19 18:23 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-17 17:52 . 2009-08-17 17:10 176640 ----a-w- c:\windows\system32\appmgmts.dll 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\MSBuild 2009-08-15 21:51 . 2009-08-15 21:51 -------- d-----w- c:\program files\Reference Assemblies 2009-08-15 21:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-15 21:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-15 21:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-15 21:50 . 2009-08-15 21:50 -------- d-----w- C:\0656ce9091292e9e36d34114245569 2009-08-15 21:50 . 2009-08-16 14:27 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-15 21:43 . 2009-08-15 21:43 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-08-15 19:38 . 2009-08-15 19:38 152576 ----a-w- c:\documents and settings\AntoineD\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-15 19:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-15 19:25 . 2009-08-15 19:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 20:45 . 2009-08-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 20:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 20:26 . 2009-08-12 20:26 -------- d-----w- c:\program files\Trend Micro 2009-08-12 14:43 . 2009-08-12 14:43 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 16:35 . 2008-01-02 22:45 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-19 19:19 . 2008-04-22 16:44 -------- d-----w- c:\program files\DivX 2009-08-19 18:53 . 2009-05-02 14:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-19 18:41 . 2008-01-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-16 18:28 . 2007-12-29 15:59 63696 ----a-w- c:\documents and settings\AntoineD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 14:34 . 2009-07-16 17:37 -------- d-----w- c:\documents and settings\AntoineD\Application Data\vlc 2009-08-15 21:54 . 2004-08-05 12:00 657124 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-15 21:54 . 2004-08-05 12:00 156700 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 19:40 . 2008-01-23 16:16 -------- d-----w- c:\program files\Java 2009-08-12 14:43 . 2004-08-05 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-10 18:26 . 2008-01-22 18:37 1 ----a-w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-08-10 18:26 . 2008-01-22 18:36 -------- d-----w- c:\documents and settings\AntoineD\Application Data\OpenOffice.org2 2009-08-10 12:00 . 2008-01-03 23:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-05 09:03 . 2008-08-08 17:24 -------- d-----w- c:\program files\World of Warcraft 2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2009-01-15 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 15:57 . 2004-08-05 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-28 14:44 . 2008-05-17 12:30 -------- d-----w- c:\documents and settings\AntoineD\Application Data\teamspeak2 2009-06-26 22:30 . 2009-06-26 19:06 -------- d-----w- c:\documents and settings\AntoineD\Application Data\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Ventrilo 2009-06-26 19:06 . 2009-06-26 19:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-10 16:33 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 16:33 . 2007-12-05 00:41 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 16:33 . 2007-12-05 00:41 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2007-12-29 13:56 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll 2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-04 14:39 . 2007-12-29 14:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-12 14:43 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot_2009-08-17_18.08.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-20 18:19 . 2009-08-20 18:19 16384 c:\windows\Temp\Perflib_Perfdata_594.dat + 2008-05-29 15:00 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll - 2008-05-29 15:00 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll + 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll - 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll + 2009-04-17 10:30 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [19/08/2009 20:25 200784] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [19/08/2009 20:25 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [19/08/2009 20:25 29776] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/05/2009 16:22 108289] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [19/08/2009 20:25 362184] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [19/08/2009 20:25 3142344] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} - hxxp://www.mtv-france.com/podcast/videoDL.cab FF - ProfilePath - c:\documents and settings\AntoineD\Application Data\Mozilla\Firefox\Profiles\yghasjkw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wowwiki.com/Portal:Main|http://chrysalis.clicforum.fr/index.php . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 21:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1376) c:\program files\Tall Emu\Online Armor\OAwatch.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . Completion time: 2009-08-20 21:37 ComboFix-quarantined-files.txt 2009-08-20 19:37 ComboFix2.txt 2009-08-17 18:10 ComboFix3.txt 2009-08-16 16:27 ComboFix4.txt 2009-08-16 16:13 Pre-Run: 80.787.841.024 octets libres Post-Run: 80.753.016.832 octets libres 209 --- E O F --- 2009-08-19 18:24
  14. Maho
    Bonsoir, J'ai suivi toutes les indications dans l'ordre. J'ai vraiment apprécié de bloquer l'accès aux Trojans, huhu. EDIT : Je suis resté connecté assez longtemps ce soir et il semblerait que tout fonctionne assez bien. Cependant, malgré le pare-feu, je me fais encore attaquer par une sorte de trojan. Antivir le met en quarantaine, mais il me semble que lorsque l'antivirus me propose cette option, il est déjà trop tard. Etant donné que les interventions d'antivir sont assez rares et par acquis de conscience, j'ai refait un scan rapide à l'aide de MBAM (C'est surement prendre l'initiative mais étant donné que la dernière consigne était un scan MBAM ... ^^'). MBAM à trouvé et éradique le Trojan mais je ne sais pas comment m'en protéger ^^'. Si vous le désirez, je posterai le dernier log de MBAM demain, mais je ne l'ajoute pas à cette édit par soucis de clarté. Bonne soirée. Voici le log. Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2658 Windows 5.1.2600 Service Pack 3 19/08/2009 20:47:44 mbam-log-2009-08-19 (20-47-44).txt Type de recherche: Examen rapide Eléments examinés: 92964 Temps écoulé: 4 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
  15. Maho
    Bonsoir, Woah hé bien… ça a été rapide, enfait. Un grand merci pour votre efficacité, rapidité et disponibilité. Vous avez réglé la plupart de mes soucis, je n’ai pas passé beaucoup de temps sur l’ordi mais toutes les menaces dont je vous parlais dans mon premier post semblent avoir été éradiquées. Plus de signes d’Ikowin, ni du message de sécurité étrange. La seule trace de leur présence passée est ma barre des taches qui a été chamboulée par le Malware, je suppose que tout va revenir à la normale rapidement. Cependant, j’ai l’impression que depuis le début de cette infection, quelqu’un a placardé « écurie » sur mon ordinateur. Lorsque je me connecte au net, je suis assailli par des Trojans. Après le premier « pack de 5 Trojans », mon pare-feu Windows est désactivé. Et aujourd’hui, il m’a été impossible de le ré-activer. Je suppose que c’est ces Trojans qui sont responsables des redémarrages intempestifs. Aujourd’hui, je me suis déconnecté dès que mon pare-feu a été désactivé, je n’ai donc pas eu le loisir de tester si les Trojans étaient responsables des redémarrages. Toutefois, je suppose que l’un d’eux a réussi à passer les sécurités car il m’est impossible de ré-activer mon pare-feu et le « sablier » apparait toutes les 3 secondes à coté de mon curseur, même lorsque je ne fais rien. Voici une screenshot de mon dossier « quarantaine », là où la plupart des chevaux de Troie atterrissent. Il y a tellement d’attaques que je n’arrive pas à « gérer » toutes les tentatives d’infection une par une et les fenêtres antivir concernant les derniers Trojans m’échappent. J’imagine qu’antivir les envoie automatiquement en quarantaine ? Dois-je installer un pare-feu plus puissant ? Mon PC a-t-il à nouveau été infecté par les attaques d’aujourd’hui ? Merci. EDIT : Je viens d'ouvrir mon gestionnaire de taches et je constate que "svchost.exe" est ouvert en continu. En gros, chaque fois que le "sablier" apparait, un svschost.exe apparait dans le gestionnaire. Tous les "svschost" sont à 84ko sauf un à 6832ko. Il commence à en avoir vraiment beaucoup ^^'.
×
×
  • Créer...