stee

Un grand merci pour toutes les infos et l'aide que tu m'a apporté ainsi que les différents conseils. @+

Voici le dernier rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:42:14, on 18/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MAFWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\RivaTuner v2.02\RivaTuner.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\svchost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "C:\RivaTuner v2.02\RivaTuner.exe" /T O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1187128257494 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112995362 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112974533 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{040CBFAE-B17B-4D4C-83D7-3A631463AC03}: NameServer = 192.168.1.1,212.27.48.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{58E5BC09-7242-4633-99BB-94E7ECA95338}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14E2EC-E3A9-429B-9160-FA199D284144}: NameServer = 212.27.54.252,212.27.32.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2205B0-3CBC-4189-82B7-063F543AD864}: NameServer = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Update Service (gupdate1c9cdb39a729a0) (gupdate1c9cdb39a729a0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\Ixia\Endpoint\endpoint.exe O23 - Service: NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32 (NSClientpp) - Unknown owner - C:\Program Files\NSClient++\nsclient++.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Distributed Audit Service (xdasd) - OpenXDAS - C:\OpenXDAS\xdasd.exe -- End of file - 5696 bytes

Hello Bon je pense que nous sommes arrivés au bout et l'idée du firewal était une super idée en fait j'aurai du commencer par me douter de ça .En fait tout était dans les éxécutables de google. Ce qui m'a guidé c'est lorsque j'ai fermé les ports 80,443 sur le routeur firewall, j'ai eu 25 sites web en plus essayant de sortir en https (je te raconte pas le nom des domaines) du firewall des que j'ai bloqué le google update, google notifier etc plus rien, j'ai donc tout viré c'était la passerelle pour toutes les véroles, raison pour laquelle ça ce relance automatiquement. Donc à savoir et pas prêt d'utiliser les tools de google dans firefox qui servent de champ de tir (même topo pour IE un vrai nid de surprises ) Maintenant réseau branché j'ai un silence de mort sur la machine il y a de temps en temps le firewall qui se connecte . En tous les cas je dois te remercier pour avoir passer autant de temps sur mon problème, sincèrement Merci. @+

POur Info le scan de GMER est toujours en cours...

Je voulais dire pas de braviax en local , le BNA oui c'est une vérole Le GMER est lancé !

IL est génial ce firewall, j'ai la dernière version MBAM, j'ai deux popup firewall : le premier regedit veut se lancer tout seul le second le prog BNA.tmp wants to run pas de vérole à l'horizon

L'install est ok , j'ai vérouillé un max les prog vers OUT, ce qui est dingue c'est qu'après nettoyage je récupère 100Mo de mémoire ! je suis à 226 Mo au démarrage sous XP , mon linux fait 60 Mo avec le bureau Pour info je suis sous XP SP3, le pc se connecte avec un clé usb wifi , j'active la machine ?

La procédure est terminé ?

OK , mais j'ai déja un routeur firewall en dur , tu veux dire que sans un firewal en plus en plus je suis coincé par le virus ?

Non hors réseau tout va bien , j'active la machine sur le réseau? (avec le net)

La manip est ok , la machine à fait un reboot, puis verif du disque E: par windows , lancement de l'interface windows ok, recup du fichier de log que voici All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder c:\windows\system32\braviax.exe not found. File/Folder c:\windows\system32\dllcache\figaro.sys not found. File/Folder c:\windows\system32\figaro.sys not found. File/Folder c:\windows\system32\wisdstr.exe not found. C:\WINDOWS\putivevovy.com moved successfully. C:\WINDOWS\rywyrav.vbs moved successfully. C:\WINDOWS\likivodevi.bat moved successfully. C:\Program Files\Fichiers communs\utypyji.vbs moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3116f0-4ea7-11dc-b73e-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3116f0-4ea7-11dc-b73e-806d6172696f}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes ->FireFox cache emptied: 44629102 bytes User: All Users User: captain crosoft ->Temp folder emptied: 1158330 bytes ->Temporary Internet Files folder emptied: 3220325 bytes ->Java cache emptied: 40026369 bytes ->FireFox cache emptied: 66274541 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 64785 bytes User: nagios ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\NV15123876.TMP folder deleted successfully. C:\WINDOWS\NV24082388.TMP folder deleted successfully. C:\WINDOWS\NV25801988.TMP folder deleted successfully. C:\WINDOWS\NV31123116.TMP folder deleted successfully. C:\WINDOWS\NV34962648.TMP folder deleted successfully. C:\WINDOWS\NV35322868.TMP folder deleted successfully. C:\WINDOWS\NV6841340.TMP folder deleted successfully. %systemroot% .tmp files removed: 81287559 bytes %systemroot%\System32 .tmp files removed: 3072 bytes Windows Temp folder emptied: 483 bytes RecycleBin emptied: 986 bytes Total Files Cleaned = 225.81 mb OTM by OldTimer - Version 3.0.0.6 log created on 08172009_153307 Files moved on Reboot... Registry entries deleted on Reboot...

Voila le fichier Logfile of random's system information tool 1.06 (written by random/random) Run by captain crosoft at 2009-08-17 15:13:50 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 21 GB (9%) free of 238 GB Total RAM: 2047 MB (77% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:52, on 17/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\RivaTuner v2.02\RivaTuner.exe C:\WINDOWS\system32\nvsvc32.exe C:\ITUNES\iTunesHelper.exe C:\WINDOWS\System32\MAFWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\tlntsvr.exe C:\OpenXDAS\xdasd.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe E:\reparvirus\RSIT.exe C:\Program Files\Trend Micro\HijackThis\captain crosoft.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTuner] "C:\RivaTuner v2.02\RivaTuner.exe" /T O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\ITUNES\iTunesHelper.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1187128257494 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112995362 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112974533 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{040CBFAE-B17B-4D4C-83D7-3A631463AC03}: NameServer = 192.168.1.1,212.27.48.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{58E5BC09-7242-4633-99BB-94E7ECA95338}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14E2EC-E3A9-429B-9160-FA199D284144}: NameServer = 212.27.54.252,212.27.32.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2205B0-3CBC-4189-82B7-063F543AD864}: NameServer = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Update Service (gupdate1c9cdb39a729a0) (gupdate1c9cdb39a729a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\Ixia\Endpoint\endpoint.exe O23 - Service: NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32 (NSClientpp) - Unknown owner - C:\Program Files\NSClient++\nsclient++.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Distributed Audit Service (xdasd) - OpenXDAS - C:\OpenXDAS\xdasd.exe -- End of file - 7776 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-26 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Gainward"=C:\WINDOWS\TBPanel.exe [2005-10-26 2052096] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-02-14 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-02-14 86016] "RivaTuner"=C:\RivaTuner v2.02\RivaTuner.exe [2007-07-01 2596864] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720] "iTunesHelper"=C:\ITUNES\iTunesHelper.exe [2007-12-11 267048] "RivaTunerStartupDaemon"=C:\RivaTuner v2.02\RivaTuner.exe [2007-07-01 2596864] "M-Audio Taskbar Icon"=C:\WINDOWS\System32\MAFWTray.exe [2008-03-03 252424] "MAFWTaskbarApp"=C:\WINDOWS\system32\MAFWTray.exe [2008-03-03 252424] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-19 68856] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] "Google Update"=C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 133104] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DudeServer] C:\Program Files\Dude\dude.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-TF1] C:\Program Files\TF1Vision\TF1vision.exe [2007-07-24 345600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\ITUNES\iTunesHelper.exe [2007-12-11 267048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apache2.2"=2 "WZCSVC"=2 "SharedAccess"=2 "SCardSvr"=3 "mysql"=2 "RSVP"=3 "RemoteRegistry"=2 "RDSessMgr"=3 "RasMan"=3 "RasAuto"=3 "TapiSrv"=3 "UPS"=3 "VMware NAT Service"=2 "vmserverdWin32"=2 "vmount2"=2 "VMnetDHCP"=2 "VMAuthdService"=2 "mnmsrvc"=3 "Themes"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player" "C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Disabled:abc" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Disabled:FileZilla" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "C:\ITUNES\iTunes.exe"="C:\ITUNES\iTunes.exe:*:Disabled:iTunes" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin" "C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin" "C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts" "C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Photocopier Expert\simplecopier.exe"="C:\Program Files\Photocopier Expert\simplecopier.exe:*:Enabled:SimpleCopier" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3116f0-4ea7-11dc-b73e-806d6172696f}] shell\AutoRun\command - D:\stub.exe ======List of files/folders created in the last 1 months====== 2009-08-17 15:13:50 ----D---- C:\rsit 2009-08-17 13:51:18 ----D---- C:\Program Files\Avira 2009-08-17 13:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-08-17 13:29:43 ----SHD---- C:\RECYCLER 2009-08-17 11:49:58 ----D---- C:\WINDOWS\temp 2009-08-17 11:49:56 ----A---- C:\ComboFix.txt 2009-08-17 09:53:16 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-17 09:53:06 ----SD---- C:\27350-CF 2009-08-17 00:36:00 ----A---- C:\WINDOWS\putivevovy.com 2009-08-17 00:25:23 ----D---- C:\Remote Programs 2009-08-17 00:24:45 ----SHD---- C:\Config.Msi 2009-08-17 00:03:19 ----A---- C:\WINDOWS\rywyrav.vbs 2009-08-17 00:03:19 ----A---- C:\WINDOWS\likivodevi.bat 2009-08-17 00:03:19 ----A---- C:\Program Files\Fichiers communs\utypyji.vbs 2009-08-16 23:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-15 22:32:26 ----A---- C:\WINDOWS\zip.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\SWSC.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\SWREG.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\sed.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\PEV.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\grep.exe 2009-08-15 22:32:04 ----D---- C:\WINDOWS\ERDNT 2009-08-15 22:30:42 ----D---- C:\Qoobox 2009-08-15 20:54:45 ----D---- C:\615bc555c03f6bd56ce4 2009-08-15 19:45:25 ----D---- C:\Program Files\Lavasoft 2009-08-15 19:45:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-08-15 19:33:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-08-15 19:18:14 ----D---- C:\Program Files\Trend Micro 2009-08-14 22:07:04 ----D---- C:\Program Files\Navigraph 2009-08-14 22:07:04 ----D---- C:\Documents and Settings\captain crosoft\Application Data\Navigraph 2009-08-14 20:08:22 ----D---- C:\!KillBox 2009-08-14 18:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-14 15:57:51 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-08-14 15:57:34 ----D---- C:\Program Files\FS Real Time 2009-08-14 15:56:29 ----D---- C:\Program Files\MSBuild 2009-08-14 15:53:51 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-14 15:53:48 ----D---- C:\WINDOWS\system32\en-us 2009-08-14 15:53:00 ----D---- C:\Program Files\Reference Assemblies 2009-08-14 15:52:34 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-08-14 14:26:07 ----D---- C:\Documents and Settings\captain crosoft\Application Data\Malwarebytes 2009-08-14 14:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-14 14:25:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-14 14:25:30 ----A---- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe 2009-08-14 14:17:42 ----A---- C:\ccsetup222.exe 2009-08-13 11:59:38 ----A---- C:\WINDOWS\fs9configurator.ini 2009-08-13 11:54:38 ----D---- C:\Program Files\Ken Salter 2009-08-12 23:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 23:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 23:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 23:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 23:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 23:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 23:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 23:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-12 23:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 14:14:56 ----D---- C:\Program Files\ALMATY9 V2.0 2009-08-11 10:15:00 ----A---- C:\WINDOWS\OCS PT-154 Uninstaller.exe 2009-08-11 10:14:59 ----D---- C:\Program Files\OCS PT-154 2009-08-11 10:12:56 ----D---- C:\Program Files\NCalc5 2009-08-08 20:42:10 ----A---- C:\WINDOWS\NAVIGMA.INI ======List of files/folders modified in the last 1 months====== 2009-08-17 14:58:19 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-17 14:58:16 ----D---- C:\WINDOWS\system32\ias 2009-08-17 14:57:16 ----D---- C:\WINDOWS\system32\drivers 2009-08-17 14:57:16 ----D---- C:\WINDOWS 2009-08-17 14:56:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-17 14:55:58 ----D---- C:\WINDOWS\system32 2009-08-17 14:42:58 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-17 14:09:47 ----D---- C:\3D 2009-08-17 13:51:27 ----HD---- C:\WINDOWS\inf 2009-08-17 13:51:18 ----RD---- C:\Program Files 2009-08-17 13:50:24 ----D---- C:\WOAI 2009-08-17 13:49:07 ----D---- C:\WINDOWS\WinSxS 2009-08-17 13:49:04 ----SHD---- C:\WINDOWS\Installer 2009-08-17 13:31:24 ----D---- C:\Program Files\Mozilla Firefox 2009-08-17 11:43:50 ----N---- C:\WINDOWS\system.ini 2009-08-17 11:41:31 ----D---- C:\Program Files\Fichiers communs 2009-08-17 11:35:53 ----D---- C:\WINDOWS\AppPatch 2009-08-17 11:16:32 ----SHD---- C:\WINDOWS\CSC 2009-08-17 00:26:47 ----D---- C:\Program Files\EasyScan 2009-08-17 00:26:20 ----D---- C:\rFactor2 2009-08-17 00:23:49 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-16 23:16:47 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-16 23:09:41 ----D---- C:\WINDOWS\Prefetch 2009-08-16 18:32:29 ----D---- C:\WINDOWS\pss 2009-08-15 22:55:37 ----SD---- C:\WINDOWS\Tasks 2009-08-15 22:46:53 ----D---- C:\WINDOWS\system32\config 2009-08-15 22:32:25 ----SHD---- C:\System Volume Information 2009-08-15 22:32:25 ----D---- C:\WINDOWS\system32\Restore 2009-08-15 22:17:09 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-15 21:33:49 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-15 21:33:44 ----RSD---- C:\WINDOWS\assembly 2009-08-15 20:59:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-15 20:55:46 ----RSD---- C:\WINDOWS\Fonts 2009-08-14 18:43:41 ----A---- C:\WINDOWS\imsins.BAK 2009-08-14 15:57:38 ----D---- C:\WINDOWS\system32\mui 2009-08-14 15:57:30 ----D---- C:\WINDOWS\system32\fr-fr 2009-08-14 15:52:41 ----D---- C:\WINDOWS\system32\spool 2009-08-14 15:29:50 ----N---- C:\WINDOWS\Setup1.exe 2009-08-14 15:29:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-14 15:25:59 ----D---- C:\Program Files\Real Environment Pro 2009-08-14 14:18:19 ----D---- C:\Program Files\CCleaner 2009-08-14 13:19:24 ----D---- C:\MAO_PROG 2009-08-14 12:40:25 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-14 00:02:52 ----D---- C:\Documents and Settings\captain crosoft\Application Data\OpenOffice.org2 2009-08-13 22:45:01 ----D---- C:\Program Files\Mozilla Thunderbird 2009-08-12 23:50:27 ----D---- C:\Program Files\Outlook Express 2009-08-10 21:24:58 ----D---- C:\download 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-31 01:20:28 ----D---- C:\Program Files\Internet Explorer 2009-07-31 01:20:19 ----D---- C:\WINDOWS\ie7updates 2009-07-30 21:09:41 ----D---- C:\Program Files\Google 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-17 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys [] R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306] R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-10-30 23296] R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [] R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [] R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [] R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vstor2.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MAFW;MAFW; C:\WINDOWS\system32\DRIVERS\mafw.sys [2008-03-03 193032] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-24 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-02-14 3983872] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-10-17 9856] R3 RivaTuner32;RivaTuner32; \??\C:\RivaTuner v2.02\RivaTuner32.sys [] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-10-30 9600] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2006-06-06 11136] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2006-06-06 46208] S1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys [] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DELTAFW;Service for M-Audio FW Driver (WDM); C:\WINDOWS\System32\DRIVERS\deltafw.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [] S3 MAFWBOOT;Bootloader Service for M-Audio FW Driver (WDM); C:\WINDOWS\System32\DRIVERS\mafwboot.sys [] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS [] S3 PORTMON;PORTMON; \??\C:\Outils_alstom\PORTMSYS.SYS [] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632] S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS); C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 16896] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; \??\C:\Ufasoft\Sniffer\usft_sn4.sys [] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2006-06-06 21632] S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2006-06-06 20864] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2006-06-06 6400] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-17 1984] R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-17 1856] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-02-14 159811] R2 xdasd;Distributed Audit Service; C:\OpenXDAS\xdasd.exe [2008-05-28 45056] R3 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-17 108289] R3 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-17 185089] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104] S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-05 133104] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2008-07-30 587776] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 IxiaEndpoint;Ixia Endpoint; C:\Ixia\Endpoint\endpoint.exe [2003-12-01 700492] S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32; C:\Program Files\NSClient++\nsclient++.exe [2008-09-24 409600] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-06 66872] S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-02-26 107832] S3 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-10-30 147548] S3 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-10-30 106496] S3 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104] S3 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-10-30 1650782] S3 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-10-30 135168] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Oui , en fait il s'active quand je connecte la machine sur le net , dans TCPVIEW machine non sur le net mais avec une IP du routeur je vois plein d'activité essayant de se connecter le truc est là certainement à la différence c'est que maintenant je n'ai que braviax...

Voila le resultat avant supression Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2638 Windows 5.1.2600 Service Pack 3 17/08/2009 12:21:28 mbam-log-2009-08-17 (12-21-03).txt Type de recherche: Examen rapide Eléments examinés: 100669 Temps écoulé: 3 minute(s), 56 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\temp\\BN10.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> No action taken. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> No action taken. C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\temp\BN10.tmp (Trojan.Agent) -> No action taken. apres supression Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2638 Windows 5.1.2600 Service Pack 3 17/08/2009 12:21:44 mbam-log-2009-08-17 (12-21-44).txt Type de recherche: Examen rapide Eléments examinés: 100669 Temps écoulé: 3 minute(s), 56 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\temp\\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. braviax est toujours dans le gestionnaire des tâches, quand je lance TCPVIEW je peu voir braviax.exe:1272 UDP 127.0.0.1:1033

Non en fait j'avais je l'avais déconnecté tout simplement mais je peux avoir le net avec cette machine, Je continue ta proc