Aller au contenu

stee

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    37

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par stee

  1. stee
    Un grand merci pour toutes les infos et l'aide que tu m'a apporté ainsi que les différents conseils. @+
  2. stee
    Voici le dernier rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:42:14, on 18/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MAFWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\RivaTuner v2.02\RivaTuner.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\svchost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "C:\RivaTuner v2.02\RivaTuner.exe" /T O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1187128257494 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112995362 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112974533 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{040CBFAE-B17B-4D4C-83D7-3A631463AC03}: NameServer = 192.168.1.1,212.27.48.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{58E5BC09-7242-4633-99BB-94E7ECA95338}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14E2EC-E3A9-429B-9160-FA199D284144}: NameServer = 212.27.54.252,212.27.32.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2205B0-3CBC-4189-82B7-063F543AD864}: NameServer = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Update Service (gupdate1c9cdb39a729a0) (gupdate1c9cdb39a729a0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\Ixia\Endpoint\endpoint.exe O23 - Service: NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32 (NSClientpp) - Unknown owner - C:\Program Files\NSClient++\nsclient++.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Distributed Audit Service (xdasd) - OpenXDAS - C:\OpenXDAS\xdasd.exe -- End of file - 5696 bytes
  3. stee
    Hello Bon je pense que nous sommes arrivés au bout et l'idée du firewal était une super idée en fait j'aurai du commencer par me douter de ça .En fait tout était dans les éxécutables de google. Ce qui m'a guidé c'est lorsque j'ai fermé les ports 80,443 sur le routeur firewall, j'ai eu 25 sites web en plus essayant de sortir en https (je te raconte pas le nom des domaines) du firewall des que j'ai bloqué le google update, google notifier etc plus rien, j'ai donc tout viré c'était la passerelle pour toutes les véroles, raison pour laquelle ça ce relance automatiquement. Donc à savoir et pas prêt d'utiliser les tools de google dans firefox qui servent de champ de tir (même topo pour IE un vrai nid de surprises ) Maintenant réseau branché j'ai un silence de mort sur la machine il y a de temps en temps le firewall qui se connecte . En tous les cas je dois te remercier pour avoir passer autant de temps sur mon problème, sincèrement Merci. @+
  4. stee
    POur Info le scan de GMER est toujours en cours...
  5. stee
    Je voulais dire pas de braviax en local , le BNA oui c'est une vérole Le GMER est lancé !
  6. stee
    IL est génial ce firewall, j'ai la dernière version MBAM, j'ai deux popup firewall : le premier regedit veut se lancer tout seul le second le prog BNA.tmp wants to run pas de vérole à l'horizon
  7. stee
    L'install est ok , j'ai vérouillé un max les prog vers OUT, ce qui est dingue c'est qu'après nettoyage je récupère 100Mo de mémoire ! je suis à 226 Mo au démarrage sous XP , mon linux fait 60 Mo avec le bureau Pour info je suis sous XP SP3, le pc se connecte avec un clé usb wifi , j'active la machine ?
  8. stee
    La procédure est terminé ?
  9. stee
    OK , mais j'ai déja un routeur firewall en dur , tu veux dire que sans un firewal en plus en plus je suis coincé par le virus ?
  10. stee
    Non hors réseau tout va bien , j'active la machine sur le réseau? (avec le net)
  11. stee
    La manip est ok , la machine à fait un reboot, puis verif du disque E: par windows , lancement de l'interface windows ok, recup du fichier de log que voici All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder c:\windows\system32\braviax.exe not found. File/Folder c:\windows\system32\dllcache\figaro.sys not found. File/Folder c:\windows\system32\figaro.sys not found. File/Folder c:\windows\system32\wisdstr.exe not found. C:\WINDOWS\putivevovy.com moved successfully. C:\WINDOWS\rywyrav.vbs moved successfully. C:\WINDOWS\likivodevi.bat moved successfully. C:\Program Files\Fichiers communs\utypyji.vbs moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3116f0-4ea7-11dc-b73e-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3116f0-4ea7-11dc-b73e-806d6172696f}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes ->FireFox cache emptied: 44629102 bytes User: All Users User: captain crosoft ->Temp folder emptied: 1158330 bytes ->Temporary Internet Files folder emptied: 3220325 bytes ->Java cache emptied: 40026369 bytes ->FireFox cache emptied: 66274541 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 64785 bytes User: nagios ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\NV15123876.TMP folder deleted successfully. C:\WINDOWS\NV24082388.TMP folder deleted successfully. C:\WINDOWS\NV25801988.TMP folder deleted successfully. C:\WINDOWS\NV31123116.TMP folder deleted successfully. C:\WINDOWS\NV34962648.TMP folder deleted successfully. C:\WINDOWS\NV35322868.TMP folder deleted successfully. C:\WINDOWS\NV6841340.TMP folder deleted successfully. %systemroot% .tmp files removed: 81287559 bytes %systemroot%\System32 .tmp files removed: 3072 bytes Windows Temp folder emptied: 483 bytes RecycleBin emptied: 986 bytes Total Files Cleaned = 225.81 mb OTM by OldTimer - Version 3.0.0.6 log created on 08172009_153307 Files moved on Reboot... Registry entries deleted on Reboot...
  12. stee
    Voila le fichier Logfile of random's system information tool 1.06 (written by random/random) Run by captain crosoft at 2009-08-17 15:13:50 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 21 GB (9%) free of 238 GB Total RAM: 2047 MB (77% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:52, on 17/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\RivaTuner v2.02\RivaTuner.exe C:\WINDOWS\system32\nvsvc32.exe C:\ITUNES\iTunesHelper.exe C:\WINDOWS\System32\MAFWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\tlntsvr.exe C:\OpenXDAS\xdasd.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe E:\reparvirus\RSIT.exe C:\Program Files\Trend Micro\HijackThis\captain crosoft.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTuner] "C:\RivaTuner v2.02\RivaTuner.exe" /T O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\ITUNES\iTunesHelper.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1187128257494 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112995362 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227112974533 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{040CBFAE-B17B-4D4C-83D7-3A631463AC03}: NameServer = 192.168.1.1,212.27.48.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{58E5BC09-7242-4633-99BB-94E7ECA95338}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14E2EC-E3A9-429B-9160-FA199D284144}: NameServer = 212.27.54.252,212.27.32.177 O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2205B0-3CBC-4189-82B7-063F543AD864}: NameServer = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = free.fr O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Update Service (gupdate1c9cdb39a729a0) (gupdate1c9cdb39a729a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\Ixia\Endpoint\endpoint.exe O23 - Service: NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32 (NSClientpp) - Unknown owner - C:\Program Files\NSClient++\nsclient++.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Distributed Audit Service (xdasd) - OpenXDAS - C:\OpenXDAS\xdasd.exe -- End of file - 7776 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-26 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Gainward"=C:\WINDOWS\TBPanel.exe [2005-10-26 2052096] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-02-14 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-02-14 86016] "RivaTuner"=C:\RivaTuner v2.02\RivaTuner.exe [2007-07-01 2596864] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720] "iTunesHelper"=C:\ITUNES\iTunesHelper.exe [2007-12-11 267048] "RivaTunerStartupDaemon"=C:\RivaTuner v2.02\RivaTuner.exe [2007-07-01 2596864] "M-Audio Taskbar Icon"=C:\WINDOWS\System32\MAFWTray.exe [2008-03-03 252424] "MAFWTaskbarApp"=C:\WINDOWS\system32\MAFWTray.exe [2008-03-03 252424] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-19 68856] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] "Google Update"=C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 133104] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DudeServer] C:\Program Files\Dude\dude.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-TF1] C:\Program Files\TF1Vision\TF1vision.exe [2007-07-24 345600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\ITUNES\iTunesHelper.exe [2007-12-11 267048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apache2.2"=2 "WZCSVC"=2 "SharedAccess"=2 "SCardSvr"=3 "mysql"=2 "RSVP"=3 "RemoteRegistry"=2 "RDSessMgr"=3 "RasMan"=3 "RasAuto"=3 "TapiSrv"=3 "UPS"=3 "VMware NAT Service"=2 "vmserverdWin32"=2 "vmount2"=2 "VMnetDHCP"=2 "VMAuthdService"=2 "mnmsrvc"=3 "Themes"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player" "C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Disabled:abc" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Disabled:FileZilla" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "C:\ITUNES\iTunes.exe"="C:\ITUNES\iTunes.exe:*:Disabled:iTunes" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin" "C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\captain crosoft\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin" "C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts" "C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Photocopier Expert\simplecopier.exe"="C:\Program Files\Photocopier Expert\simplecopier.exe:*:Enabled:SimpleCopier" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3116f0-4ea7-11dc-b73e-806d6172696f}] shell\AutoRun\command - D:\stub.exe ======List of files/folders created in the last 1 months====== 2009-08-17 15:13:50 ----D---- C:\rsit 2009-08-17 13:51:18 ----D---- C:\Program Files\Avira 2009-08-17 13:51:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-08-17 13:29:43 ----SHD---- C:\RECYCLER 2009-08-17 11:49:58 ----D---- C:\WINDOWS\temp 2009-08-17 11:49:56 ----A---- C:\ComboFix.txt 2009-08-17 09:53:16 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-17 09:53:06 ----SD---- C:\27350-CF 2009-08-17 00:36:00 ----A---- C:\WINDOWS\putivevovy.com 2009-08-17 00:25:23 ----D---- C:\Remote Programs 2009-08-17 00:24:45 ----SHD---- C:\Config.Msi 2009-08-17 00:03:19 ----A---- C:\WINDOWS\rywyrav.vbs 2009-08-17 00:03:19 ----A---- C:\WINDOWS\likivodevi.bat 2009-08-17 00:03:19 ----A---- C:\Program Files\Fichiers communs\utypyji.vbs 2009-08-16 23:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-15 22:32:26 ----A---- C:\WINDOWS\zip.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\SWSC.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\SWREG.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\sed.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\PEV.exe 2009-08-15 22:32:26 ----A---- C:\WINDOWS\grep.exe 2009-08-15 22:32:04 ----D---- C:\WINDOWS\ERDNT 2009-08-15 22:30:42 ----D---- C:\Qoobox 2009-08-15 20:54:45 ----D---- C:\615bc555c03f6bd56ce4 2009-08-15 19:45:25 ----D---- C:\Program Files\Lavasoft 2009-08-15 19:45:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-08-15 19:33:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-08-15 19:18:14 ----D---- C:\Program Files\Trend Micro 2009-08-14 22:07:04 ----D---- C:\Program Files\Navigraph 2009-08-14 22:07:04 ----D---- C:\Documents and Settings\captain crosoft\Application Data\Navigraph 2009-08-14 20:08:22 ----D---- C:\!KillBox 2009-08-14 18:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-14 15:57:51 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-08-14 15:57:34 ----D---- C:\Program Files\FS Real Time 2009-08-14 15:56:29 ----D---- C:\Program Files\MSBuild 2009-08-14 15:53:51 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-14 15:53:48 ----D---- C:\WINDOWS\system32\en-us 2009-08-14 15:53:00 ----D---- C:\Program Files\Reference Assemblies 2009-08-14 15:52:34 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-08-14 14:26:07 ----D---- C:\Documents and Settings\captain crosoft\Application Data\Malwarebytes 2009-08-14 14:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-14 14:25:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-14 14:25:30 ----A---- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe 2009-08-14 14:17:42 ----A---- C:\ccsetup222.exe 2009-08-13 11:59:38 ----A---- C:\WINDOWS\fs9configurator.ini 2009-08-13 11:54:38 ----D---- C:\Program Files\Ken Salter 2009-08-12 23:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 23:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 23:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 23:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 23:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 23:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 23:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 23:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-12 23:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 14:14:56 ----D---- C:\Program Files\ALMATY9 V2.0 2009-08-11 10:15:00 ----A---- C:\WINDOWS\OCS PT-154 Uninstaller.exe 2009-08-11 10:14:59 ----D---- C:\Program Files\OCS PT-154 2009-08-11 10:12:56 ----D---- C:\Program Files\NCalc5 2009-08-08 20:42:10 ----A---- C:\WINDOWS\NAVIGMA.INI ======List of files/folders modified in the last 1 months====== 2009-08-17 14:58:19 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-17 14:58:16 ----D---- C:\WINDOWS\system32\ias 2009-08-17 14:57:16 ----D---- C:\WINDOWS\system32\drivers 2009-08-17 14:57:16 ----D---- C:\WINDOWS 2009-08-17 14:56:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-17 14:55:58 ----D---- C:\WINDOWS\system32 2009-08-17 14:42:58 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-17 14:09:47 ----D---- C:\3D 2009-08-17 13:51:27 ----HD---- C:\WINDOWS\inf 2009-08-17 13:51:18 ----RD---- C:\Program Files 2009-08-17 13:50:24 ----D---- C:\WOAI 2009-08-17 13:49:07 ----D---- C:\WINDOWS\WinSxS 2009-08-17 13:49:04 ----SHD---- C:\WINDOWS\Installer 2009-08-17 13:31:24 ----D---- C:\Program Files\Mozilla Firefox 2009-08-17 11:43:50 ----N---- C:\WINDOWS\system.ini 2009-08-17 11:41:31 ----D---- C:\Program Files\Fichiers communs 2009-08-17 11:35:53 ----D---- C:\WINDOWS\AppPatch 2009-08-17 11:16:32 ----SHD---- C:\WINDOWS\CSC 2009-08-17 00:26:47 ----D---- C:\Program Files\EasyScan 2009-08-17 00:26:20 ----D---- C:\rFactor2 2009-08-17 00:23:49 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-16 23:16:47 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-16 23:09:41 ----D---- C:\WINDOWS\Prefetch 2009-08-16 18:32:29 ----D---- C:\WINDOWS\pss 2009-08-15 22:55:37 ----SD---- C:\WINDOWS\Tasks 2009-08-15 22:46:53 ----D---- C:\WINDOWS\system32\config 2009-08-15 22:32:25 ----SHD---- C:\System Volume Information 2009-08-15 22:32:25 ----D---- C:\WINDOWS\system32\Restore 2009-08-15 22:17:09 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-15 21:33:49 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-15 21:33:44 ----RSD---- C:\WINDOWS\assembly 2009-08-15 20:59:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-15 20:55:46 ----RSD---- C:\WINDOWS\Fonts 2009-08-14 18:43:41 ----A---- C:\WINDOWS\imsins.BAK 2009-08-14 15:57:38 ----D---- C:\WINDOWS\system32\mui 2009-08-14 15:57:30 ----D---- C:\WINDOWS\system32\fr-fr 2009-08-14 15:52:41 ----D---- C:\WINDOWS\system32\spool 2009-08-14 15:29:50 ----N---- C:\WINDOWS\Setup1.exe 2009-08-14 15:29:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-14 15:25:59 ----D---- C:\Program Files\Real Environment Pro 2009-08-14 14:18:19 ----D---- C:\Program Files\CCleaner 2009-08-14 13:19:24 ----D---- C:\MAO_PROG 2009-08-14 12:40:25 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-14 00:02:52 ----D---- C:\Documents and Settings\captain crosoft\Application Data\OpenOffice.org2 2009-08-13 22:45:01 ----D---- C:\Program Files\Mozilla Thunderbird 2009-08-12 23:50:27 ----D---- C:\Program Files\Outlook Express 2009-08-10 21:24:58 ----D---- C:\download 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-31 01:20:28 ----D---- C:\Program Files\Internet Explorer 2009-07-31 01:20:19 ----D---- C:\WINDOWS\ie7updates 2009-07-30 21:09:41 ----D---- C:\Program Files\Google 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-17 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys [] R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306] R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-10-30 23296] R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [] R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [] R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [] R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vstor2.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MAFW;MAFW; C:\WINDOWS\system32\DRIVERS\mafw.sys [2008-03-03 193032] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-24 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-02-14 3983872] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-10-17 9856] R3 RivaTuner32;RivaTuner32; \??\C:\RivaTuner v2.02\RivaTuner32.sys [] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-10-30 9600] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2006-06-06 11136] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2006-06-06 46208] S1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys [] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DELTAFW;Service for M-Audio FW Driver (WDM); C:\WINDOWS\System32\DRIVERS\deltafw.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [] S3 MAFWBOOT;Bootloader Service for M-Audio FW Driver (WDM); C:\WINDOWS\System32\DRIVERS\mafwboot.sys [] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS [] S3 PORTMON;PORTMON; \??\C:\Outils_alstom\PORTMSYS.SYS [] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632] S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS); C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 16896] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; \??\C:\Ufasoft\Sniffer\usft_sn4.sys [] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2006-06-06 21632] S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2006-06-06 20864] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2006-06-06 6400] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-17 1984] R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-17 1856] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-02-14 159811] R2 xdasd;Distributed Audit Service; C:\OpenXDAS\xdasd.exe [2008-05-28 45056] R3 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-17 108289] R3 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-17 185089] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104] S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-05 133104] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2008-07-30 587776] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 IxiaEndpoint;Ixia Endpoint; C:\Ixia\Endpoint\endpoint.exe [2003-12-01 700492] S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32; C:\Program Files\NSClient++\nsclient++.exe [2008-09-24 409600] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-06 66872] S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-02-26 107832] S3 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-10-30 147548] S3 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-10-30 106496] S3 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104] S3 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-10-30 1650782] S3 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-10-30 135168] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  13. stee
    Oui , en fait il s'active quand je connecte la machine sur le net , dans TCPVIEW machine non sur le net mais avec une IP du routeur je vois plein d'activité essayant de se connecter le truc est là certainement à la différence c'est que maintenant je n'ai que braviax...
  14. stee
    Voila le resultat avant supression Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2638 Windows 5.1.2600 Service Pack 3 17/08/2009 12:21:28 mbam-log-2009-08-17 (12-21-03).txt Type de recherche: Examen rapide Eléments examinés: 100669 Temps écoulé: 3 minute(s), 56 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\temp\\BN10.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> No action taken. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> No action taken. C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\temp\BN10.tmp (Trojan.Agent) -> No action taken. apres supression Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2638 Windows 5.1.2600 Service Pack 3 17/08/2009 12:21:44 mbam-log-2009-08-17 (12-21-44).txt Type de recherche: Examen rapide Eléments examinés: 100669 Temps écoulé: 3 minute(s), 56 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\temp\\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. braviax est toujours dans le gestionnaire des tâches, quand je lance TCPVIEW je peu voir braviax.exe:1272 UDP 127.0.0.1:1033
  15. stee
    Non en fait j'avais je l'avais déconnecté tout simplement mais je peux avoir le net avec cette machine, Je continue ta proc
  16. stee
    LOG du nouveau combofix ComboFix 09-08-10.06 - captain crosoft 17/08/2009 11:32.6.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1628 [GMT 2:00] Running from: c:\documents and settings\captain crosoft\Bureau\ComboFix.exe Command switches used :: e:\reparvirus\Cfscript3.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Application Data\ezefo.bat" "c:\documents and settings\All Users\Application Data\nudyhupod.reg" "c:\documents and settings\captain crosoft\Application Data\xafif.exe" "c:\documents and settings\NetworkService\Application Data\awur.com" "c:\documents and settings\NetworkService\Application Data\qocam.com" "c:\documents and settings\NetworkService\Application Data\tamilipin.pif" "c:\documents and settings\NetworkService\Application Data\udoq.reg" "c:\documents and settings\NetworkService\Local Settings\Application Data\qohiso.exe" "c:\program files\Fichiers communs\alijowon.inf" "c:\program files\Fichiers communs\axag._dl" "c:\program files\Fichiers communs\kudehysyr.reg" "c:\program files\Fichiers communs\ybisop.dl" "c:\program files\Fichiers communs\yzozil.dl" "c:\windows\exymuwikev.exe" "c:\windows\garinu.scr" "c:\windows\omuqyxun.bin" "c:\windows\onafuq.scr" "c:\windows\system32\_scui.cpl" "c:\windows\system32\braviax.exe" "c:\windows\system32\dllcache\figaro.sys" "c:\windows\system32\elubybyn.com" "c:\windows\system32\eqyse.reg" "c:\windows\system32\figaro.sys" "c:\windows\system32\upowyz.exe" "c:\windows\system32\venijupuq.vbs" "c:\windows\system32\vipevuqy.sys" "c:\windows\system32\wisdstr.exe" "c:\windows\system32\xisajy.vbs" "c:\windows\system32\ykalyvig.scr" "c:\windows\wegabawody.dll" "c:\windows\ylenysax.reg" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\ezefo.bat c:\documents and settings\All Users\Application Data\nudyhupod.reg c:\documents and settings\captain crosoft\Application Data\xafif.exe c:\documents and settings\NetworkService\Application Data\awur.com c:\documents and settings\NetworkService\Application Data\qocam.com c:\documents and settings\NetworkService\Application Data\tamilipin.pif c:\documents and settings\NetworkService\Application Data\udoq.reg c:\documents and settings\NetworkService\Local Settings\Application Data\qohiso.exe C:\PC_Antispyware2010 c:\pc_antispyware2010\PC_Antispyware2010.lnk c:\pc_antispyware2010\Uninstall.lnk c:\program files\Fichiers communs\alijowon.inf c:\program files\Fichiers communs\axag._dl c:\program files\Fichiers communs\kudehysyr.reg c:\program files\Fichiers communs\ybisop.dl c:\program files\Fichiers communs\yzozil.dl c:\program files\PC_Antispyware2010 c:\program files\PC_Antispyware2010\.cfg c:\program files\PC_Antispyware2010\AVEngn.dll c:\program files\PC_Antispyware2010\data\daily.cvd c:\program files\PC_Antispyware2010\htmlayout.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe c:\program files\PC_Antispyware2010\pthreadVC2.dll c:\program files\PC_Antispyware2010\Uninstall.exe c:\program files\PC_Antispyware2010\wscui.cpl c:\windows\exymuwikev.exe c:\windows\garinu.scr c:\windows\omuqyxun.bin c:\windows\onafuq.scr c:\windows\system32\elubybyn.com c:\windows\system32\eqyse.reg c:\windows\system32\upowyz.exe c:\windows\system32\venijupuq.vbs c:\windows\system32\vipevuqy.sys c:\windows\system32\xisajy.vbs c:\windows\system32\ykalyvig.scr c:\windows\wegabawody.dll c:\windows\ylenysax.reg . ((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))))))) . 2009-08-17 07:53 . 2009-08-17 08:00 -------- d-s---w- C:\27350-CF 2009-08-17 07:29 . 2002-12-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-16 22:36 . 2009-08-16 22:36 11236 ----a-w- c:\windows\putivevovy.com 2009-08-16 22:25 . 2009-08-16 22:25 -------- d-----w- C:\Remote Programs 2009-08-16 22:03 . 2009-08-16 22:03 19954 ----a-w- c:\program files\Fichiers communs\melufe.dat 2009-08-16 22:03 . 2009-08-16 22:03 19195 ----a-w- c:\windows\likivodevi.bat 2009-08-16 22:03 . 2009-08-16 22:03 18559 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\izygodul.dat 2009-08-16 22:03 . 2009-08-16 22:03 17762 ----a-w- c:\program files\Fichiers communs\utypyji.vbs 2009-08-16 22:03 . 2009-08-16 22:03 16696 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\ibisowusu.dll 2009-08-16 22:03 . 2009-08-16 22:03 15764 ----a-w- c:\windows\pavipaho.dat 2009-08-16 22:03 . 2009-08-16 22:03 15402 ----a-w- c:\windows\rywyrav.vbs 2009-08-16 22:03 . 2009-08-16 22:03 11180 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\cimoduwozi.pif 2009-08-16 21:33 . 2009-08-16 22:29 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-16 20:46 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-16 15:17 . 2009-08-14 10:13 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-15 18:54 . 2009-08-15 18:55 -------- d-----w- C:\615bc555c03f6bd56ce4 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\program files\Lavasoft 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-15 17:33 . 2009-08-16 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 17:18 . 2009-08-15 17:18 -------- d-----w- c:\program files\Trend Micro 2009-08-14 20:07 . 2009-08-14 20:07 74083 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ARPPRODUCTICON.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe1_0D54DE165360499A9175C95A7F3C5401.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe_0BD1ADA496834929AD856F9834E3E161.exe 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\program files\Navigraph 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Navigraph 2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- C:\!KillBox 2009-08-14 13:57 . 2009-08-14 13:57 -------- d-----w- c:\program files\FS Real Time 2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\program files\MSBuild 2009-08-14 13:53 . 2009-08-15 18:55 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 13:52 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-08-14 12:26 . 2009-08-14 12:26 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 12:25 . 2009-08-14 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-14 12:25 . 2009-08-14 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-14 12:25 . 2009-08-14 12:25 3942048 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe 2009-08-14 12:17 . 2009-08-14 12:17 3278552 ----a-w- C:\ccsetup222.exe 2009-08-13 09:54 . 2009-08-13 09:54 -------- d-----w- c:\program files\Ken Salter 2009-08-12 20:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 12:14 . 2009-08-11 12:15 -------- d-----w- c:\program files\ALMATY9 V2.0 2009-08-11 08:15 . 2009-08-11 08:15 149657 ----a-w- c:\windows\OCS PT-154 Uninstaller.exe 2009-08-11 08:14 . 2009-08-11 08:14 -------- d-----w- c:\program files\OCS PT-154 2009-08-11 08:12 . 2009-08-14 20:57 -------- d-----w- c:\program files\NCalc5 2009-08-11 07:35 . 2009-08-05 10:29 43008 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-08-11 07:35 . 2009-08-05 10:29 340480 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-08-11 07:35 . 2009-08-05 10:28 346112 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-16 22:26 . 2009-04-14 17:19 -------- d-----w- c:\program files\EasyScan 2009-08-16 22:03 . 2009-08-16 22:03 15711 ----a-w- c:\program files\Fichiers communs\gecyvufiru._dl 2009-08-16 22:03 . 2009-08-16 22:03 12117 ----a-w- c:\program files\Fichiers communs\poqyveq.db 2009-08-16 22:03 . 2009-08-16 22:03 11132 ----a-w- c:\program files\Fichiers communs\iwar._sy 2009-08-16 22:03 . 2009-08-16 22:03 11039 ----a-w- c:\documents and settings\All Users\Application Data\ikagoja.dat 2009-08-15 21:21 . 2006-09-18 12:15 24488 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 18:59 . 2003-04-24 19:00 81718 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 18:59 . 2003-04-24 19:00 503166 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-14 13:29 . 2006-11-10 07:45 249856 ------w- c:\windows\Setup1.exe 2009-08-14 13:29 . 2006-09-18 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 13:25 . 2009-06-26 22:45 -------- d-----w- c:\program files\Real Environment Pro 2009-08-14 12:18 . 2006-09-26 06:52 -------- d-----w- c:\program files\CCleaner 2009-08-13 22:02 . 2006-11-19 07:55 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\OpenOffice.org2 2009-08-13 20:45 . 2007-09-06 22:11 205061 ----a-w- c:\documents and settings\captain crosoft\Application Data\Thunderbird\Profiles\f0cc1wri.default\Mail\Nouvelles et Blogs\Linux news from LinuxWorld.com 2009-08-13 20:45 . 2006-09-18 11:10 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 19:09 . 2006-10-25 18:01 -------- d-----w- c:\program files\Google 2009-07-17 19:03 . 2003-04-24 19:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-10 11:05 . 2009-07-10 11:05 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 10:38 . 2009-01-22 18:03 -------- d-----w- c:\program files\Vim 2009-07-10 10:38 . 2006-09-19 18:40 -------- d-----w- c:\program files\PyGrenouille 2009-07-09 12:32 . 2006-09-18 10:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2003-04-24 19:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-26 22:09 . 2009-06-26 22:09 -------- d-----w- c:\program files\Boeing737FPL 2009-06-25 22:58 . 2009-06-25 22:58 90 --sh--w- c:\windows\cnerolf.dat 2009-06-25 08:26 . 2003-04-24 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2003-04-24 19:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2003-04-24 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2003-04-24 19:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2003-04-24 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 22:47 . 2009-06-24 22:12 287746956 ----a-w- C:\LO_1.1b_Flaming_Cliffs_Setup.exe 2009-06-24 11:18 . 2003-04-24 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 18:24 . 2009-06-23 18:23 28081408 ----a-w- C:\flight_simulator_2004_un_siecle_d_aviation_patch_v9.1_francais_13134.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-18 21:32 . 2009-06-18 13:51 -------- d-----w- c:\program files\Ubisoft 2009-06-18 15:33 . 2009-06-18 15:33 -------- d-----w- c:\program files\M-Audio 2009-06-18 13:41 . 2009-06-18 13:40 21579004 ----a-w- C:\silent_hunter_3_patch_1-4b_version_retail_europe.exe 2009-06-18 13:33 . 2009-06-12 17:32 -------- d-----w- c:\program files\GameShadow 2009-06-16 14:40 . 2003-04-24 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2003-04-24 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2003-04-24 19:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2003-04-24 19:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 17:17 . 2009-06-12 17:16 21579004 ----a-w- C:\silent_hunter_3_patch_v1.4b_-_retail_europe_14744.exe 2009-06-10 14:14 . 2003-04-24 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2006-09-18 10:42 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2003-04-24 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2003-04-24 19:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-09-16 07:55 . 2007-07-24 15:55 1512 ----a-w- c:\program files\2cv mod 1.0 - readme.txt 2006-05-29 14:40 . 2008-03-07 17:25 7296000 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll 2004-08-04 12:00 . 2007-08-29 19:56 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [7] 2008-04-13 11:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\cache\ntfs.sys [-] 2009-08-14 10:13 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_20.49.33 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2007-01-10 15:56 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll + 2009-08-16 20:44 . 2009-08-16 20:44 228352 c:\windows\Installer\e03fbc.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Google Update"="c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2005-10-26 2052096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016] "RivaTuner"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "iTunesHelper"="c:\itunes\iTunesHelper.exe" [2007-12-11 267048] "RivaTunerStartupDaemon"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424] "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-14 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apache2.2"=2 (0x2) "WZCSVC"=2 (0x2) "SharedAccess"=2 (0x2) "SCardSvr"=3 (0x3) "mysql"=2 (0x2) "RSVP"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "TapiSrv"=3 (0x3) "UPS"=3 (0x3) "VMware NAT Service"=2 (0x2) "vmserverdWin32"=2 (0x2) "vmount2"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "mnmsrvc"=3 (0x3) "Themes"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FileZilla\\FileZilla.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\ITUNES\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "34447:TCP"= 34447:TCP:*:Disabled:Rfactor session chat "34297:UDP"= 34297:UDP:*:Disabled:Rfactor Lan query "34397:UDP"= 34397:UDP:*:Disabled:Rfactor Race event "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14:46 63352] R2 xdasd;Distributed Audit Service;c:\openxdas\xdasd.exe [28/05/2008 19:48 45056] R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [18/06/2009 17:33 193032] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [21/11/2006 10:30 4224] S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2009 20:55 133104] S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32;c:\program files\NSClient++\nsclient++.exe [24/09/2008 23:33 409600] S3 PORTMON;PORTMON;\??\c:\outils_alstom\PORTMSYS.SYS --> c:\outils_alstom\PORTMSYS.SYS [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/08/2008 00:17 517632] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/09/2006 14:55 16896] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\ufasoft\Sniffer\usft_sn4.sys [11/11/2007 03:30 15744] S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [30/10/2008 18:59 1650782] . Contents of the 'Scheduled Tasks' folder 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm TCP: {040CBFAE-B17B-4D4C-83D7-3A631463AC03} = 192.168.1.1,212.27.48.10 TCP: {58E5BC09-7242-4633-99BB-94E7ECA95338} = 80.10.246.2,80.10.246.129 TCP: {6F14E2EC-E3A9-429B-9160-FA199D284144} = 212.27.54.252,212.27.32.177 TCP: {7C2205B0-3CBC-4189-82B7-063F543AD864} = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 FF - ProfilePath - c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll FF - plugin: c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\itunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npUMediaPlayer5.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-17 11:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,0b,ed,c9,72,ef,f3,96,64,23,a2,a9,54,c9,8a,a2,9e,d2,5b,e3,95,70,19, 8e,21,da,1c,1b,86,df,51,7c,ef,2d,81,c9,b8,00,97,7f,ce,8c,e0,5e,6b,0e,3e,8b,\ "??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:b3,aa,9a,8d,c3,2c,7e,ac,82,cf,85,26,7c,c5,bb,de,88,91,c2,fb,08, 0c,5d,c3,e3,21,e1,46,6a,e2,80,9a,71,85,0f,58,3d,bd,a7,9e,0f,f6,97,15,e5,0f,\ "rkeysecu"=hex:0a,8a,03,96,13,6d,9e,41,e6,bb,99,da,b9,a6,f6,b0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(788) c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\scardsvr.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\sessmgr.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\windows\system32\tlntsvr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-17 11:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-17 09:49 ComboFix2.txt 2009-08-17 07:39 ComboFix3.txt 2009-08-16 22:07 ComboFix4.txt 2009-08-16 16:48 ComboFix5.txt 2009-08-17 07:48 Pre-Run: 22 012 514 304 octets libres Post-Run: 21 958 529 024 octets libres 380 --- E O F --- 2009-08-16 21:16
  17. stee
    Lancement du script 11:32
  18. stee
    La situation: Pas de prob, relance OK, bureau OK PC antispyware 2010 est dans la barre des taches et me lance une fenêtre WARNING vous avez blablabla Je n'est plus d'antivirus sur la machine (desinstalle hier soir)
  19. stee
    Pour info je n'ai touché à rien et il a redémarrer tous seul !!!!!!!!!!
  20. stee
    Toujours pas d'activité, que me conseille tu , fermer la fenêtre et relancer le script ou relance du pc en ayant fermé la fenêtre?
  21. stee
    pour info il n'est pas connecté sur le net, ça peut être la cause ?
  22. stee
    au mini 15 minutes
  23. stee
    Il n'y a plus d'activité disque ...
  24. stee
    Pour info il reste bloqué sur "completed stage_32 depuis un bon moment ?
  25. stee
    Hello J'ai un message d'erreur , une fenêtre "Were you trying to run CFScript?", The name, CFSCRIPT appears to be incorrectly spelt" ???
×
×
  • Créer...