stee

Hello Bon j'ai un soft_antispyware 2010 flambant neuf !!! c'est incroyable le bouleau qu'ils font pour faire des saloperies, sincèrement je ne sais ce que cela rapporte mais niveau dev j'imagine qu'ils se ballade (assembleur, C, etc). @+

Merci en tous les cas pour ton aide et ta patience ! Je préfère mon poste DEBIAN linux j'ai jamais eu de prob depuis 5ans A demain

Voila le fichier de log combofix ComboFix 09-08-10.06 - captain crosoft 16/08/2009 23:45.4.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1464 [GMT 2:00] Running from: c:\documents and settings\captain crosoft\Bureau\27350-CF.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\fibiduzom.exe c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\hehovuc.dl c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\oludyvymon.ban c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\opuzik.bin c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\_scui.cpl c:\windows\system32\braviax.exe c:\windows\system32\dllcache\figaro.sys c:\windows\system32\wisdstr.exe Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected Restored copy from - c:\system volume information\_restore{4881E702-0A1E-4773-96E9-9D4894093395}\RP1\A0000111.sys . ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-16 22:00 . 2009-08-16 22:00 29184 -c--a-w- c:\windows\system32\dllcache\figaro.sys 2009-08-16 21:56 . 2002-12-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-16 21:39 . 2009-08-16 21:39 18771 ----a-w- c:\windows\system32\xisajy.vbs 2009-08-16 21:39 . 2009-08-16 21:39 18184 ----a-w- c:\program files\Fichiers communs\kudehysyr.reg 2009-08-16 21:39 . 2009-08-16 21:39 16731 ----a-w- c:\windows\system32\vipevuqy.sys 2009-08-16 21:39 . 2009-08-16 21:39 14742 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\qohiso.exe 2009-08-16 21:39 . 2009-08-16 21:39 14293 ----a-w- c:\documents and settings\NetworkService\Application Data\qocam.com 2009-08-16 21:39 . 2009-08-16 21:39 13280 ----a-w- c:\windows\ylenysax.reg 2009-08-16 21:39 . 2009-08-16 21:39 12938 ----a-w- c:\documents and settings\All Users\Application Data\ezefo.bat 2009-08-16 21:39 . 2009-08-16 21:39 12569 ----a-w- c:\windows\garinu.scr 2009-08-16 21:39 . 2009-08-16 21:41 -------- d-----w- c:\program files\PC_Antispyware2010 2009-08-16 21:33 . 2009-08-16 21:33 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-16 21:28 . 2009-08-16 21:28 19670 ----a-w- c:\windows\system32\venijupuq.vbs 2009-08-16 21:28 . 2009-08-16 21:28 18978 ----a-w- c:\windows\onafuq.scr 2009-08-16 21:28 . 2009-08-16 21:28 14498 ----a-w- c:\windows\exymuwikev.exe 2009-08-16 21:28 . 2009-08-16 21:28 13848 ----a-w- c:\windows\wegabawody.dll 2009-08-16 21:28 . 2009-08-16 21:28 13353 ----a-w- c:\documents and settings\NetworkService\Application Data\awur.com 2009-08-16 21:28 . 2009-08-16 21:28 12795 ----a-w- c:\documents and settings\NetworkService\Application Data\tamilipin.pif 2009-08-16 21:28 . 2009-08-16 21:28 12345 ----a-w- c:\windows\system32\ykalyvig.scr 2009-08-16 21:28 . 2009-08-16 21:28 11682 ----a-w- c:\windows\system32\eqyse.reg 2009-08-16 21:28 . 2009-08-16 21:28 10456 ----a-w- c:\windows\omuqyxun.bin 2009-08-16 21:28 . 2009-08-16 21:28 10436 ----a-w- c:\windows\system32\upowyz.exe 2009-08-16 21:28 . 2009-08-16 21:28 10159 ----a-w- c:\windows\system32\elubybyn.com 2009-08-16 21:16 . 2009-08-16 21:16 -------- d-----w- C:\PC_Antispyware2010 2009-08-16 20:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-16 20:46 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-16 20:46 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-16 20:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-16 20:46 . 2009-08-16 20:46 -------- d-----w- c:\program files\Avira 2009-08-16 20:46 . 2009-08-16 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-16 15:17 . 2009-08-14 10:13 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-15 18:54 . 2009-08-15 18:55 -------- d-----w- C:\615bc555c03f6bd56ce4 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\program files\Lavasoft 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-15 17:33 . 2009-08-16 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 17:18 . 2009-08-15 17:18 -------- d-----w- c:\program files\Trend Micro 2009-08-14 20:07 . 2009-08-14 20:07 74083 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ARPPRODUCTICON.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe1_0D54DE165360499A9175C95A7F3C5401.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe_0BD1ADA496834929AD856F9834E3E161.exe 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\program files\Navigraph 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Navigraph 2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- C:\!KillBox 2009-08-14 13:57 . 2009-08-14 13:57 -------- d-----w- c:\program files\FS Real Time 2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\program files\MSBuild 2009-08-14 13:53 . 2009-08-15 18:55 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 13:52 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-08-14 12:26 . 2009-08-14 12:26 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 12:25 . 2009-08-14 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-14 12:25 . 2009-08-14 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-14 12:25 . 2009-08-14 12:25 3942048 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe 2009-08-14 12:17 . 2009-08-14 12:17 3278552 ----a-w- C:\ccsetup222.exe 2009-08-13 09:54 . 2009-08-13 09:54 -------- d-----w- c:\program files\Ken Salter 2009-08-12 20:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 12:14 . 2009-08-11 12:15 -------- d-----w- c:\program files\ALMATY9 V2.0 2009-08-11 08:15 . 2009-08-11 08:15 149657 ----a-w- c:\windows\OCS PT-154 Uninstaller.exe 2009-08-11 08:14 . 2009-08-11 08:14 -------- d-----w- c:\program files\OCS PT-154 2009-08-11 08:12 . 2009-08-14 20:57 -------- d-----w- c:\program files\NCalc5 2009-08-11 07:35 . 2009-08-05 10:29 43008 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-08-11 07:35 . 2009-08-05 10:29 340480 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-08-11 07:35 . 2009-08-05 10:28 346112 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-16 22:01 . 2009-08-16 22:01 11264 ----a-w- c:\windows\system32\braviax.exe 2009-08-16 21:39 . 2009-08-16 21:39 17466 ----a-w- c:\documents and settings\All Users\Application Data\nudyhupod.reg 2009-08-16 21:39 . 2009-08-16 21:39 16100 ----a-w- c:\documents and settings\NetworkService\Application Data\udoq.reg 2009-08-16 21:39 . 2009-08-16 21:39 14857 ----a-w- c:\program files\Fichiers communs\alijowon.inf 2009-08-16 21:28 . 2009-08-16 21:28 19802 ----a-w- c:\program files\Fichiers communs\yzozil.dl 2009-08-16 21:28 . 2009-08-16 21:28 19411 ----a-w- c:\program files\Fichiers communs\ybisop.dl 2009-08-16 21:28 . 2009-08-16 21:28 14036 ----a-w- c:\program files\Fichiers communs\axag._dl 2009-08-15 21:21 . 2006-09-18 12:15 24488 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 18:59 . 2003-04-24 19:00 81718 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 18:59 . 2003-04-24 19:00 503166 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-14 13:29 . 2006-11-10 07:45 249856 ------w- c:\windows\Setup1.exe 2009-08-14 13:29 . 2006-09-18 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 13:25 . 2009-06-26 22:45 -------- d-----w- c:\program files\Real Environment Pro 2009-08-14 12:18 . 2006-09-26 06:52 -------- d-----w- c:\program files\CCleaner 2009-08-13 22:02 . 2006-11-19 07:55 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\OpenOffice.org2 2009-08-13 20:45 . 2007-09-06 22:11 205061 ----a-w- c:\documents and settings\captain crosoft\Application Data\Thunderbird\Profiles\f0cc1wri.default\Mail\Nouvelles et Blogs\Linux news from LinuxWorld.com 2009-08-13 20:45 . 2006-09-18 11:10 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 19:09 . 2006-10-25 18:01 -------- d-----w- c:\program files\Google 2009-07-17 19:03 . 2003-04-24 19:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 17:08 . 2009-07-17 17:08 -------- d-----w- c:\program files\LOCAL2UTC 2009-07-13 21:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-10 11:05 . 2009-07-10 11:05 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 10:38 . 2009-01-22 18:03 -------- d-----w- c:\program files\Vim 2009-07-10 10:38 . 2006-09-19 18:40 -------- d-----w- c:\program files\PyGrenouille 2009-07-09 12:32 . 2006-09-18 10:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2003-04-24 19:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-26 22:09 . 2009-06-26 22:09 -------- d-----w- c:\program files\Boeing737FPL 2009-06-25 22:58 . 2009-06-25 22:58 90 --sh--w- c:\windows\cnerolf.dat 2009-06-25 08:26 . 2003-04-24 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2003-04-24 19:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2003-04-24 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2003-04-24 19:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2003-04-24 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 22:47 . 2009-06-24 22:12 287746956 ----a-w- C:\LO_1.1b_Flaming_Cliffs_Setup.exe 2009-06-24 11:18 . 2003-04-24 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 18:24 . 2009-06-23 18:23 28081408 ----a-w- C:\flight_simulator_2004_un_siecle_d_aviation_patch_v9.1_francais_13134.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-18 21:32 . 2009-06-18 13:51 -------- d-----w- c:\program files\Ubisoft 2009-06-18 15:33 . 2009-06-18 15:33 -------- d-----w- c:\program files\M-Audio 2009-06-18 13:41 . 2009-06-18 13:40 21579004 ----a-w- C:\silent_hunter_3_patch_1-4b_version_retail_europe.exe 2009-06-18 13:33 . 2009-06-12 17:32 -------- d-----w- c:\program files\GameShadow 2009-06-16 14:40 . 2003-04-24 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2003-04-24 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2003-04-24 19:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2003-04-24 19:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 17:17 . 2009-06-12 17:16 21579004 ----a-w- C:\silent_hunter_3_patch_v1.4b_-_retail_europe_14744.exe 2009-06-10 14:14 . 2003-04-24 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2006-09-18 10:42 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2003-04-24 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2003-04-24 19:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-09-16 07:55 . 2007-07-24 15:55 1512 ----a-w- c:\program files\2cv mod 1.0 - readme.txt 2006-05-29 14:40 . 2008-03-07 17:25 7296000 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll 2004-08-04 12:00 . 2007-08-29 19:56 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [7] 2008-04-13 11:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\cache\ntfs.sys [-] 2009-08-14 10:13 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_20.49.33 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2009-08-16 21:58 . 2009-08-16 21:58 16384 c:\windows\temp\Perflib_Perfdata_784.dat + 2009-08-16 21:39 . 2009-08-16 21:39 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat + 2007-01-10 15:56 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll + 2009-08-16 20:46 . 2009-08-16 21:15 28520 c:\windows\system32\drivers\ssmdrv.sys + 2009-08-16 20:44 . 2009-08-16 20:44 228352 c:\windows\Installer\e03fbc.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Google Update"="c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Gainward"="c:\windows\TBPanel.exe" [2005-10-26 2052096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016] "RivaTuner"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "iTunesHelper"="c:\itunes\iTunesHelper.exe" [2007-12-11 267048] "RivaTunerStartupDaemon"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424] "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-16 590784] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-14 1622016] "braviax"="" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "braviax"="" [bU] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apache2.2"=2 (0x2) "WZCSVC"=2 (0x2) "SharedAccess"=2 (0x2) "SCardSvr"=3 (0x3) "mysql"=2 (0x2) "RSVP"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "TapiSrv"=3 (0x3) "UPS"=3 (0x3) "VMware NAT Service"=2 (0x2) "vmserverdWin32"=2 (0x2) "vmount2"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "mnmsrvc"=3 (0x3) "Themes"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FileZilla\\FileZilla.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\ITUNES\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "34447:TCP"= 34447:TCP:*:Disabled:Rfactor session chat "34297:UDP"= 34297:UDP:*:Disabled:Rfactor Lan query "34397:UDP"= 34397:UDP:*:Disabled:Rfactor Race event "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14:46 63352] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2008 19:16 114768] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/08/2009 22:46 108289] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2008 19:16 20560] R2 xdasd;Distributed Audit Service;c:\openxdas\xdasd.exe [28/05/2008 19:48 45056] R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [18/06/2009 17:33 193032] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [21/11/2006 10:30 4224] S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2009 20:55 133104] S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32;c:\program files\NSClient++\nsclient++.exe [24/09/2008 23:33 409600] S3 PORTMON;PORTMON;\??\c:\outils_alstom\PORTMSYS.SYS --> c:\outils_alstom\PORTMSYS.SYS [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/08/2008 00:17 517632] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/09/2006 14:55 16896] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\ufasoft\Sniffer\usft_sn4.sys [11/11/2007 03:30 15744] S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [30/10/2008 18:59 1650782] . Contents of the 'Scheduled Tasks' folder 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm TCP: {040CBFAE-B17B-4D4C-83D7-3A631463AC03} = 192.168.1.1,212.27.48.10 TCP: {58E5BC09-7242-4633-99BB-94E7ECA95338} = 80.10.246.2,80.10.246.129 TCP: {6F14E2EC-E3A9-429B-9160-FA199D284144} = 212.27.54.252,212.27.32.177 TCP: {7C2205B0-3CBC-4189-82B7-063F543AD864} = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 FF - ProfilePath - c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll FF - plugin: c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\itunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npUMediaPlayer5.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 23:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\braviax.exe 11264 bytes executable c:\documents and settings\captain crosoft\Application Data\xafif.exe 10919 bytes scan completed successfully hidden files: 2 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,0b,ed,c9,72,ef,f3,96,64,23,a2,a9,54,c9,8a,a2,9e,d2,5b,e3,95,70,19, 8e,21,da,1c,1b,86,df,51,7c,ef,2d,81,c9,b8,00,97,7f,ce,8c,e0,5e,6b,0e,3e,8b,\ "??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:b3,aa,9a,8d,c3,2c,7e,ac,82,cf,85,26,7c,c5,bb,de,88,91,c2,fb,08, 0c,5d,c3,e3,21,e1,46,6a,e2,80,9a,71,85,0f,58,3d,bd,a7,9e,0f,f6,97,15,e5,0f,\ "rkeysecu"=hex:0a,8a,03,96,13,6d,9e,41,e6,bb,99,da,b9,a6,f6,b0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2464) c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\scardsvr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\sessmgr.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\windows\system32\tlntsvr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\braviax.exe . ************************************************************************** . Completion time: 2009-08-16 0:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-16 22:07 ComboFix2.txt 2009-08-16 16:48 ComboFix3.txt 2009-08-16 15:46 ComboFix4.txt 2009-08-15 20:56 Pre-Run: 21 882 093 568 octets libres Post-Run: 21 830 356 992 octets libres Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4 358 --- E O F --- 2009-08-16 21:16 On peu poursuivre demain si tu veux ?

En utilisant le script CFSTEE ?

Hello Braviax est encore dans mon gestionnaire de tâches actif dans la fenêtre Processus 4660 Ko :- Il est coriace ce machin là Que puis je faire ?

Voila Voila Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2622 Windows 5.1.2600 Service Pack 3 16/08/2009 23:04:01 mbam-log-2009-08-16 (23-04-01).txt Type de recherche: Examen rapide Eléments examinés: 100855 Temps écoulé: 6 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Delete on reboot. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CTU74X2J\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

Hello Pour Info je me retrouve dans la situation de départ, pas de bobo particulier avast détecte toujours figaro.sys bravia.exe est en mémoire... @+ , j'attends tes nouvelles instructions et je ne touche plus à rien en attendant

VOICI le LOG ComboFix 09-08-10.06 - captain crosoft 16/08/2009 18:28.3.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1528 [GMT 2:00] Running from: c:\documents and settings\captain crosoft\Bureau\27350-CF.exe Command switches used :: e:\reparvirus\CFscriptstee.txt AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Application Data\ijyqixo.bin" "c:\documents and settings\All Users\Application Data\olakemoz.dat" "c:\documents and settings\captain crosoft\Menu Démarrer\Programmes\Démarrage\ikowin32.exe" "c:\documents and settings\NetworkService\Application Data\atis.bat" "c:\documents and settings\NetworkService\Application Data\eqeh.bat" "c:\documents and settings\NetworkService\Application Data\noby.dll" "c:\documents and settings\NetworkService\Local Settings\Application Data\akudexyw.reg" "c:\documents and settings\NetworkService\Local Settings\Application Data\ezakuqiny.pif" "c:\program files\Fichiers communs\inijakul.exe" "c:\program files\Fichiers communs\legusebuhi.com" "c:\program files\Fichiers communs\usopy._sy" "c:\program files\Fichiers communs\veheq.bin" "C:\RegCleaner.exe" "c:\windows\alypywax.com" "c:\windows\idagyvidot.pif" "c:\windows\iun6002.exe" "c:\windows\pinebuceh.dll" "c:\windows\pss\ikowin32.exe" "c:\windows\pss\ikowin32.exeStartup" "c:\windows\ynupybal.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\ijyqixo.bin c:\documents and settings\All Users\Application Data\olakemoz.dat c:\documents and settings\NetworkService\Application Data\atis.bat c:\documents and settings\NetworkService\Application Data\eqeh.bat c:\documents and settings\NetworkService\Application Data\noby.dll c:\documents and settings\NetworkService\Local Settings\Application Data\akudexyw.reg c:\documents and settings\NetworkService\Local Settings\Application Data\ezakuqiny.pif C:\PC_Antispyware2010 c:\pc_antispyware2010\PC_Antispyware2010.lnk c:\pc_antispyware2010\Uninstall.lnk c:\program files\Fichiers communs\inijakul.exe c:\program files\Fichiers communs\legusebuhi.com c:\program files\Fichiers communs\usopy._sy c:\program files\Fichiers communs\veheq.bin c:\program files\PC_Antispyware2010 c:\program files\PC_Antispyware2010\AVEngn.dll c:\program files\PC_Antispyware2010\data\daily.cvd c:\program files\PC_Antispyware2010\htmlayout.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg c:\program files\PC_Antispyware2010\pthreadVC2.dll c:\program files\PC_Antispyware2010\Uninstall.exe c:\program files\PC_Antispyware2010\wscui.cpl C:\RegCleaner.exe c:\windows\alypywax.com c:\windows\idagyvidot.pif c:\windows\iun6002.exe c:\windows\pinebuceh.dll c:\windows\pss\ikowin32.exeStartup c:\windows\ynupybal.sys . ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-16 16:26 . 2001-08-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-16 16:26 . 2001-08-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-16 15:17 . 2009-08-16 15:17 -------- d-----w- c:\windows\LastGood 2009-08-16 15:17 . 2009-08-14 10:13 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-15 18:54 . 2009-08-15 18:55 -------- d-----w- C:\615bc555c03f6bd56ce4 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\program files\Lavasoft 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-15 17:33 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-08-15 17:33 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-08-15 17:33 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-08-15 17:33 . 2009-08-15 20:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 17:33 . 2009-08-15 17:35 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-08-15 17:33 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-08-15 17:33 . 2009-08-15 18:31 -------- d-----w- c:\program files\Spyware Doctor 2009-08-15 17:33 . 2009-08-15 17:33 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\PC Tools 2009-08-15 17:33 . 2009-08-15 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-08-15 17:18 . 2009-08-15 17:18 -------- d-----w- c:\program files\Trend Micro 2009-08-14 20:07 . 2009-08-14 20:07 74083 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ARPPRODUCTICON.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe1_0D54DE165360499A9175C95A7F3C5401.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe_0BD1ADA496834929AD856F9834E3E161.exe 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\program files\Navigraph 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Navigraph 2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- C:\!KillBox 2009-08-14 13:57 . 2009-08-14 13:57 -------- d-----w- c:\program files\FS Real Time 2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\program files\MSBuild 2009-08-14 13:53 . 2009-08-15 18:55 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 13:52 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-08-14 12:26 . 2009-08-14 12:26 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 12:25 . 2009-08-14 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-14 12:25 . 2009-08-14 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-14 12:25 . 2009-08-14 12:25 3942048 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe 2009-08-14 12:17 . 2009-08-14 12:17 3278552 ----a-w- C:\ccsetup222.exe 2009-08-13 09:54 . 2009-08-13 09:54 -------- d-----w- c:\program files\Ken Salter 2009-08-12 20:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 12:14 . 2009-08-11 12:15 -------- d-----w- c:\program files\ALMATY9 V2.0 2009-08-11 08:15 . 2009-08-11 08:15 149657 ----a-w- c:\windows\OCS PT-154 Uninstaller.exe 2009-08-11 08:14 . 2009-08-11 08:14 -------- d-----w- c:\program files\OCS PT-154 2009-08-11 08:12 . 2009-08-14 20:57 -------- d-----w- c:\program files\NCalc5 2009-08-11 07:35 . 2009-08-05 10:29 43008 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-08-11 07:35 . 2009-08-05 10:29 340480 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-08-11 07:35 . 2009-08-05 10:28 346112 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 17:12 . 2009-07-17 17:12 -------- d-----w- C:\FSACC 2009-07-17 17:08 . 2009-07-17 17:08 -------- d-----w- c:\program files\LOCAL2UTC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 21:21 . 2006-09-18 12:15 24488 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 18:59 . 2003-04-24 19:00 81718 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 18:59 . 2003-04-24 19:00 503166 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-14 13:29 . 2006-11-10 07:45 249856 ------w- c:\windows\Setup1.exe 2009-08-14 13:29 . 2006-09-18 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 13:25 . 2009-06-26 22:45 -------- d-----w- c:\program files\Real Environment Pro 2009-08-14 12:18 . 2006-09-26 06:52 -------- d-----w- c:\program files\CCleaner 2009-08-13 22:02 . 2006-11-19 07:55 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\OpenOffice.org2 2009-08-13 20:45 . 2007-09-06 22:11 205061 ----a-w- c:\documents and settings\captain crosoft\Application Data\Thunderbird\Profiles\f0cc1wri.default\Mail\Nouvelles et Blogs\Linux news from LinuxWorld.com 2009-08-13 20:45 . 2006-09-18 11:10 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 19:09 . 2006-10-25 18:01 -------- d-----w- c:\program files\Google 2009-07-17 19:03 . 2003-04-24 19:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-10 11:05 . 2009-07-10 11:05 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 10:38 . 2009-01-22 18:03 -------- d-----w- c:\program files\Vim 2009-07-10 10:38 . 2006-09-19 18:40 -------- d-----w- c:\program files\PyGrenouille 2009-07-09 12:32 . 2006-09-18 10:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2003-04-24 19:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-26 22:09 . 2009-06-26 22:09 -------- d-----w- c:\program files\Boeing737FPL 2009-06-25 22:58 . 2009-06-25 22:58 90 --sh--w- c:\windows\cnerolf.dat 2009-06-25 08:26 . 2003-04-24 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2003-04-24 19:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2003-04-24 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2003-04-24 19:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2003-04-24 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 22:47 . 2009-06-24 22:12 287746956 ----a-w- C:\LO_1.1b_Flaming_Cliffs_Setup.exe 2009-06-24 11:18 . 2003-04-24 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 18:24 . 2009-06-23 18:23 28081408 ----a-w- C:\flight_simulator_2004_un_siecle_d_aviation_patch_v9.1_francais_13134.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-18 21:32 . 2009-06-18 13:51 -------- d-----w- c:\program files\Ubisoft 2009-06-18 15:33 . 2009-06-18 15:33 -------- d-----w- c:\program files\M-Audio 2009-06-18 13:41 . 2009-06-18 13:40 21579004 ----a-w- C:\silent_hunter_3_patch_1-4b_version_retail_europe.exe 2009-06-18 13:33 . 2009-06-12 17:32 -------- d-----w- c:\program files\GameShadow 2009-06-16 14:40 . 2003-04-24 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2003-04-24 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2003-04-24 19:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2003-04-24 19:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 17:17 . 2009-06-12 17:16 21579004 ----a-w- C:\silent_hunter_3_patch_v1.4b_-_retail_europe_14744.exe 2009-06-10 14:14 . 2003-04-24 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2006-09-18 10:42 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2003-04-24 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2003-04-24 19:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-09-16 07:55 . 2007-07-24 15:55 1512 ----a-w- c:\program files\2cv mod 1.0 - readme.txt 2006-05-29 14:40 . 2008-03-07 17:25 7296000 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll 2004-08-04 12:00 . 2007-08-29 19:56 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [7] 2008-04-13 11:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\cache\ntfs.sys [-] 2009-08-14 10:13 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_20.49.33 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-16 16:40 . 2009-08-16 16:40 16384 c:\windows\temp\Perflib_Perfdata_61c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Google Update"="c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Gainward"="c:\windows\TBPanel.exe" [2005-10-26 2052096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016] "RivaTuner"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "iTunesHelper"="c:\itunes\iTunesHelper.exe" [2007-12-11 267048] "RivaTunerStartupDaemon"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424] "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-14 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apache2.2"=2 (0x2) "WZCSVC"=2 (0x2) "SharedAccess"=2 (0x2) "SCardSvr"=3 (0x3) "mysql"=2 (0x2) "RSVP"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "TapiSrv"=3 (0x3) "UPS"=3 (0x3) "VMware NAT Service"=2 (0x2) "vmserverdWin32"=2 (0x2) "vmount2"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "mnmsrvc"=3 (0x3) "Themes"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FileZilla\\FileZilla.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\ITUNES\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "34447:TCP"= 34447:TCP:*:Disabled:Rfactor session chat "34297:UDP"= 34297:UDP:*:Disabled:Rfactor Lan query "34397:UDP"= 34397:UDP:*:Disabled:Rfactor Race event "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15/08/2009 19:33 130936] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14:46 63352] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2008 19:16 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2008 19:16 20560] R2 xdasd;Distributed Audit Service;c:\openxdas\xdasd.exe [28/05/2008 19:48 45056] R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [18/06/2009 17:33 193032] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [21/11/2006 10:30 4224] S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2009 20:55 133104] S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32;c:\program files\NSClient++\nsclient++.exe [24/09/2008 23:33 409600] S3 PORTMON;PORTMON;\??\c:\outils_alstom\PORTMSYS.SYS --> c:\outils_alstom\PORTMSYS.SYS [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/08/2008 00:17 517632] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/08/2009 19:33 348752] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/09/2006 14:55 16896] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\ufasoft\Sniffer\usft_sn4.sys [11/11/2007 03:30 15744] S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [30/10/2008 18:59 1650782] . Contents of the 'Scheduled Tasks' folder 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm TCP: {040CBFAE-B17B-4D4C-83D7-3A631463AC03} = 192.168.1.1,212.27.48.10 TCP: {58E5BC09-7242-4633-99BB-94E7ECA95338} = 80.10.246.2,80.10.246.129 TCP: {6F14E2EC-E3A9-429B-9160-FA199D284144} = 212.27.54.252,212.27.32.177 TCP: {7C2205B0-3CBC-4189-82B7-063F543AD864} = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 FF - ProfilePath - c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll FF - plugin: c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\itunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npUMediaPlayer5.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 18:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,0b,ed,c9,72,ef,f3,96,64,23,a2,a9,54,c9,8a,a2,9e,d2,5b,e3,95,70,19, 8e,21,da,1c,1b,86,df,51,7c,ef,2d,81,c9,b8,00,97,7f,ce,8c,e0,5e,6b,0e,3e,8b,\ "??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:b3,aa,9a,8d,c3,2c,7e,ac,82,cf,85,26,7c,c5,bb,de,88,91,c2,fb,08, 0c,5d,c3,e3,21,e1,46,6a,e2,80,9a,71,85,0f,58,3d,bd,a7,9e,0f,f6,97,15,e5,0f,\ "rkeysecu"=hex:0a,8a,03,96,13,6d,9e,41,e6,bb,99,da,b9,a6,f6,b0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1088) c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\scardsvr.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\sessmgr.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\windows\system32\tlntsvr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-16 18:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-16 16:48 ComboFix2.txt 2009-08-16 15:46 ComboFix3.txt 2009-08-15 20:56 Pre-Run: 22 300 696 576 octets libres Post-Run: 22 243 155 968 octets libres Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4 365 --- E O F --- 2009-08-15 19:00

Je viens de recevoir une fenêtre pour "further analyse" ce que je fait avec joie, l'antivirus de daube avast est réactivé , le log est toujours in progress... @toute

OUF! OK ça marche une fenêtre "preparing log report est lancé"

Salut et merci pour ton aide J'ai suivi à la lettre ta procédure mais le PC ne fait que rebooter en mode normal et mode sans échec, je pense que la c'est la fin ....

Bonjour Depuis quelques jours je me bats contre Figaro, braviax etc , j'avais espoir puis soudain pc-antispyware2010 apparait et là le graos bazar, avast est désactivé le pc tourne en boucle le prob est que ce PC est mon bureau de travail avec beaucoup de doc importante, j'ai eu une alerte comme quoi ntfs.sys était infecté donc risque d'écran bleu. Je demande de l'aide si possible car je crains le pire, j'ai lancé combofix qui me donne le résultat suivant: Merci d'avance pour l'aide que vous pourrez m'apporter si possible ! ComboFix 09-08-10.06 - captain crosoft 16/08/2009 17:33.2.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1647 [GMT 2:00] Running from: E:\27350-CF.exe AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\winajapa.db c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\system32\_scui.cpl c:\windows\system32\braviax.exe c:\windows\system32\drivers\OLD9.tmp c:\windows\system32\wisdstr.exe . ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-16 15:17 . 2009-08-16 15:17 -------- d-----w- c:\windows\LastGood 2009-08-15 21:09 . 2009-08-16 15:10 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-15 21:00 . 2009-08-15 21:00 18859 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\ezakuqiny.pif 2009-08-15 21:00 . 2009-08-15 21:00 18471 ----a-w- c:\program files\Fichiers communs\veheq.bin 2009-08-15 21:00 . 2009-08-15 21:00 18332 ----a-w- c:\documents and settings\NetworkService\Application Data\noby.dll 2009-08-15 21:00 . 2009-08-15 21:00 17798 ----a-w- c:\documents and settings\NetworkService\Application Data\eqeh.bat 2009-08-15 21:00 . 2009-08-15 21:00 16459 ----a-w- c:\windows\alypywax.com 2009-08-15 21:00 . 2009-08-15 21:00 16367 ----a-w- c:\program files\Fichiers communs\legusebuhi.com 2009-08-15 21:00 . 2009-08-15 21:00 14726 ----a-w- c:\windows\pinebuceh.dll 2009-08-15 21:00 . 2009-08-15 21:00 14665 ----a-w- c:\program files\Fichiers communs\inijakul.exe 2009-08-15 21:00 . 2009-08-15 21:00 13620 ----a-w- c:\documents and settings\NetworkService\Application Data\atis.bat 2009-08-15 21:00 . 2009-08-15 21:00 13218 ----a-w- c:\windows\idagyvidot.pif 2009-08-15 21:00 . 2009-08-15 21:00 12598 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\akudexyw.reg 2009-08-15 21:00 . 2009-08-15 21:00 11580 ----a-w- c:\windows\ynupybal.sys 2009-08-15 20:59 . 2009-08-15 20:59 -------- d-----w- C:\PC_Antispyware2010 2009-08-15 20:59 . 2009-08-16 15:17 -------- d-----w- c:\program files\PC_Antispyware2010 2009-08-15 18:54 . 2009-08-15 18:55 -------- d-----w- C:\615bc555c03f6bd56ce4 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\program files\Lavasoft 2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-15 17:33 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-08-15 17:33 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-08-15 17:33 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-08-15 17:33 . 2009-08-15 20:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 17:33 . 2009-08-15 17:35 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-08-15 17:33 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-08-15 17:33 . 2009-08-15 18:31 -------- d-----w- c:\program files\Spyware Doctor 2009-08-15 17:33 . 2009-08-15 17:33 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\PC Tools 2009-08-15 17:33 . 2009-08-15 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-08-15 17:18 . 2009-08-15 17:18 -------- d-----w- c:\program files\Trend Micro 2009-08-14 20:07 . 2009-08-14 20:07 74083 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ARPPRODUCTICON.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe1_0D54DE165360499A9175C95A7F3C5401.exe 2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe_0BD1ADA496834929AD856F9834E3E161.exe 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\program files\Navigraph 2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Navigraph 2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- C:\!KillBox 2009-08-14 13:57 . 2009-08-14 13:57 -------- d-----w- c:\program files\FS Real Time 2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\program files\MSBuild 2009-08-14 13:53 . 2009-08-15 18:55 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 13:52 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-08-14 12:26 . 2009-08-14 12:26 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 12:25 . 2009-08-14 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-14 12:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-14 12:25 . 2009-08-14 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-14 12:25 . 2009-08-14 12:25 3942048 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe 2009-08-14 12:17 . 2009-08-14 12:17 3278552 ----a-w- C:\ccsetup222.exe 2009-08-13 09:54 . 2009-08-13 09:54 -------- d-----w- c:\program files\Ken Salter 2009-08-12 20:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 12:15 . 2009-08-14 13:57 737280 ----a-w- c:\windows\iun6002.exe 2009-08-11 12:14 . 2009-08-11 12:15 -------- d-----w- c:\program files\ALMATY9 V2.0 2009-08-11 08:15 . 2009-08-11 08:15 149657 ----a-w- c:\windows\OCS PT-154 Uninstaller.exe 2009-08-11 08:14 . 2009-08-11 08:14 -------- d-----w- c:\program files\OCS PT-154 2009-08-11 08:12 . 2009-08-14 20:57 -------- d-----w- c:\program files\NCalc5 2009-08-11 07:35 . 2009-08-05 10:29 43008 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-08-11 07:35 . 2009-08-05 10:29 340480 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-08-11 07:35 . 2009-08-05 10:28 346112 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 17:12 . 2009-07-17 17:12 -------- d-----w- C:\FSACC 2009-07-17 17:08 . 2009-07-17 17:08 -------- d-----w- c:\program files\LOCAL2UTC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 21:21 . 2006-09-18 12:15 24488 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 21:00 . 2009-08-15 21:00 17412 ----a-w- c:\documents and settings\All Users\Application Data\ijyqixo.bin 2009-08-15 21:00 . 2009-08-15 21:00 14259 ----a-w- c:\program files\Fichiers communs\usopy._sy 2009-08-15 21:00 . 2009-08-15 21:00 10151 ----a-w- c:\documents and settings\All Users\Application Data\olakemoz.dat 2009-08-15 18:59 . 2003-04-24 19:00 81718 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 18:59 . 2003-04-24 19:00 503166 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-14 13:29 . 2006-11-10 07:45 249856 ------w- c:\windows\Setup1.exe 2009-08-14 13:29 . 2006-09-18 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 13:25 . 2009-06-26 22:45 -------- d-----w- c:\program files\Real Environment Pro 2009-08-14 12:18 . 2006-09-26 06:52 -------- d-----w- c:\program files\CCleaner 2009-08-13 22:02 . 2006-11-19 07:55 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\OpenOffice.org2 2009-08-13 20:45 . 2007-09-06 22:11 205061 ----a-w- c:\documents and settings\captain crosoft\Application Data\Thunderbird\Profiles\f0cc1wri.default\Mail\Nouvelles et Blogs\Linux news from LinuxWorld.com 2009-08-13 20:45 . 2006-09-18 11:10 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 19:09 . 2006-10-25 18:01 -------- d-----w- c:\program files\Google 2009-07-17 19:03 . 2003-04-24 19:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-10 11:05 . 2009-07-10 11:05 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 10:38 . 2009-01-22 18:03 -------- d-----w- c:\program files\Vim 2009-07-10 10:38 . 2006-09-19 18:40 -------- d-----w- c:\program files\PyGrenouille 2009-07-09 12:32 . 2006-09-18 10:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2003-04-24 19:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-26 22:09 . 2009-06-26 22:09 -------- d-----w- c:\program files\Boeing737FPL 2009-06-25 22:58 . 2009-06-25 22:58 90 --sh--w- c:\windows\cnerolf.dat 2009-06-25 08:26 . 2003-04-24 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2003-04-24 19:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2003-04-24 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2003-04-24 19:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2003-04-24 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 22:47 . 2009-06-24 22:12 287746956 ----a-w- C:\LO_1.1b_Flaming_Cliffs_Setup.exe 2009-06-24 11:18 . 2003-04-24 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 18:24 . 2009-06-23 18:23 28081408 ----a-w- C:\flight_simulator_2004_un_siecle_d_aviation_patch_v9.1_francais_13134.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-18 21:32 . 2009-06-18 13:51 -------- d-----w- c:\program files\Ubisoft 2009-06-18 15:33 . 2009-06-18 15:33 -------- d-----w- c:\program files\M-Audio 2009-06-18 13:41 . 2009-06-18 13:40 21579004 ----a-w- C:\silent_hunter_3_patch_1-4b_version_retail_europe.exe 2009-06-18 13:33 . 2009-06-12 17:32 -------- d-----w- c:\program files\GameShadow 2009-06-16 14:40 . 2003-04-24 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2003-04-24 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2003-04-24 19:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2003-04-24 19:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 17:17 . 2009-06-12 17:16 21579004 ----a-w- C:\silent_hunter_3_patch_v1.4b_-_retail_europe_14744.exe 2009-06-12 17:07 . 2009-06-12 17:07 553687 ----a-w- C:\RegCleaner.exe 2009-06-10 14:14 . 2003-04-24 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2006-09-18 10:42 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2003-04-24 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2003-04-24 19:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-09-16 07:55 . 2007-07-24 15:55 1512 ----a-w- c:\program files\2cv mod 1.0 - readme.txt 2006-05-29 14:40 . 2008-03-07 17:25 7296000 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll 2004-08-04 12:00 . 2007-08-29 19:56 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll . ------- Sigcheck ------- [-] 2009-08-16 15:10 29184 4B55931CBB561351CA370D732763EA2C c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_20.49.33 ))))))))))))))))))))))))))))))))))))))))) . + 2003-04-24 19:00 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys + 2003-04-24 19:00 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\ntfs.sys + 2009-08-16 15:17 . 2009-08-14 10:13 619584 c:\windows\LastGood\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Google Update"="c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Gainward"="c:\windows\TBPanel.exe" [2005-10-26 2052096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016] "RivaTuner"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "iTunesHelper"="c:\itunes\iTunesHelper.exe" [2007-12-11 267048] "RivaTunerStartupDaemon"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424] "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-14 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^captain crosoft^Menu Démarrer^Programmes^Démarrage^ikowin32.exe] path=c:\documents and settings\captain crosoft\Menu Démarrer\Programmes\Démarrage\ikowin32.exe backup=c:\windows\pss\ikowin32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apache2.2"=2 (0x2) "WZCSVC"=2 (0x2) "SharedAccess"=2 (0x2) "SCardSvr"=3 (0x3) "mysql"=2 (0x2) "RSVP"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "TapiSrv"=3 (0x3) "UPS"=3 (0x3) "VMware NAT Service"=2 (0x2) "vmserverdWin32"=2 (0x2) "vmount2"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "mnmsrvc"=3 (0x3) "Themes"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FileZilla\\FileZilla.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\ITUNES\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "34447:TCP"= 34447:TCP:*:Disabled:Rfactor session chat "34297:UDP"= 34297:UDP:*:Disabled:Rfactor Lan query "34397:UDP"= 34397:UDP:*:Disabled:Rfactor Race event "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15/08/2009 19:33 130936] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14:46 63352] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2008 19:16 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2008 19:16 20560] R2 xdasd;Distributed Audit Service;c:\openxdas\xdasd.exe [28/05/2008 19:48 45056] R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [18/06/2009 17:33 193032] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [21/11/2006 10:30 4224] S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2009 20:55 133104] S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32;c:\program files\NSClient++\nsclient++.exe [24/09/2008 23:33 409600] S3 PORTMON;PORTMON;\??\c:\outils_alstom\PORTMSYS.SYS --> c:\outils_alstom\PORTMSYS.SYS [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/08/2008 00:17 517632] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/08/2009 19:33 348752] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/09/2006 14:55 16896] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\ufasoft\Sniffer\usft_sn4.sys [11/11/2007 03:30 15744] S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [30/10/2008 18:59 1650782] . Contents of the 'Scheduled Tasks' folder 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job - c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm TCP: {040CBFAE-B17B-4D4C-83D7-3A631463AC03} = 192.168.1.1,212.27.48.10 TCP: {58E5BC09-7242-4633-99BB-94E7ECA95338} = 80.10.246.2,80.10.246.129 TCP: {6F14E2EC-E3A9-429B-9160-FA199D284144} = 212.27.54.252,212.27.32.177 TCP: {7C2205B0-3CBC-4189-82B7-063F543AD864} = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129 FF - ProfilePath - c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll FF - plugin: c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\itunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npUMediaPlayer5.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 17:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... c:\qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.virexe [2096] 0x8A53C870 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,0b,ed,c9,72,ef,f3,96,64,23,a2,a9,54,c9,8a,a2,9e,d2,5b,e3,95,70,19, 8e,21,da,1c,1b,86,df,51,7c,ef,2d,81,c9,b8,00,97,7f,ce,8c,e0,5e,6b,0e,3e,8b,\ "??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d [HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:b3,aa,9a,8d,c3,2c,7e,ac,82,cf,85,26,7c,c5,bb,de,88,91,c2,fb,08, 0c,5d,c3,e3,21,e1,46,6a,e2,80,9a,71,85,0f,58,3d,bd,a7,9e,0f,f6,97,15,e5,0f,\ "rkeysecu"=hex:0a,8a,03,96,13,6d,9e,41,e6,bb,99,da,b9,a6,f6,b0 . Completion time: 2009-08-16 17:46 ComboFix-quarantined-files.txt 2009-08-16 15:45 ComboFix2.txt 2009-08-15 20:56 Pre-Run: 22 296 862 720 octets libres Post-Run: 22 285 197 312 octets libres 311 --- E O F --- 2009-08-15 19:00