[Résolu] PC infecté par plusieurs virus

[stee]

Voila Voila

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2622

Windows 5.1.2600 Service Pack 3

 

16/08/2009 23:04:01

mbam-log-2009-08-16 (23-04-01).txt

 

Type de recherche: Examen rapide

Eléments examinés: 100855

Temps écoulé: 6 minute(s), 4 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Delete on reboot.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CTU74X2J\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

[Falkra]

Ca va aller mieux, redémarre, et vois comment se porte la machine.

[stee]

Hello

 

Braviax est encore dans mon gestionnaire de tâches actif dans la fenêtre Processus 4660 Ko :-

 

Il est coriace ce machin là

 

Que puis je faire ?

[Falkra]

C'est normal (enfin logique : il en reste). Désactive l'antivirus. Refais une passe combofix, poste le rapport, ça va redémarrer, re-désactive l'antivirus pour laisser les outils bosser.

[stee]

En utilisant le script CFSTEE ?

[Falkra]

Sans le script. Une passe simple.

[stee]

Voila le fichier de log combofix

 

ComboFix 09-08-10.06 - captain crosoft 16/08/2009 23:45.4.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1464 [GMT 2:00]

Running from: c:\documents and settings\captain crosoft\Bureau\27350-CF.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\fibiduzom.exe

c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\hehovuc.dl

c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\oludyvymon.ban

c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\opuzik.bin

c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\_scui.cpl

c:\windows\system32\braviax.exe

c:\windows\system32\dllcache\figaro.sys

c:\windows\system32\wisdstr.exe

 

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected

Restored copy from - c:\system volume information\_restore{4881E702-0A1E-4773-96E9-9D4894093395}\RP1\A0000111.sys

 

.

((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))

.

 

2009-08-16 22:00 . 2009-08-16 22:00 29184 -c--a-w- c:\windows\system32\dllcache\figaro.sys

2009-08-16 21:56 . 2002-12-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-16 21:39 . 2009-08-16 21:39 18771 ----a-w- c:\windows\system32\xisajy.vbs

2009-08-16 21:39 . 2009-08-16 21:39 18184 ----a-w- c:\program files\Fichiers communs\kudehysyr.reg

2009-08-16 21:39 . 2009-08-16 21:39 16731 ----a-w- c:\windows\system32\vipevuqy.sys

2009-08-16 21:39 . 2009-08-16 21:39 14742 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\qohiso.exe

2009-08-16 21:39 . 2009-08-16 21:39 14293 ----a-w- c:\documents and settings\NetworkService\Application Data\qocam.com

2009-08-16 21:39 . 2009-08-16 21:39 13280 ----a-w- c:\windows\ylenysax.reg

2009-08-16 21:39 . 2009-08-16 21:39 12938 ----a-w- c:\documents and settings\All Users\Application Data\ezefo.bat

2009-08-16 21:39 . 2009-08-16 21:39 12569 ----a-w- c:\windows\garinu.scr

2009-08-16 21:39 . 2009-08-16 21:41 -------- d-----w- c:\program files\PC_Antispyware2010

2009-08-16 21:33 . 2009-08-16 21:33 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-16 21:28 . 2009-08-16 21:28 19670 ----a-w- c:\windows\system32\venijupuq.vbs

2009-08-16 21:28 . 2009-08-16 21:28 18978 ----a-w- c:\windows\onafuq.scr

2009-08-16 21:28 . 2009-08-16 21:28 14498 ----a-w- c:\windows\exymuwikev.exe

2009-08-16 21:28 . 2009-08-16 21:28 13848 ----a-w- c:\windows\wegabawody.dll

2009-08-16 21:28 . 2009-08-16 21:28 13353 ----a-w- c:\documents and settings\NetworkService\Application Data\awur.com

2009-08-16 21:28 . 2009-08-16 21:28 12795 ----a-w- c:\documents and settings\NetworkService\Application Data\tamilipin.pif

2009-08-16 21:28 . 2009-08-16 21:28 12345 ----a-w- c:\windows\system32\ykalyvig.scr

2009-08-16 21:28 . 2009-08-16 21:28 11682 ----a-w- c:\windows\system32\eqyse.reg

2009-08-16 21:28 . 2009-08-16 21:28 10456 ----a-w- c:\windows\omuqyxun.bin

2009-08-16 21:28 . 2009-08-16 21:28 10436 ----a-w- c:\windows\system32\upowyz.exe

2009-08-16 21:28 . 2009-08-16 21:28 10159 ----a-w- c:\windows\system32\elubybyn.com

2009-08-16 21:16 . 2009-08-16 21:16 -------- d-----w- C:\PC_Antispyware2010

2009-08-16 20:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-16 20:46 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-16 20:46 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-16 20:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-16 20:46 . 2009-08-16 20:46 -------- d-----w- c:\program files\Avira

2009-08-16 20:46 . 2009-08-16 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 15:17 . 2009-08-14 10:13 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-15 18:54 . 2009-08-15 18:55 -------- d-----w- C:\615bc555c03f6bd56ce4

2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\program files\Lavasoft

2009-08-15 17:45 . 2009-08-15 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-15 17:33 . 2009-08-16 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-15 17:18 . 2009-08-15 17:18 -------- d-----w- c:\program files\Trend Micro

2009-08-14 20:07 . 2009-08-14 20:07 74083 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ARPPRODUCTICON.exe

2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe1_0D54DE165360499A9175C95A7F3C5401.exe

2009-08-14 20:07 . 2009-08-14 20:07 73728 ----a-r- c:\documents and settings\captain crosoft\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe_0BD1ADA496834929AD856F9834E3E161.exe

2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\program files\Navigraph

2009-08-14 20:07 . 2009-08-14 20:07 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Navigraph

2009-08-14 18:08 . 2009-08-14 18:08 -------- d-----w- C:\!KillBox

2009-08-14 13:57 . 2009-08-14 13:57 -------- d-----w- c:\program files\FS Real Time

2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\program files\MSBuild

2009-08-14 13:53 . 2009-08-15 18:55 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\program files\Reference Assemblies

2009-08-14 13:52 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-08-14 12:26 . 2009-08-14 12:26 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\Malwarebytes

2009-08-14 12:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 12:25 . 2009-08-14 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-14 12:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-14 12:25 . 2009-08-14 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 12:25 . 2009-08-14 12:25 3942048 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.40_francais_215092.exe

2009-08-14 12:17 . 2009-08-14 12:17 3278552 ----a-w- C:\ccsetup222.exe

2009-08-13 09:54 . 2009-08-13 09:54 -------- d-----w- c:\program files\Ken Salter

2009-08-12 20:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-11 12:14 . 2009-08-11 12:15 -------- d-----w- c:\program files\ALMATY9 V2.0

2009-08-11 08:15 . 2009-08-11 08:15 149657 ----a-w- c:\windows\OCS PT-154 Uninstaller.exe

2009-08-11 08:14 . 2009-08-11 08:14 -------- d-----w- c:\program files\OCS PT-154

2009-08-11 08:12 . 2009-08-14 20:57 -------- d-----w- c:\program files\NCalc5

2009-08-11 07:35 . 2009-08-05 10:29 43008 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-08-11 07:35 . 2009-08-05 10:29 340480 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-08-11 07:35 . 2009-08-05 10:28 346112 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-16 22:01 . 2009-08-16 22:01 11264 ----a-w- c:\windows\system32\braviax.exe

2009-08-16 21:39 . 2009-08-16 21:39 17466 ----a-w- c:\documents and settings\All Users\Application Data\nudyhupod.reg

2009-08-16 21:39 . 2009-08-16 21:39 16100 ----a-w- c:\documents and settings\NetworkService\Application Data\udoq.reg

2009-08-16 21:39 . 2009-08-16 21:39 14857 ----a-w- c:\program files\Fichiers communs\alijowon.inf

2009-08-16 21:28 . 2009-08-16 21:28 19802 ----a-w- c:\program files\Fichiers communs\yzozil.dl

2009-08-16 21:28 . 2009-08-16 21:28 19411 ----a-w- c:\program files\Fichiers communs\ybisop.dl

2009-08-16 21:28 . 2009-08-16 21:28 14036 ----a-w- c:\program files\Fichiers communs\axag._dl

2009-08-15 21:21 . 2006-09-18 12:15 24488 ----a-w- c:\documents and settings\captain crosoft\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-15 18:59 . 2003-04-24 19:00 81718 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-15 18:59 . 2003-04-24 19:00 503166 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-14 13:29 . 2006-11-10 07:45 249856 ------w- c:\windows\Setup1.exe

2009-08-14 13:29 . 2006-09-18 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-14 13:25 . 2009-06-26 22:45 -------- d-----w- c:\program files\Real Environment Pro

2009-08-14 12:18 . 2006-09-26 06:52 -------- d-----w- c:\program files\CCleaner

2009-08-13 22:02 . 2006-11-19 07:55 -------- d-----w- c:\documents and settings\captain crosoft\Application Data\OpenOffice.org2

2009-08-13 20:45 . 2007-09-06 22:11 205061 ----a-w- c:\documents and settings\captain crosoft\Application Data\Thunderbird\Profiles\f0cc1wri.default\Mail\Nouvelles et Blogs\Linux news from LinuxWorld.com

2009-08-13 20:45 . 2006-09-18 11:10 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-05 09:00 . 2003-04-24 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 19:09 . 2006-10-25 18:01 -------- d-----w- c:\program files\Google

2009-07-17 19:03 . 2003-04-24 19:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 17:08 . 2009-07-17 17:08 -------- d-----w- c:\program files\LOCAL2UTC

2009-07-13 21:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-10 11:05 . 2009-07-10 11:05 -------- d-----w- c:\program files\Microsoft Games

2009-07-10 10:38 . 2009-01-22 18:03 -------- d-----w- c:\program files\Vim

2009-07-10 10:38 . 2006-09-19 18:40 -------- d-----w- c:\program files\PyGrenouille

2009-07-09 12:32 . 2006-09-18 10:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:57 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:57 . 2003-04-24 19:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-26 22:09 . 2009-06-26 22:09 -------- d-----w- c:\program files\Boeing737FPL

2009-06-25 22:58 . 2009-06-25 22:58 90 --sh--w- c:\windows\cnerolf.dat

2009-06-25 08:26 . 2003-04-24 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2003-04-24 19:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2003-04-24 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2003-04-24 19:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2003-04-24 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 22:47 . 2009-06-24 22:12 287746956 ----a-w- C:\LO_1.1b_Flaming_Cliffs_Setup.exe

2009-06-24 11:18 . 2003-04-24 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-23 18:24 . 2009-06-23 18:23 28081408 ----a-w- C:\flight_simulator_2004_un_siecle_d_aviation_patch_v9.1_francais_13134.exe

2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll

2009-06-18 21:32 . 2009-06-18 13:51 -------- d-----w- c:\program files\Ubisoft

2009-06-18 15:33 . 2009-06-18 15:33 -------- d-----w- c:\program files\M-Audio

2009-06-18 13:41 . 2009-06-18 13:40 21579004 ----a-w- C:\silent_hunter_3_patch_1-4b_version_retail_europe.exe

2009-06-18 13:33 . 2009-06-12 17:32 -------- d-----w- c:\program files\GameShadow

2009-06-16 14:40 . 2003-04-24 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2003-04-24 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:44 . 2003-04-24 19:00 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2003-04-24 19:00 82944 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 17:17 . 2009-06-12 17:16 21579004 ----a-w- C:\silent_hunter_3_patch_v1.4b_-_retail_europe_14744.exe

2009-06-10 14:14 . 2003-04-24 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2006-09-18 10:42 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2003-04-24 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2003-04-24 19:00 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-09-16 07:55 . 2007-07-24 15:55 1512 ----a-w- c:\program files\2cv mod 1.0 - readme.txt

2006-05-29 14:40 . 2008-03-07 17:25 7296000 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

2004-08-04 12:00 . 2007-08-29 19:56 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll

.

 

------- Sigcheck -------

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[7] 2008-04-13 11:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\cache\ntfs.sys

[-] 2009-08-14 10:13 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-08-15_20.49.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2009-08-16 21:58 . 2009-08-16 21:58 16384 c:\windows\temp\Perflib_Perfdata_784.dat

+ 2009-08-16 21:39 . 2009-08-16 21:39 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat

+ 2007-01-10 15:56 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll

+ 2009-08-16 20:46 . 2009-08-16 21:15 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2009-08-16 20:44 . 2009-08-16 20:44 228352 c:\windows\Installer\e03fbc.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"Google Update"="c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Gainward"="c:\windows\TBPanel.exe" [2005-10-26 2052096]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7700480]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016]

"RivaTuner"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]

"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2007-12-11 267048]

"RivaTunerStartupDaemon"="c:\rivatuner v2.02\RivaTuner.exe" [2007-07-01 2596864]

"M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424]

"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-16 590784]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-14 1622016]

"braviax"="" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"braviax"="" [bU]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apache2.2"=2 (0x2)

"WZCSVC"=2 (0x2)

"SharedAccess"=2 (0x2)

"SCardSvr"=3 (0x3)

"mysql"=2 (0x2)

"RSVP"=3 (0x3)

"RemoteRegistry"=2 (0x2)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"TapiSrv"=3 (0x3)

"UPS"=3 (0x3)

"VMware NAT Service"=2 (0x2)

"vmserverdWin32"=2 (0x2)

"vmount2"=2 (0x2)

"VMnetDHCP"=2 (0x2)

"VMAuthdService"=2 (0x2)

"mnmsrvc"=3 (0x3)

"Themes"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\FileZilla\\FileZilla.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\ITUNES\\iTunes.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\captain crosoft\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=

"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34447:TCP"= 34447:TCP:*:Disabled:Rfactor session chat

"34297:UDP"= 34297:UDP:*:Disabled:Rfactor Lan query

"34397:UDP"= 34397:UDP:*:Disabled:Rfactor Race event

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14:46 63352]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2008 19:16 114768]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/08/2009 22:46 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2008 19:16 20560]

R2 xdasd;Distributed Audit Service;c:\openxdas\xdasd.exe [28/05/2008 19:48 45056]

R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [18/06/2009 17:33 193032]

S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [21/11/2006 10:30 4224]

S2 gupdate1c9cdb39a729a0;Google Update Service (gupdate1c9cdb39a729a0);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2009 20:55 133104]

S3 NSClientpp;NSClientpp (Nagios) 0.3.5.2 2008-09-24 w32;c:\program files\NSClient++\nsclient++.exe [24/09/2008 23:33 409600]

S3 PORTMON;PORTMON;\??\c:\outils_alstom\PORTMSYS.SYS --> c:\outils_alstom\PORTMSYS.SYS [?]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/08/2008 00:17 517632]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/09/2006 14:55 16896]

S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\ufasoft\Sniffer\usft_sn4.sys [11/11/2007 03:30 15744]

S3 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [30/10/2008 18:59 1650782]

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55]

 

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 18:55]

 

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003Core.job

- c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04]

 

2009-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1993962763-725345543-1003UA.job

- c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com

IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm

TCP: {040CBFAE-B17B-4D4C-83D7-3A631463AC03} = 192.168.1.1,212.27.48.10

TCP: {58E5BC09-7242-4633-99BB-94E7ECA95338} = 80.10.246.2,80.10.246.129

TCP: {6F14E2EC-E3A9-429B-9160-FA199D284144} = 212.27.54.252,212.27.32.177

TCP: {7C2205B0-3CBC-4189-82B7-063F543AD864} = 160.92.121.4,160.92.121.6,80.10.246.2,80.10.246.129

FF - ProfilePath - c:\documents and settings\captain crosoft\Application Data\Mozilla\Firefox\Profiles\6gh4c5ef.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll

FF - plugin: c:\documents and settings\captain crosoft\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\captain crosoft\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\itunes\Mozilla Plugins\npitunes.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npUMediaPlayer5.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-16 23:59

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\braviax.exe 11264 bytes executable

c:\documents and settings\captain crosoft\Application Data\xafif.exe 10919 bytes

 

scan completed successfully

hidden files: 2

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:7d,0b,ed,c9,72,ef,f3,96,64,23,a2,a9,54,c9,8a,a2,9e,d2,5b,e3,95,70,19,

8e,21,da,1c,1b,86,df,51,7c,ef,2d,81,c9,b8,00,97,7f,ce,8c,e0,5e,6b,0e,3e,8b,\

"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

 

[HKEY_USERS\S-1-5-21-839522115-1993962763-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:b3,aa,9a,8d,c3,2c,7e,ac,82,cf,85,26,7c,c5,bb,de,88,91,c2,fb,08,

0c,5d,c3,e3,21,e1,46,6a,e2,80,9a,71,85,0f,58,3d,bd,a7,9e,0f,f6,97,15,e5,0f,\

"rkeysecu"=hex:0a,8a,03,96,13,6d,9e,41,e6,bb,99,da,b9,a6,f6,b0

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(2464)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\scardsvr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\sessmgr.exe

c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

c:\windows\system32\tlntsvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\braviax.exe

.

**************************************************************************

.

Completion time: 2009-08-16 0:07 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-16 22:07

ComboFix2.txt 2009-08-16 16:48

ComboFix3.txt 2009-08-16 15:46

ComboFix4.txt 2009-08-15 20:56

 

Pre-Run: 21 882 093 568 octets libres

Post-Run: 21 830 356 992 octets libres

 

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4

358 --- E O F --- 2009-08-16 21:16

 

 

On peu poursuivre demain si tu veux ?

[Falkra]

Ok on peut poursuivre demain, ça va régénérer mais je te prépare un gros truc pour les éclater.

Ne t'en fais pas, ce n'est qu'une question de temps, et ça n'altère pas tes fichiers personnels.

[stee]

Merci en tous les cas pour ton aide et ta patience !

 

Je préfère mon poste DEBIAN linux j'ai jamais eu de prob depuis 5ans

 

A demain

[stee]

Hello

 

Bon j'ai un soft_antispyware 2010 flambant neuf !!! c'est incroyable le bouleau qu'ils font pour faire des saloperies, sincèrement je ne sais ce que cela rapporte mais niveau dev j'imagine qu'ils se ballade (assembleur, C, etc).

 

@+