viruse impossible a supprimer Résolu

Question

Bonjour,

depuis deux jour je me bat avec un virus qui se manifeste  sur simple connexion a internet.
a mon avis il essai de télécharger d'autre fichier sur mon PC.

braviaxe.exe
beep.sys infecter et introuvable

je vous en serai tres reconnaissant de m'aider a me debarraser de ce nuisible sans reinstaller  ni  formater car je fait e la simulation de vol sur FSX et  perdre tout serai un vrai coup dur ! merci a tous

voici un  log  HJT  et combofix

ComboFix 09-08-10.06 - pyroman 13/08/2009 14:52.1.2 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.1.1036.18.2047.1497 [GMT 2:00]
Running from: c:\documents and settings\users\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService.AUTORITE NT.000\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\users\Application Data\wiaserva.log
c:ecycler\S-1-5-21-1659004503-1801674531-1417001333-500
c:ecycler\S-1-5-21-839522115-1897051121-1417001333-1003
c:\windows\system32\msconfig.exe


.
(((((((((((((((((((((((((   Files Created from 2009-07-13 to 2009-08-13  )))))))))))))))))))))))))))))))
.

2009-08-13 13:01 . 2009-08-13 13:01	--------	d-----w-	c:\windows\system32\oobe
2009-08-13 13:01 . 2009-08-13 13:01	--------	d-----w-	c:\windows\system32
pp
2009-08-13 13:01 . 2009-08-13 13:01	--------	d-----w-	c:\windows\msagent
2009-08-12 16:53 . 2009-08-12 16:49	404225	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-12 16:53 . 2009-08-12 16:49	345345	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-12 16:53 . 2009-03-03 09:21	9985	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-12 16:53 . 2008-10-20 06:38	126721	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-12 16:32 . 2009-08-12 16:32	--------	d-----w-	c:\program files\Chaos Shredder2.3FR
2009-08-12 16:32 . 2009-03-30 08:32	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-08-12 16:32 . 2009-03-24 14:07	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-08-12 16:32 . 2009-02-13 10:28	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2009-08-12 16:32 . 2009-02-13 10:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2009-08-12 16:32 . 2009-08-12 16:32	--------	d-----w-	c:\program files\Avira
2009-08-12 16:32 . 2009-08-12 16:32	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-08-12 14:10 . 2009-08-12 18:36	--------	d-----w-	c:\program files\a-squared Free
2009-08-12 14:03 . 2009-08-12 14:03	619584	----a-w-	c:\windows\system32\dllcache
tfs.sys
2009-08-12 09:28 . 2009-06-21 17:28	504320	--s-a-r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{8D9B572E-FCB3-4504-B5BB-A64921F21BA2}\_Setup.dll
2009-08-12 09:28 . 2009-05-16 02:26	223232	--s---r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{8D9B572E-FCB3-4504-B5BB-A64921F21BA2}\Setup.exe
2009-08-12 09:27 . 2009-06-28 01:42	504320	--s-a-r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{3C0A07AD-B90D-43A9-9774-BF9DDB303E82}\_Setup.dll
2009-08-12 09:27 . 2009-05-16 02:26	223232	--s---r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{3C0A07AD-B90D-43A9-9774-BF9DDB303E82}\Setup.exe
2009-08-12 09:27 . 2009-07-04 14:26	504320	--s-a-r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{BF157FA3-7537-4A33-AC64-E8D41D0C862E}\_Setup.dll
2009-08-12 09:27 . 2009-06-25 04:03	223744	--s---r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{BF157FA3-7537-4A33-AC64-E8D41D0C862E}\Setup.exe
2009-08-12 09:27 . 2009-04-10 01:08	504320	--s-a-r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{E7FC0C8B-15FE-446A-ADAE-49FC6959B8FE}\_Setup.dll
2009-08-12 09:27 . 2009-04-04 04:25	223232	--s---r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{E7FC0C8B-15FE-446A-ADAE-49FC6959B8FE}\Setup.exe
2009-08-11 20:12 . 2009-08-11 20:10	102664	----a-w-	c:\windows\system32\drivers	mcomm.sys
2009-08-11 20:10 . 2009-08-11 22:25	--------	d-----w-	c:\documents and settings\users\.housecall6.6
2009-08-10 09:31 . 2009-08-10 09:31	--------	d-----w-	c:\program files\Free.fr
2009-08-10 00:57 . 2009-08-10 00:57	552	----a-w-	c:\windows\system32\d3d8caps.dat
2009-08-10 00:40 . 2009-08-10 00:40	--------	d-----w-	c:\documents and settings\users\Local Settings\Application Data\Paint.NET
2009-08-09 21:57 . 2009-08-09 21:57	--------	d-----w-	c:\program files\Fichiers communs\PCSuite
2009-08-09 21:56 . 2008-08-26 08:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2009-08-09 21:55 . 2009-08-09 21:56	--------	d-----w-	c:\program files\PC Connectivity Solution
2009-08-09 21:55 . 2009-08-09 21:54	33728384	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre.exe
2009-08-09 21:55 . 2009-08-09 21:55	95232	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-08-09 21:55 . 2009-08-09 21:55	8192	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-09 21:55 . 2009-08-09 21:55	61440	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-09 21:55 . 2009-08-09 21:55	10240	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-09 21:46 . 2009-08-09 21:46	--------	d-----w-	c:\program files\Axon Data
2009-08-09 17:24 . 2008-04-13 07:45	26112	----a-w-	c:\windows\system32\drivers\usbser.sys
2009-08-09 17:23 . 2008-03-21 11:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2009-08-09 16:12 . 2009-02-09 06:37	7808	----a-w-	c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-08-09 16:12 . 2009-02-09 06:37	7808	----a-w-	c:\windows\system32\drivers\usbser_lowerflt.sys
2009-08-09 16:12 . 2009-02-09 06:37	22016	----a-w-	c:\windows\system32\drivers\ccdcmbo.sys
2009-08-09 16:12 . 2009-02-09 06:37	659968	----a-w-	c:\windows\system32
mwcdcocls.dll
2009-08-09 16:12 . 2009-02-09 06:37	17664	----a-w-	c:\windows\system32\drivers\ccdcmb.sys
2009-08-09 16:12 . 2009-02-09 06:32	1112288	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2009-08-09 16:11 . 2009-08-09 16:10	24519152	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_1.7.3FR.exe
2009-08-09 16:10 . 2009-08-09 16:10	36864	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-08-09 16:10 . 2009-08-09 16:10	3351812	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-08-09 16:10 . 2009-08-09 16:10	3181612	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-08-09 16:06 . 2009-08-09 16:06	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Nokia
2009-08-09 16:06 . 2009-08-09 16:06	--------	d-----w-	c:\program files\MSXML 6.0
2009-08-09 15:56 . 2008-03-21 11:57	23856	----a-w-	c:\windows\system32\spupdsvc.exe
2009-08-09 15:54 . 2009-08-09 15:55	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\PC Suite
2009-08-09 15:54 . 2009-08-11 12:12	--------	d-----w-	c:\documents and settings\users\Application Data\Nokia
2009-08-09 15:54 . 2009-08-09 21:56	--------	d-----w-	c:\program files\DIFX
2009-08-09 15:53 . 2009-08-09 21:57	--------	d-----w-	c:\program files\Fichiers communs\Nokia
2009-08-09 15:53 . 2009-08-09 15:56	--------	d-----w-	c:\documents and settings\users\Application Data\PC Suite
2009-08-09 15:52 . 2009-08-09 21:57	--------	d-----w-	c:\program files\Nokia
2009-08-09 15:52 . 2009-02-09 06:37	91136	----a-w-	c:\windows\system32
mwcdcls.dll
2009-08-09 15:52 . 2009-08-09 15:50	27632240	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}
okia-pc-suite_nokia_pc_suite_6.85.14.1_francais_28522.exe
2009-08-09 15:51 . 2009-08-09 15:51	733783	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe
2009-08-09 15:51 . 2009-08-09 15:51	8192	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-09 15:51 . 2009-08-09 15:51	61440	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-09 15:51 . 2009-08-09 15:51	10240	----a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-09 15:51 . 2009-08-09 21:55	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-08-09 14:11 . 2009-08-10 09:15	--------	d-----w-	c:\program files\Sagem
2009-08-05 11:13 . 2009-08-10 09:20	--------	d-----w-	c:\documents and settings\users\Application Data\MxBoost
2009-08-05 11:12 . 2009-08-05 11:13	--------	d-----w-	c:\program files\Maxthon2
2009-08-05 00:58 . 2009-08-12 23:45	--------	d-----w-	c:\windows\system32\LogFiles
2009-08-05 00:13 . 2009-08-12 08:30	--------	d-----w-	C:\wallflash
2009-08-04 20:58 . 2009-08-04 20:58	--------	d-----w-	c:\documents and settings\users\Application Data\OtakuSoftware
2009-08-04 19:25 . 2009-08-04 19:25	--------	d-----w-	c:\documents and settings\users\Application Data\Styler
2009-08-04 19:16 . 2009-08-04 20:34	15086	----a-r-	c:\documents and settings\users\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe
2009-08-04 19:16 . 2009-08-04 20:34	15086	----a-r-	c:\documents and settings\users\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe
2009-08-04 19:16 . 2009-08-04 20:34	--------	d-----w-	c:\program files\Styler
2009-08-04 19:00 . 2009-08-04 19:01	--------	d-----w-	c:\program files\Teamspeak2_RC2
2009-08-04 18:48 . 2009-08-04 18:48	--------	d-----w-	c:\documents and settings\users\Application Data\IconTweaker
2009-08-04 18:48 . 2009-08-04 18:48	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\IconTweaker
2009-08-04 18:48 . 2009-08-04 18:48	--------	d-----w-	c:\program files\IconTweaker
2009-08-04 18:41 . 2000-05-17 07:52	187392	----a-w-	c:\windows\system32\JPGUtils.dll
2009-08-04 18:41 . 2009-08-04 18:41	--------	d-----w-	c:\program files\WinCustomize
2009-08-04 18:16 . 2009-08-04 18:16	--------	d-----w-	c:\program files\Fichiers communs\Stardock
2009-08-04 18:15 . 2009-08-10 01:06	163712	----a-w-	c:\windows\system32\drivers\vidstub.sys
2009-07-31 21:21 . 2009-07-31 21:25	--------	d-----w-	c:\program files\Alice
2009-07-31 20:18 . 2009-07-31 20:18	--------	d-----w-	c:\documents and settings\users\Local Settings\Application Data\Identities
2009-07-26 11:55 . 2001-08-17 18:02	2688	----a-w-	c:\windows\system32\drivers\HIDSwvd.sys
2009-07-26 11:55 . 2008-04-13 07:45	59136	----a-w-	c:\windows\system32\drivers\GcKernel.sys
2009-07-23 15:15 . 2008-04-13 15:33	21504	----a-w-	c:\windows\system32\hidserv.dll
2009-07-23 15:15 . 2008-04-13 15:05	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2009-07-23 14:56 . 2001-08-23 13:04	12288	----a-w-	c:\windows\system32\drivers\mouhid.sys
2009-07-21 15:31 . 2009-07-21 15:31	9158	----a-r-	c:\documents and settings\users\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-21 15:31 . 2009-07-21 15:31	--------	d-----w-	c:\program files\Fichiers communs\ATI Technologies
2009-07-21 15:30 . 2008-07-02 19:38	89600	----a-r-	c:\windows\system32\drivers\AtiHdmi.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 13:07 . 2008-12-23 08:57	13332512	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-08-13 13:01 . 2008-12-23 08:57	161372	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-08-13 07:33 . 2008-11-09 13:46	--------	d---a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-13 07:26 . 2008-10-28 12:46	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-08-13 07:18 . 2008-05-02 22:57	73810	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-13 07:18 . 2008-05-02 22:57	465624	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-13 07:15 . 2008-10-27 20:43	--------	d-----w-	c:\documents and settings\Administrateur.TEAM-6B5FF991C9\Application Data\Notepad++
2009-08-12 20:12 . 2009-08-13 07:16	1626112	----a-w-	c:\windows\Internet Logs\xDB2D.tmp
2009-08-12 20:12 . 2009-08-13 07:16	2868224	----a-w-	c:\windows\Internet Logs\xDB2C.tmp
2009-08-12 18:26 . 2008-10-28 12:41	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-12 17:56 . 2008-11-06 00:47	--------	d-----w-	c:\program files\PapierPeint
2009-08-12 14:24 . 2009-08-12 14:25	2872832	----a-w-	c:\windows\Internet Logs\xDB2A.tmp
2009-08-12 14:24 . 2009-08-12 14:25	1623552	----a-w-	c:\windows\Internet Logs\xDB2B.tmp
2009-08-12 14:03 . 2008-05-02 22:57	619584	----a-w-	c:\windows\system32\drivers
tfs.sys
2009-08-12 09:28 . 2009-06-30 18:59	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
2009-08-12 08:50 . 2008-10-27 21:37	28200	----a-w-	c:\documents and settings\users\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 08:42 . 2008-10-27 18:20	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-08-12 08:20 . 2008-10-28 10:50	--------	d-----r-	c:\program files\Microsoft Games
2009-08-10 18:11 . 2009-08-10 18:28	1609216	----a-w-	c:\windows\Internet Logs\xDB29.tmp
2009-08-10 18:11 . 2009-08-10 18:28	2849792	----a-w-	c:\windows\Internet Logs\xDB28.tmp
2009-08-10 16:45 . 2008-11-09 05:50	--------	d-----w-	c:\program files\PeerTV
2009-08-10 01:00 . 2008-09-21 08:11	3778560	----a-w-	c:\windows\system32\logonuiX.exe
2009-08-09 23:31 . 2009-08-09 23:31	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-09 23:31 . 2009-08-09 23:31	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-09 17:24 . 2009-08-09 17:24	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-09 17:24 . 2009-08-09 17:24	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-04 22:16 . 2008-10-27 17:30	--------	d-----w-	c:\program files\Paint.NET
2009-08-04 18:15 . 2008-10-27 18:15	--------	d-----w-	c:\program files\Stardock
2009-08-04 05:42 . 2009-02-09 16:22	--------	d-----w-	c:\program files\Conduit
2009-08-01 04:27 . 2008-10-27 21:24	--------	d-----w-	c:\program files\Yahoo!
2009-08-01 04:26 . 2008-12-20 07:16	--------	d-----w-	c:\program files\NukeNabber
2009-08-01 04:24 . 2008-12-19 22:28	--------	d-----w-	c:\program files\A4Proxy
2009-08-01 02:25 . 2008-10-27 20:55	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com
2009-08-01 02:25 . 2008-10-27 17:43	--------	d-----w-	c:\program files\ma-config.com
2009-07-24 11:21 . 2009-07-24 11:22	234496	----a-w-	c:\windows\Internet Logs\xDB27.tmp
2009-07-17 00:38 . 2008-11-07 01:59	--------	d-----w-	c:\documents and settings\users\Application Data\dvdcss
2009-07-17 00:31 . 2009-03-01 23:11	3549996	----a-w-	c:\windows\Internet Logs	vDebug.zip
2009-07-15 16:46 . 2009-07-15 16:47	95744	----a-w-	c:\windows\Internet Logs\xDB26.tmp
2009-07-14 02:32 . 2009-07-14 02:34	20480	----a-w-	c:\windows\Internet Logs\xDB24.tmp
2009-07-14 02:32 . 2009-07-14 02:34	1478656	----a-w-	c:\windows\Internet Logs\xDB25.tmp
2009-07-13 21:07 . 2009-07-14 02:25	1478656	----a-w-	c:\windows\Internet Logs\xDB23.tmp
2009-07-13 21:07 . 2009-07-14 02:25	324096	----a-w-	c:\windows\Internet Logs\xDB22.tmp
2009-07-13 21:05 . 2009-07-13 21:06	1478656	----a-w-	c:\windows\Internet Logs\xDB21.tmp
2009-06-29 15:55 . 2008-11-02 12:08	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-06-23 10:23 . 2009-06-23 10:23	271360	----a-w-	c:\windows\system32\drivers\atksgt.sys
2009-06-23 10:23 . 2009-06-23 10:23	18048	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2009-06-23 10:09 . 2009-06-23 10:09	--------	d-----w-	c:\program files\Monte Cristo
2009-06-21 17:37 . 2009-06-30 19:01	504320	--s-a-r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{C19362F1-0874-4172-8127-E14F49EFF507}\_Setup.dll
2009-06-19 10:29 . 2009-06-19 22:09	1478656	----a-w-	c:\windows\Internet Logs\xDB20.tmp
2009-06-19 10:29 . 2009-06-19 22:09	275968	----a-w-	c:\windows\Internet Logs\xDB1F.tmp
2009-06-09 12:04 . 2009-06-09 12:04	21035	----a-w-	c:\windows\system32\drivers\AegisP.sys
2009-05-28 05:16 . 2009-05-30 17:05	1476096	----a-w-	c:\windows\Internet Logs\xDB1E.tmp
2009-05-28 05:16 . 2009-05-30 17:05	231936	----a-w-	c:\windows\Internet Logs\xDB1D.tmp
2009-05-16 02:26 . 2009-06-30 19:01	223232	--s---r-	c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{C19362F1-0874-4172-8127-E14F49EFF507}\Setup.exe
2008-10-28 12:52 . 2008-10-28 12:52	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-29 00:36 . 2008-10-29 00:36	61	--sh--w-	c:\windows\cnerolf.dat
.

------- Sigcheck -------

[-] 2008-05-02 22:57	361344	ACCF5A9A1FFAA490F33DBA1C632B95E1	c:\windows\system32\drivers	cpip.sys

[-] 2008-05-02 22:57	2364928	3391F4DDEA530297E720357F40AD06EB	c:\windows\system32
tkrnlpa.exe

[-] 2008-05-02 22:57	2486272	2E36C8BE37E4E86277E559462322375C	c:\windows\system32
toskrnl.exe

[-] 2008-08-12 09:04	1992704	76445E197EB693EAE328078E331024F9	c:\windows\explorer.exe

[-] 2008-05-02 22:57	1648640	F2614128EF03320BBFCF17F19A1633E9	c:\windows\system32\comres.dll



[7] 2008-05-02 22:57	574976	78A08DD6A8D65E697C18E1DB01C5CDCA	c:\windows\i386\NTFS.SYS
[-] 2009-08-12 14:03	619584	4DFB45D14330ACE7FD32EE8DBCF50C97	c:\windows\system32\dllcache
tfs.sys
[-] 2009-08-12 14:03	619584	4DFB45D14330ACE7FD32EE8DBCF50C97	c:\windows\system32\drivers
tfs.sys


[-] 2008-05-02 22:57	1571840	A9658459BB4F4EE00FA117C9382C0D3A	c:\windows\system32\sfcfiles.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32
tmssvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"TopDesk"="c:\program files\Windows7\TopDesk	opdesk.exe" [2007-06-20 1912832]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2006-06-23 3394048]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"PapierPeint"="c:\program files\PapierPeint\Papier Peint.exe" [2008-03-03 229376]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-05-02 124928]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-10-27 1235456]

c:\documents and settings\Administrateur.TEAM-6B5FF991C9\Menu D‚marrer\Programmes\D‚marrage\
sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-10-27 1235456]

c:\documents and settings\users\Menu D‚marrer\Programmes\D‚marrage\
Vienna Superbar.lnk - c:\documents and settings\users\Bureau\DOC-PULIC-DOC-\LOGICIELS\KUSTOOOOOOOOOO\Win7Superbar_Vienna_Navigator\Windows_7_Superbar_Vienna_Navigator\Applications\Superbar_ESiti Forum.exe [2009-8-4 1186816]
Windows Seven Dock.lnk - c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe [2008-10-27 586240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Belkin Wireless G USB Adapter Client Utility.lnk]
backup=c:\windows\pss\Belkin Wireless G USB Adapter Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^users^Menu Démarrer^Programmes^Démarrage^Styler.lnk]
backup=c:\windows\pss\Styler.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupregegedit32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"c:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"=
"c:\WINDOWS\system32\dpnsvr.exe"=
"c:\Program Files\FSFDT\FWInn\FWINN.exe"=
"c:\Program Files\FSFDT\Control Panel\FSFDTCP.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"=
"c:\Program Files\PeerTV\PeerCast.exe"=
"c:\Program Files\PeerTV\VLC\vlc.exe"=
"c:\WINDOWS\system32\dxdiag.exe"=
"c:\WINDOWS\system32\mmc.exe"=
"c:\Program Files\MSN Messenger\msnmsgr.exe"=
"c:\Program Files\MSN Messenger\livecall.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11225:TCP"= 11225:TCP:BitComet 11225 TCP
"11225:UDP"= 11225:UDP:BitComet 11225 UDP
"20008:TCP"= 20008:TCP:BitComet 20008 TCP
"20008:UDP"= 20008:UDP:BitComet 20008 UDP

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [03/05/2008 00:57 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [03/05/2008 00:57 210224]
R2 antivirschedulerservice;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 18:32 108289]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/06/2009 14:03 38144]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [21/07/2009 17:30 89600]
R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
S0 BootScreen;BootScreen;\SystemRoot\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\SystemRoot\System32\drivers\vidstub.sys [?]
S1 41062c4b;41062c4b;c:\windows\system32\drivers\41062c4b.sys --> c:\windows\system32\drivers\41062c4b.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32egedt32.exe [03/05/2008 00:57 29696]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [09/06/2009 14:03 238848]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/10/2008 14:52 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
pf.sys [22/05/2008 01:57 34576]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 11:26 507136]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [13/11/2008 11:52 24576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\users\Application Data\Mozilla\Firefox\Profiles\l9snwe27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr|https://www.blogger.com/about/|http://www.fsalgeria-group.com/login.forum?connexion|https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhome.php#/profile.php?id=1485058416|http://www.pole-emploi.fr/accueilpe/
FF - component: c:\documents and settings\users\Application Data\Mozilla\Firefox\Profiles\l9snwe27.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602
pCIDetect13.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Picasa2
pPicasa2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1606980848-1177238915-1002\Software\SecuROM\License information*]
"datasecu"=hex:d1,81,7a,0e,57,d4,8c,27,26,57,dd,0b,f1,8e,05,c9,b4,c2,04,bd,ab,
   e2,06,72,b9,46,44,6a,65,e3,1a,48,d1,6d,fc,fd,3b,ff,5a,ed,c2,81,3b,ed,d6,5f,\
"rkeysecu"=hex:60,ab,f8,78,f0,0d,da,f7,46,d5,5f,0d,53,03,19,54

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,de,78,d2,f4,e6,
   79,c7,b7,e2,63,26,f1,3f,c8,ff,68,f0,b4,10,3d,2c,22,15,1d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,a0,37,34,b6,f3,
   d7,e9,80,6a,9c,d6,61,af,45,84,18,a4,14,08,5f,6d,10,84,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f4,f7,d6,dd,b2,
   b0,49,bd,ff,7c,85,e0,43,d4,0e,fe,38,ab,72,1c,84,9f,fd,89,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,37,41,8e,68,9b,
   25,2c,78,86,8c,21,01,be,91,eb,e7,36,0b,23,09,ba,f3,98,5b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,46,25,85,c0,d9,
   23,43,99,f5,1d,4d,73,a8,13,5c,05,8a,3a,56,06,d1,40,c4,6f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,bf,8c,18,5e,f1,
   dc,bf,29,df,20,58,62,78,6b,cf,c8,79,65,e4,3f,86,1b,b5,3e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,30,75,a6,fd,
   ae,c5,de,fb,a7,78,e6,12,2f,9a,ea,74,43,89,f9,75,b4,41,4c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,aa,e5,5c,ae,ae,
   17,7b,52,01,3a,48,fc,e8,04,4a,f1,6b,aa,42,59,c3,df,c0,b9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,70,76,1b,78,84,
   8b,e9,24,f6,0f,4e,58,98,5b,89,c9,83,49,3e,40,1d,b8,c6,22,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,fc,8c,a6,5c,8b,
   2e,23,3e,3d,ce,ea,26,2d,45,aa,78,6f,30,79,76,74,23,8a,0a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,64,a3,43,02,
   77,db,e5,2a,b7,cc,b5,b9,7f,41,e7,3e,d1,c5,5f,90,cd,d4,2c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\WINDOWS\system32\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,8d,59,82,1a,
   e1,43,cc,6c,43,2d,1e,aa,22,2f,9c,fa,9e,87,d9,b5,c8,a0,f6,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-13 15:10 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-13 13:10

Pre-Run: 246 611 423 232 octets libres
Post-Run: 247 196 049 408 octets libres

440





hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:30, on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PapierPeint\Papier Peint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\users\LOCALS~1\Temp\{A4785A87-3B51-4901-8EDD-D2E57FD04324}\Superbar_ESiti Forum.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\users\Bureau\HiJackThis.exe
C:\WINDOWS\system32\braviax.exe
C:\Documents and Settings\users\Bureau\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PapierPeint] C:\Program Files\PapierPeint\Papier Peint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TopDesk] C:\Program Files\Windows7\TopDesk	opdesk.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [braviax]  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax]  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Vienna Superbar.lnk = C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\LOGICIELS\KUSTOOOOOOOOOO\Win7Superbar_Vienna_Navigator\Windows_7_Superbar_Vienna_Navigator\Applications\Superbar_ESiti Forum.exe
O4 - Startup: Windows Seven Dock.lnk = C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcappcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pimprenelle27 · Answer

Bonjour,

Il faut jamais passer des fix comme combo et autres sans avoir l'avis d'un spécialiste avant.

&#x25B6; Télécharge Random's System Information Tool (RSIT).

&#x25B6; Un tutoriel est  à ta disposition pour l'installer et l'utiliser correctement ici

&#x25B6; Double clique sur RSIT.exe pour lancer l'outil.

&#x25B6; Clique sur 'Continue' à l'écran Disclaimer.

&#x25B6; Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

&#x25B6; Une fois le scan fini , 2 rapports vont apparaitre. &#x25B6; Héberge le contenu des 2 rapports.

( C:\RSIT\log.txt et C:\RSIT\info.txt )

CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller


Petite chose à faire pour les rapports générés par RSIT avant de continuer

&#x25B6; Vous devez fusionner les deux rapports.
&#x25B6; C'est-à-dire, copier/coller le contenu du rapport info.txt à la suite du rapport log.txt pour ne faire qu'un seul rapport.
&#x25B6; Ensuite enregistrer le rapport log.txt.

 Ensuite : 

&#x25B6;  Rendez-vous à cette adresse d'hébergement gratuit : https://www.cjoint.com/

&#x25B6; Cliquez sur parcourir,  puis sur créer le lien cjoint

&#x25B6; Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse

pyromanus · Answer

merci de votre aide ! 

a vrai dire je ne sait plus trop quoi faire c'est pour sa .

voici le lien  https://www.cjoint.com/?inqpW5m5Xn

sherred · Answer

1- effacer le fichier infecté beep.sys situé dans c:\windows\system32\dllcache

2- effacer le fichier infecté beep.sys situé dans c:\windows\system32\drivers

3- cliquer successivement sur démarrer, exécuter puis écrire regedit dans la petite fenêtre puis
cliquer sur OK

4- la fenêtre de regedit s'ouvre, aller alors sur la clef:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

5- cliquer droit sur cette clef (Windows) puis clic gauche sur Autorisations et ensuite clic 
gauche sur Paramères Avancés et enfin décocher la ligne Hérite de l'objet parent...
(ne pas s'inquiéter du message d'alerte, c'est sans danger et on le rétablira plus tard)

6- fermer regedit puis redémarrer

7- effacer alors dans c:\windows puis dans c:\windows\system32 les 2 fichiers braviax.exe et
cru629.dat.

merci a tcluk  pour cette methode simple

pimprenelle27 · Answer

Pour les utilisateurs de Spybot Search and Destroy :

    * Si vous avez TeaTimer (le résident de Spybot S&D), désactivez-le sinon il va gêner la désinfection en empêchant la modification des BHO et la réparation du registre.
          o Démarrez Spybot, cliquez sur Mode, cochez Mode avancé
          o A gauche, cliquez sur Outils, puis sur Résident
          o Décochez la case devant Résident "TeaTimer" puis quittez Spybot :


Note importante :
Une fois la désinfection terminée ( et pas avant ), réactiver le " TeaTimer " .
/!\ Mais attention :
à ce moment là, le " TeaTimer " de Spybot proposera, par le biais de plusieurs pop-up, d'accepter ou non des modifications de registre ( survenuent lors de la désinfection ) -> il faudra alors les accepter toutes sans exeptions !

Puis part la suite , il faudra rester vigilant lorsque le "TeaTimer" donnera des alertes : accepter une modification uniquement si on en connait la provenance .
 




&#x25B6; Télécharger SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
 
&#x25B6; Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.
 
/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..

&#x25B6; Comment redémarrer en mode sans échec ??

&#x25B6; Choisir son compte, pas celui de l'Administrateur ou autre.

Dérouler la liste des instructions ci-dessous :
 
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum

pyromanus · Answer

j'ai chercher beep.sys dans les dossier indiquer  mais sans résultat aucun fichier nommer beep.sys


j'ai décocher hériter comme indiquer puis j'ai redémarre .

  je suis allez dans c:/windows/system32   :  braviax supprimer

 mais cru629 je ne le trouve pas !

je continue quand meme ?

sherred · Answer

suit les instruction de pimprenelle27 , il est le plus agueri dans ce domaine
https://forums.commentcamarche.net/forum/affich-13863360-viruse-impossible-a-supprimer#4

pimprenelle27 · Answer

Merci sherred pour le il est. Ce serrais plus tôt le elle est.

sherred · Answer

OOPS
désolé
et le 27 se raporte a ta région ?

pimprenelle27 · Answer

oui tout à fait pourquoi.

sherred · Answer

je suis du 27

pimprenelle27 · Answer

ah tient quel bonne surprise on pourrait en parler en mp si tu le veux bien, pas ici pour ne pas gêner le sujet . Merci.

pyromanus · Answer

apres 1 h de sdk  voici le rapport!

merci de ton aide  madame ou mademoiselle! 

b]SDFix: Version 1.240 [/b]
Run by pyroman on 13/08/2009 at 17:26

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 18:16:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:æTorrent"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\FSFDT\FWInn\FWINN.exe"="C:\Program Files\FSFDT\FWInn\FWINN.exe:*:Enabled:FSInn Application"
"C:\Program Files\FSFDT\Control Panel\FSFDTCP.exe"="C:\Program Files\FSFDT\Control Panel\FSFDTCP.exe:*:Enabled:FSFDT Control Panel"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\PeerTV\PeerCast.exe"="C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast"
"C:\Program Files\PeerTV\VLC\vlc.exe"="C:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon  3 Mar 2008           568 A..H. --- "C:\WINDOWS
od32fixtemdono.reg"
Mon  3 Mar 2008         5,702 A..H. --- "C:\WINDOWS
od32restoretemdono.reg"
Thu  8 Mar 2007       258,560 A..H. --- "C:\Program Files\Adobe\upx.exe"
Thu 11 Dec 2008     6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 22 Oct 2008       949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008     1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon  7 Jul 2008     1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon  7 Jul 2008     4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008     1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008       962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed  5 Nov 2008         4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri  7 Nov 2008           444 ...HR --- "C:\Documents and Settings\users\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat  2 Jul 2005         4,348 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\Sauvegarde de la licence\drmv1key.bak"
Sat  2 Jul 2005            20 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\Sauvegarde de la licence\drmv1lic.bak"
Sat  2 Jul 2005           400 A.SH. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\Sauvegarde de la licence\drmv2key.bak"
Wed 18 May 2005        24,576 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\stage 1Šre ann‚e\~WRL1412.tmp"
Wed 18 May 2005        25,088 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\stage 1Šre ann‚e\~WRL4057.tmp"
Sun 17 Dec 2006        24,576 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\3eme ann‚e\Memoire\~WRL0361.tmp"
Wed  4 Apr 2007        30,208 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\3eme ann‚e\Memoire\grilles entretiens\~WRL1328.tmp"
Wed  4 Apr 2007        29,184 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\3eme ann‚e\Memoire\grilles entretiens\~WRL1601.tmp"
Wed  4 Apr 2007        33,280 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\3eme ann‚e\Memoire\grilles entretiens\~WRL2069.tmp"
Wed  4 Apr 2007        31,232 A..H. --- "C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\pc2 save\documents users\a GRAVER\humhum\cours\3eme ann‚e\Memoire\grilles entretiens\~WRL3076.tmp"

[b]Finished![/b]

pyromanus · Answer

toujours les alerte de securite de avira ...

Dans le fichier 'C:\WINDOWS\system32\wisdstr.exe'
un virus ou un programme indésirable 'TR/Dldr.FraudLo.sxm' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\AIQX0EG2\Install[1].exe'
un virus ou un programme indésirable 'TR/Dldr.FraudLo.sxm' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\1OE2TYYX\Install[1].exe'
un virus ou un programme indésirable 'TR/Dldr.FraudLo.sxm' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\WINDOWS\system32\wisdstr.exe'
un virus ou un programme indésirable 'TR/Dldr.FraudLo.sxm' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\LBTBJTPN\Install[1].exe'
un virus ou un programme indésirable 'TR/Dldr.FraudLo.sxm' [trojan] a été détecté.
Action exécutée : Refuser l'accès


tout sa des que je me connecte .  et braviax.exe  et de retoure dans le meme dossier ...

help  ;-(

pimprenelle27 · Answer

Fait moi ceci car sdfix n'a rien trouvé normale il n'est plus à jour : 

Télécharger AVPTool

La page qui vous accueille comporte en général les 12 dernières versions générées. Regardez attentivement l'heure et la date affichées dans le nom du logiciel pour déterminer celle qui est la plus récente. Téléchargez-la sans hésiter sur le bureau de votre PC. Double-cliquez dessus pour lancez l'installation.

Attention : AVPTool (tout comme d'autres outils du même acabit tels que Antivir, BitDefender Free, etc.) n'est pas une protection. C'est un détecteur et un nettoyeur d'infections déjà présentes sur le PC. Pour vous protéger efficacement contre les menaces modernes que sont les Drive-by Downloads, les Stage Downloads, les Banking Trojans, les Webstorms, il faut disposer d'authentiques suites de sécurité comme Kaspersky Antivirus 8.0 (KAV) ou Kaspersky Internet Security 8.0 (KIS).

AVPTool fonctionne sous Windows 2000, XP, Vista 32 bits. Il ne doit pas être utilisé sur des machines déjà équipées de KAV 8.0 ou KIS 8.0.

pyromanus · Answer

le lien AVPTool me donne directement la dernier version disponible  (version 7.0.0.290_14.08.2009_17-16) .  je la télécharge sur le bureau  je lance le scan . et au bout de 30 seconde  un message d'erreur m'indique que la base de signature des virus et corrompu.

je refait l'opertation et retelecharge encore la meme version  mais  sa me remet la meme chose !

je retrouve encore braviax  dans les processuse actif a chaque redemarage  et avira m'indique figaro.sys dans c:/windows/systeme32/dllcache (mais introuvable )

je suis completement desesperer  lol  en plus mon PC  et  2a 3 foix plus lent que d'habitude.
et mon simulatere de vol  bloque et  au bout de deux minute ecran bleu... sa ne me la jammais fait .

de plus braviax je les attraper sur ce site en cliquant sur un lien   lol

que puis je faire de plus ? réinstallation ?

en  tout cas merci de ton aide pimprenelle27 c'est vraiment  gentille .

pyromanus · Answer

si sa peu aider voici un rapport extrait de avptool

<AVZ_CollectSysInfo>
--------------------
Start time: 14/08/2009 16:09:02
Duration: 00:01:44
Finish time: 14/08/2009 16:10:46

<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
14/08/2009 16:09:05 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
14/08/2009 16:09:05 System Restore: enabled
14/08/2009 16:09:06 1.1 Searching for user-mode API hooks
14/08/2009 16:09:07 Analysis: kernel32.dll, export table found in section .text
14/08/2009 16:09:07 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C80236B->61F03F42
14/08/2009 16:09:07 Hook kernel32.dll:CreateProcessA (99) blocked
14/08/2009 16:09:07 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802336->61F04040
14/08/2009 16:09:07 Hook kernel32.dll:CreateProcessW (103) blocked
14/08/2009 16:09:07 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC6E->61F041FC
14/08/2009 16:09:07 Hook kernel32.dll:FreeLibrary (241) blocked
14/08/2009 16:09:07 Function kernel32.dll:GetModuleFileNameA (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B55F->61F040FB
14/08/2009 16:09:07 Hook kernel32.dll:GetModuleFileNameA (373) blocked
14/08/2009 16:09:07 Function kernel32.dll:GetModuleFileNameW (374) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B465->61F041A0
14/08/2009 16:09:07 Hook kernel32.dll:GetModuleFileNameW (374) blocked
14/08/2009 16:09:07 Function kernel32.dll:GetProcAddress (409) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE30->61F04648
14/08/2009 16:09:07 Hook kernel32.dll:GetProcAddress (409) blocked
14/08/2009 16:09:07 Function kernel32.dll:LoadLibraryA (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D7B->61F03C6F
14/08/2009 16:09:07 Hook kernel32.dll:LoadLibraryA (581) blocked
14/08/2009 16:09:07 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
14/08/2009 16:09:07 Function kernel32.dll:LoadLibraryExA (582) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D53->61F03DAF
14/08/2009 16:09:07 Hook kernel32.dll:LoadLibraryExA (582) blocked
14/08/2009 16:09:07 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
14/08/2009 16:09:07 Function kernel32.dll:LoadLibraryExW (583) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF5->61F03E5A
14/08/2009 16:09:07 Hook kernel32.dll:LoadLibraryExW (583) blocked
14/08/2009 16:09:07 Function kernel32.dll:LoadLibraryW (584) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AEDB->61F03D0C
14/08/2009 16:09:07 Hook kernel32.dll:LoadLibraryW (584) blocked
14/08/2009 16:09:07 IAT modification detected: LoadLibraryW - 00C20010<>7C80AEDB
14/08/2009 16:09:07 Analysis: ntdll.dll, export table found in section .text
14/08/2009 16:09:07 Analysis: user32.dll, export table found in section .text
14/08/2009 16:09:07 Analysis: advapi32.dll, export table found in section .text
14/08/2009 16:09:07 Analysis: ws2_32.dll, export table found in section .text
14/08/2009 16:09:07 Analysis: wininet.dll, export table found in section .text
14/08/2009 16:09:08 Analysis: rasapi32.dll, export table found in section .text
14/08/2009 16:09:08 Analysis: urlmon.dll, export table found in section .text
14/08/2009 16:09:08 Analysis: netapi32.dll, export table found in section .text
14/08/2009 16:09:09 1.2 Searching for kernel-mode API hooks
14/08/2009 16:09:09 Driver loaded successfully
14/08/2009 16:09:09 SDT found (RVA=085700)
14/08/2009 16:09:09 Kernel ntkrnlpa.exe found in memory at address 804D7000
14/08/2009 16:09:09 SDT = 8055C700
14/08/2009 16:09:09 KiST = 80504450 (284)
14/08/2009 16:09:09 Function NtClose (19) intercepted (805BC4EC->B9E8C818), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:09 >>> Function restored successfully !
14/08/2009 16:09:09 >>> Hook code blocked
14/08/2009 16:09:11 Function NtConnectPort (1F) intercepted (805A45B4->ACCBF040), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateFile (25) intercepted (80579084->ACCBB930), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateKey (29) intercepted (80623786->BA710E9E), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreatePagingFile (2D) intercepted (805AB9D4->B9E80A20), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreatePort (2E) intercepted (805A50D0->ACCBF510), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateProcess (2F) intercepted (805D11EC->ACCC5870), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateProcessEx (30) intercepted (805D1136->ACCC5AA0), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateSection (32) intercepted (805AB3AE->ACCC8FD0), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateThread (35) intercepted (805D0FD4->BA710E94), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtCreateWaitablePort (38) intercepted (805A50F4->ACCBF600), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtDeleteFile (3E) intercepted (80576C2C->ACCBBF20), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtDeleteKey (3F) intercepted (80623C16->BA710EA3), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtDeleteValueKey (41) intercepted (80623DE6->BA710EAD), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtDuplicateObject (44) intercepted (805BDFC4->ACCC5580), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtEnumerateKey (47) intercepted (80623FC6->B9E812A8), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtEnumerateValueKey (49) intercepted (80624230->B9E8C910), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtLoadKey (62) intercepted (80625982->BA710EB2), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtOpenFile (74) intercepted (8057A182->ACCBBD70), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtOpenKey (77) intercepted (80624B58->B9E8C794), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtOpenProcess (7A) intercepted (805CB3FC->ACCC5350), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtOpenThread (80) intercepted (805CB688->ACCC5150), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtQueryKey (A0) intercepted (80624E7E->B9E812C8), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtQueryValueKey (B1) intercepted (806219BE->B9E8C866), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtRenameKey (C0) intercepted (806231A8->ACCC8250), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtReplaceKey (C1) intercepted (80625832->BA710EBC), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtRequestWaitReplyPort (C8) intercepted (805A2D5A->ACCBEC00), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtRestoreKey (CC) intercepted (8062513E->BA710EB7), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtSecureConnectPort (D2) intercepted (805A3D48->ACCBF220), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtSetInformationFile (E0) intercepted (8057B010->ACCBC120), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtSetSystemPowerState (F1) intercepted (80652E18->B9E8C0B0), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtSetValueKey (F7) intercepted (80621D0C->BA710EA8), hook not defined
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:12 Function NtTerminateProcess (101) intercepted (805D299E->ACCC5CD0), hook C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:12 >>> Function restored successfully !
14/08/2009 16:09:12 >>> Hook code blocked
14/08/2009 16:09:14 Functions checked: 284, intercepted: 33, restored: 33
14/08/2009 16:09:14 1.3 Checking IDT and SYSENTER
14/08/2009 16:09:14 Analysis for CPU 1
14/08/2009 16:09:14 Analysis for CPU 2
14/08/2009 16:09:14 Checking IDT and SYSENTER - complete
14/08/2009 16:09:15 1.4 Searching for masking processes and drivers
14/08/2009 16:09:15 Checking not performed: extended monitoring driver (AVZPM) is not installed
14/08/2009 16:09:15 Driver loaded successfully
14/08/2009 16:09:15 1.5 Checking of IRP handlers
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_CREATE] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_CLOSE] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_WRITE] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_SET_EA] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\ntfs[IRP_MJ_PNP] = 89FFC1E8 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_CREATE] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_CLOSE] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_WRITE] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_QUERY_EA] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_SET_EA] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \FileSystem\FastFat[IRP_MJ_PNP] = 88F41790 -> hook not defined
14/08/2009 16:09:15 \driver\tcpip[IRP_MJ_CREATE] = ACCD0C20 -> C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:15 \driver\tcpip[IRP_MJ_CLOSE] = ACCD0C20 -> C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:15 \driver\tcpip[IRP_MJ_DEVICE_CONTROL] = ACCD0C20 -> C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:15 \driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = ACCD0C20 -> C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:15 \driver\tcpip[IRP_MJ_CLEANUP] = ACCD0C20 -> C:\WINDOWS\System32\vsdatant.sys
14/08/2009 16:09:15 Checking - complete
14/08/2009 16:09:31 >> Services: potentially dangerous service allowed: TermService (Services Terminal Server)
14/08/2009 16:09:31 >> Services: potentially dangerous service allowed: SSDPSRV (Service de découvertes SSDP)
14/08/2009 16:09:31 >> Services: potentially dangerous service allowed: Schedule (Planificateur de tâches)
14/08/2009 16:09:31 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
14/08/2009 16:09:31 >> Security: disk drives' autorun is enabled
14/08/2009 16:09:31 >> Security: administrative shares (C$, D$ ...) are enabled
14/08/2009 16:09:31 >> Security: anonymous user access is enabled
14/08/2009 16:09:32 >> Security: sending Remote Assistant queries is enabled
14/08/2009 16:09:36 >> Elements of Start menu blocked
14/08/2009 16:09:37 >> Help and Support menu item blocked
14/08/2009 16:09:37 >> Disable HDD autorun
14/08/2009 16:09:37 >> Disable autorun from network drives
14/08/2009 16:09:37 >> Disable CD/DVD autorun
14/08/2009 16:09:37 >> Disable removable media autorun
14/08/2009 16:09:37 >> Windows Update is disabled
14/08/2009 16:09:37 System Analysis in progress
14/08/2009 16:10:46 System Analysis - complete
14/08/2009 16:10:46 Delete file:C:\Documents and Settings\users\Bureau\Virus Removal Tool\is-76UAT\LOG\avptool_syscheck.htm
14/08/2009 16:10:46 Delete file:C:\Documents and Settings\users\Bureau\Virus Removal Tool\is-76UAT\LOG\avptool_syscheck.xml
14/08/2009 16:10:46 Deleting service/driver: ute4mtyw
14/08/2009 16:10:46 Delete file:C:\WINDOWS\system32\Drivers\ute4mtyw.sys
14/08/2009 16:10:46 Deleting service/driver: uje4mtyw
14/08/2009 16:10:46 Script executed without errors

pimprenelle27 · Answer

a-t-il trouvé des virus? et lesquel

pyromanus · Answer

non rien trouver car le scan  ne demarre meme pas .

pimprenelle27 · Answer

ok bon fait ceci : 

Télécharge GenProc sur ton bureau afin de voir ce qu'il à ton pc.

Double-clique sur GenProc.exe

et poste le contenu du rapport qui s'ouvre à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

Si pas de rapport .txt, regarder sur le bureau, il doit y avoir une icône Genproc qui renvoie sur internet avec la procédure.


Voir  comment utiliser GenProc

Pour ceux qui ont Vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

IMPORTANT : Poste la procédure Genproc et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

pyromanus · Answer

Rapport GenProc 2.615 [1] - 14/08/2009 à 20:11:29 
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.0.13) [Navigateur par défaut]

~~ "C:\WINDOWS\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\WINDOWS\grep.exe" a été renommé grep.exe_RenameGenProc ~~
~~ CM DISK ERROR ~~ 
 
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport NanoScan https://www.micro-astuce.com/securite/NanoScan-Panda.php


 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:51, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PapierPeint\Papier Peint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\users\LOCALS~1\Temp\{FD12CECB-36DE-4C46-8A11-21C8D2C3CB6B}\Superbar_ESiti Forum.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Genproc\outil\pyroman_GenProc.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PapierPeint] C:\Program Files\PapierPeint\Papier Peint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [braviax]  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax]  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: is-76UAT.lnk = C:\Documents and Settings\users\Bureau\Virus Removal Tool\is-76UAT\startup.exe
O4 - Startup: Vienna Superbar.lnk = C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\LOGICIELS\KUSTOOOOOOOOOO\Win7Superbar_Vienna_Navigator\Windows_7_Superbar_Vienna_Navigator\Applications\Superbar_ESiti Forum.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pimprenelle27 · Answer

il est coriace celui là : 


Télécharger DrWebCureit


Bien suivre le Tutorial_DrWebCureIt

Et me poster le rapport.

pyromanus · Answer

effectivement !! tres corriace!!

genproc ne lui a pas plus apparemment. écran bleu  juste après .  puis  impossible a redémarrer  le PC ... après windows crash du systeme.    

le MBR a etais modifier  et  toute mes partitions on changer soudainement de nom ... 

j'ai pas eu d'autre solution  que de mettre le CD  et de réinstaller car le pc ne démarrer même plus .

j'ai pas formater jai juste  réinstaller par dessus windows ce qui ma permis de garder mes info  mais tout les logiciel sont a réinstaller ...


en tout cas merci pour ton aide  mais je pense que maintenant il et plus la !  lol

pimprenelle27 · Answer

ok j'espère ne plus te revoir pour un virus et fait bien attention sur internet et garde bien tous tes logiciels à jour.

Viruse impossible a supprimer

23 réponses

Votre réponse

Discussions similaires

Newsletters