Sujet Précédent Sujet Suivant

Viruse impossible a supprimer

Résolu
pyromanus -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,

depuis deux jour je me bat avec un virus qui se manifeste sur simple connexion a internet.
a mon avis il essai de télécharger d'autre fichier sur mon PC.

braviaxe.exe
beep.sys infecter et introuvable

je vous en serai tres reconnaissant de m'aider a me debarraser de ce nuisible sans reinstaller ni formater car je fait e la simulation de vol sur FSX et perdre tout serai un vrai coup dur ! merci a tous

voici un log HJT et combofix

ComboFix 09-08-10.06 - pyroman 13/08/2009 14:52.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1497 [GMT 2:00]
Running from: c:\documents and settings\users\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService.AUTORITE NT.000\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\users\Application Data\wiaserva.log
c:\recycler\S-1-5-21-1659004503-1801674531-1417001333-500
c:\recycler\S-1-5-21-839522115-1897051121-1417001333-1003
c:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 13:01 . 2009-08-13 13:01 -------- d-----w- c:\windows\system32\oobe
2009-08-13 13:01 . 2009-08-13 13:01 -------- d-----w- c:\windows\system32\npp
2009-08-13 13:01 . 2009-08-13 13:01 -------- d-----w- c:\windows\msagent
2009-08-12 16:53 . 2009-08-12 16:49 404225 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-12 16:53 . 2009-08-12 16:49 345345 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-12 16:53 . 2009-03-03 09:21 9985 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-12 16:53 . 2008-10-20 06:38 126721 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-12 16:32 . 2009-08-12 16:32 -------- d-----w- c:\program files\Chaos Shredder2.3FR
2009-08-12 16:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-12 16:32 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 16:32 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-12 16:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-12 16:32 . 2009-08-12 16:32 -------- d-----w- c:\program files\Avira
2009-08-12 16:32 . 2009-08-12 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-08-12 14:10 . 2009-08-12 18:36 -------- d-----w- c:\program files\a-squared Free
2009-08-12 14:03 . 2009-08-12 14:03 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-12 09:28 . 2009-06-21 17:28 504320 --s-a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{8D9B572E-FCB3-4504-B5BB-A64921F21BA2}\_Setup.dll
2009-08-12 09:28 . 2009-05-16 02:26 223232 --s---r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{8D9B572E-FCB3-4504-B5BB-A64921F21BA2}\Setup.exe
2009-08-12 09:27 . 2009-06-28 01:42 504320 --s-a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{3C0A07AD-B90D-43A9-9774-BF9DDB303E82}\_Setup.dll
2009-08-12 09:27 . 2009-05-16 02:26 223232 --s---r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{3C0A07AD-B90D-43A9-9774-BF9DDB303E82}\Setup.exe
2009-08-12 09:27 . 2009-07-04 14:26 504320 --s-a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{BF157FA3-7537-4A33-AC64-E8D41D0C862E}\_Setup.dll
2009-08-12 09:27 . 2009-06-25 04:03 223744 --s---r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{BF157FA3-7537-4A33-AC64-E8D41D0C862E}\Setup.exe
2009-08-12 09:27 . 2009-04-10 01:08 504320 --s-a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{E7FC0C8B-15FE-446A-ADAE-49FC6959B8FE}\_Setup.dll
2009-08-12 09:27 . 2009-04-04 04:25 223232 --s---r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{E7FC0C8B-15FE-446A-ADAE-49FC6959B8FE}\Setup.exe
2009-08-11 20:12 . 2009-08-11 20:10 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-11 20:10 . 2009-08-11 22:25 -------- d-----w- c:\documents and settings\users\.housecall6.6
2009-08-10 09:31 . 2009-08-10 09:31 -------- d-----w- c:\program files\Free.fr
2009-08-10 00:57 . 2009-08-10 00:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-10 00:40 . 2009-08-10 00:40 -------- d-----w- c:\documents and settings\users\Local Settings\Application Data\Paint.NET
2009-08-09 21:57 . 2009-08-09 21:57 -------- d-----w- c:\program files\Fichiers communs\PCSuite
2009-08-09 21:56 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-08-09 21:55 . 2009-08-09 21:56 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-09 21:55 . 2009-08-09 21:54 33728384 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre.exe
2009-08-09 21:55 . 2009-08-09 21:55 95232 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-08-09 21:55 . 2009-08-09 21:55 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-09 21:55 . 2009-08-09 21:55 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-09 21:55 . 2009-08-09 21:55 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-09 21:46 . 2009-08-09 21:46 -------- d-----w- c:\program files\Axon Data
2009-08-09 17:24 . 2008-04-13 07:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-09 17:23 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-08-09 16:12 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-08-09 16:12 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-08-09 16:12 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-08-09 16:12 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-08-09 16:12 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-08-09 16:12 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-08-09 16:11 . 2009-08-09 16:10 24519152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_1.7.3FR.exe
2009-08-09 16:10 . 2009-08-09 16:10 36864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-08-09 16:10 . 2009-08-09 16:10 3351812 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-08-09 16:10 . 2009-08-09 16:10 3181612 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-08-09 16:06 . 2009-08-09 16:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nokia
2009-08-09 16:06 . 2009-08-09 16:06 -------- d-----w- c:\program files\MSXML 6.0
2009-08-09 15:56 . 2008-03-21 11:57 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-09 15:54 . 2009-08-09 15:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Suite
2009-08-09 15:54 . 2009-08-11 12:12 -------- d-----w- c:\documents and settings\users\Application Data\Nokia
2009-08-09 15:54 . 2009-08-09 21:56 -------- d-----w- c:\program files\DIFX
2009-08-09 15:53 . 2009-08-09 21:57 -------- d-----w- c:\program files\Fichiers communs\Nokia
2009-08-09 15:53 . 2009-08-09 15:56 -------- d-----w- c:\documents and settings\users\Application Data\PC Suite
2009-08-09 15:52 . 2009-08-09 21:57 -------- d-----w- c:\program files\Nokia
2009-08-09 15:52 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-08-09 15:52 . 2009-08-09 15:50 27632240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\nokia-pc-suite_nokia_pc_suite_6.85.14.1_francais_28522.exe
2009-08-09 15:51 . 2009-08-09 15:51 733783 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe
2009-08-09 15:51 . 2009-08-09 15:51 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-09 15:51 . 2009-08-09 15:51 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-09 15:51 . 2009-08-09 15:51 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-09 15:51 . 2009-08-09 21:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-08-09 14:11 . 2009-08-10 09:15 -------- d-----w- c:\program files\Sagem
2009-08-05 11:13 . 2009-08-10 09:20 -------- d-----w- c:\documents and settings\users\Application Data\MxBoost
2009-08-05 11:12 . 2009-08-05 11:13 -------- d-----w- c:\program files\Maxthon2
2009-08-05 00:58 . 2009-08-12 23:45 -------- d-----w- c:\windows\system32\LogFiles
2009-08-05 00:13 . 2009-08-12 08:30 -------- d-----w- C:\wallflash
2009-08-04 20:58 . 2009-08-04 20:58 -------- d-----w- c:\documents and settings\users\Application Data\OtakuSoftware
2009-08-04 19:25 . 2009-08-04 19:25 -------- d-----w- c:\documents and settings\users\Application Data\Styler
2009-08-04 19:16 . 2009-08-04 20:34 15086 ----a-r- c:\documents and settings\users\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe
2009-08-04 19:16 . 2009-08-04 20:34 15086 ----a-r- c:\documents and settings\users\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe
2009-08-04 19:16 . 2009-08-04 20:34 -------- d-----w- c:\program files\Styler
2009-08-04 19:00 . 2009-08-04 19:01 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-08-04 18:48 . 2009-08-04 18:48 -------- d-----w- c:\documents and settings\users\Application Data\IconTweaker
2009-08-04 18:48 . 2009-08-04 18:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IconTweaker
2009-08-04 18:48 . 2009-08-04 18:48 -------- d-----w- c:\program files\IconTweaker
2009-08-04 18:41 . 2000-05-17 07:52 187392 ----a-w- c:\windows\system32\JPGUtils.dll
2009-08-04 18:41 . 2009-08-04 18:41 -------- d-----w- c:\program files\WinCustomize
2009-08-04 18:16 . 2009-08-04 18:16 -------- d-----w- c:\program files\Fichiers communs\Stardock
2009-08-04 18:15 . 2009-08-10 01:06 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-07-31 21:21 . 2009-07-31 21:25 -------- d-----w- c:\program files\Alice
2009-07-31 20:18 . 2009-07-31 20:18 -------- d-----w- c:\documents and settings\users\Local Settings\Application Data\Identities
2009-07-26 11:55 . 2001-08-17 18:02 2688 ----a-w- c:\windows\system32\drivers\HIDSwvd.sys
2009-07-26 11:55 . 2008-04-13 07:45 59136 ----a-w- c:\windows\system32\drivers\GcKernel.sys
2009-07-23 15:15 . 2008-04-13 15:33 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-23 15:15 . 2008-04-13 15:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-23 14:56 . 2001-08-23 13:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-21 15:31 . 2009-07-21 15:31 9158 ----a-r- c:\documents and settings\users\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-21 15:31 . 2009-07-21 15:31 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies
2009-07-21 15:30 . 2008-07-02 19:38 89600 ----a-r- c:\windows\system32\drivers\AtiHdmi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 13:07 . 2008-12-23 08:57 13332512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-13 13:01 . 2008-12-23 08:57 161372 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-13 07:33 . 2008-11-09 13:46 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-13 07:26 . 2008-10-28 12:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-08-13 07:18 . 2008-05-02 22:57 73810 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-13 07:18 . 2008-05-02 22:57 465624 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-13 07:15 . 2008-10-27 20:43 -------- d-----w- c:\documents and settings\Administrateur.TEAM-6B5FF991C9\Application Data\Notepad++
2009-08-12 20:12 . 2009-08-13 07:16 1626112 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-08-12 20:12 . 2009-08-13 07:16 2868224 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-08-12 18:26 . 2008-10-28 12:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-12 17:56 . 2008-11-06 00:47 -------- d-----w- c:\program files\PapierPeint
2009-08-12 14:24 . 2009-08-12 14:25 2872832 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-08-12 14:24 . 2009-08-12 14:25 1623552 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-08-12 14:03 . 2008-05-02 22:57 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-12 09:28 . 2009-06-30 18:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
2009-08-12 08:50 . 2008-10-27 21:37 28200 ----a-w- c:\documents and settings\users\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 08:42 . 2008-10-27 18:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 08:20 . 2008-10-28 10:50 -------- d-----r- c:\program files\Microsoft Games
2009-08-10 18:11 . 2009-08-10 18:28 1609216 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-08-10 18:11 . 2009-08-10 18:28 2849792 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-08-10 16:45 . 2008-11-09 05:50 -------- d-----w- c:\program files\PeerTV
2009-08-10 01:00 . 2008-09-21 08:11 3778560 ----a-w- c:\windows\system32\logonuiX.exe
2009-08-09 23:31 . 2009-08-09 23:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-09 23:31 . 2009-08-09 23:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-09 17:24 . 2009-08-09 17:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-09 17:24 . 2009-08-09 17:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-04 22:16 . 2008-10-27 17:30 -------- d-----w- c:\program files\Paint.NET
2009-08-04 18:15 . 2008-10-27 18:15 -------- d-----w- c:\program files\Stardock
2009-08-04 05:42 . 2009-02-09 16:22 -------- d-----w- c:\program files\Conduit
2009-08-01 04:27 . 2008-10-27 21:24 -------- d-----w- c:\program files\Yahoo!
2009-08-01 04:26 . 2008-12-20 07:16 -------- d-----w- c:\program files\NukeNabber
2009-08-01 04:24 . 2008-12-19 22:28 -------- d-----w- c:\program files\A4Proxy
2009-08-01 02:25 . 2008-10-27 20:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com
2009-08-01 02:25 . 2008-10-27 17:43 -------- d-----w- c:\program files\ma-config.com
2009-07-24 11:21 . 2009-07-24 11:22 234496 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-07-17 00:38 . 2008-11-07 01:59 -------- d-----w- c:\documents and settings\users\Application Data\dvdcss
2009-07-17 00:31 . 2009-03-01 23:11 3549996 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-15 16:46 . 2009-07-15 16:47 95744 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-07-14 02:32 . 2009-07-14 02:34 20480 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-07-14 02:32 . 2009-07-14 02:34 1478656 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-07-13 21:07 . 2009-07-14 02:25 1478656 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-07-13 21:07 . 2009-07-14 02:25 324096 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-07-13 21:05 . 2009-07-13 21:06 1478656 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-06-29 15:55 . 2008-11-02 12:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-23 10:23 . 2009-06-23 10:23 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-23 10:23 . 2009-06-23 10:23 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-23 10:09 . 2009-06-23 10:09 -------- d-----w- c:\program files\Monte Cristo
2009-06-21 17:37 . 2009-06-30 19:01 504320 --s-a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{C19362F1-0874-4172-8127-E14F49EFF507}\_Setup.dll
2009-06-19 10:29 . 2009-06-19 22:09 1478656 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-06-19 10:29 . 2009-06-19 22:09 275968 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-06-09 12:04 . 2009-06-09 12:04 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-28 05:16 . 2009-05-30 17:05 1476096 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-05-28 05:16 . 2009-05-30 17:05 231936 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-05-16 02:26 . 2009-06-30 19:01 223232 --s---r- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer\{C19362F1-0874-4172-8127-E14F49EFF507}\Setup.exe
2008-10-28 12:52 . 2008-10-28 12:52 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-29 00:36 . 2008-10-29 00:36 61 --sh--w- c:\windows\cnerolf.dat
.

------- Sigcheck -------

[-] 2008-05-02 22:57 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-02 22:57 2364928 3391F4DDEA530297E720357F40AD06EB c:\windows\system32\ntkrnlpa.exe

[-] 2008-05-02 22:57 2486272 2E36C8BE37E4E86277E559462322375C c:\windows\system32\ntoskrnl.exe

[-] 2008-08-12 09:04 1992704 76445E197EB693EAE328078E331024F9 c:\windows\explorer.exe

[-] 2008-05-02 22:57 1648640 F2614128EF03320BBFCF17F19A1633E9 c:\windows\system32\comres.dll

[7] 2008-05-02 22:57 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\i386\NTFS.SYS
[-] 2009-08-12 14:03 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 14:03 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

[-] 2008-05-02 22:57 1571840 A9658459BB4F4EE00FA117C9382C0D3A c:\windows\system32\sfcfiles.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32\ntmssvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"TopDesk"="c:\program files\Windows7\TopDesk\topdesk.exe" [2007-06-20 1912832]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2006-06-23 3394048]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"PapierPeint"="c:\program files\PapierPeint\Papier Peint.exe" [2008-03-03 229376]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-05-02 124928]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-10-27 1235456]

c:\documents and settings\Administrateur.TEAM-6B5FF991C9\Menu D‚marrer\Programmes\D‚marrage\
sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-10-27 1235456]

c:\documents and settings\users\Menu D‚marrer\Programmes\D‚marrage\
Vienna Superbar.lnk - c:\documents and settings\users\Bureau\DOC-PULIC-DOC-\LOGICIELS\KUSTOOOOOOOOOO\Win7Superbar_Vienna_Navigator\Windows_7_Superbar_Vienna_Navigator\Applications\Superbar_ESiti Forum.exe [2009-8-4 1186816]
Windows Seven Dock.lnk - c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe [2008-10-27 586240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Belkin Wireless G USB Adapter Client Utility.lnk]
backup=c:\windows\pss\Belkin Wireless G USB Adapter Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^users^Menu Démarrer^Programmes^Démarrage^Styler.lnk]
backup=c:\windows\pss\Styler.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regedit32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"c:\\Program Files\\FSFDT\\Control Panel\\FSFDTCP.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\PeerTV\\PeerCast.exe"=
"c:\\Program Files\\PeerTV\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11225:TCP"= 11225:TCP:BitComet 11225 TCP
"11225:UDP"= 11225:UDP:BitComet 11225 UDP
"20008:TCP"= 20008:TCP:BitComet 20008 TCP
"20008:UDP"= 20008:UDP:BitComet 20008 UDP

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [03/05/2008 00:57 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [03/05/2008 00:57 210224]
R2 antivirschedulerservice;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 18:32 108289]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/06/2009 14:03 38144]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [21/07/2009 17:30 89600]
R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S1 41062c4b;41062c4b;c:\windows\system32\drivers\41062c4b.sys --> c:\windows\system32\drivers\41062c4b.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [03/05/2008 00:57 29696]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [09/06/2009 14:03 238848]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/10/2008 14:52 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [22/05/2008 01:57 34576]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 11:26 507136]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [13/11/2008 11:52 24576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\users\Application Data\Mozilla\Firefox\Profiles\l9snwe27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr|https://www.blogger.com/about/|http://www.fsalgeria-group.com/login.forum?connexion|https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhome.php#/profile.php?id=1485058416|http://www.pole-emploi.fr/accueilpe/
FF - component: c:\documents and settings\users\Application Data\Mozilla\Firefox\Profiles\l9snwe27.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1606980848-1177238915-1002\Software\SecuROM\License information*]
"datasecu"=hex:d1,81,7a,0e,57,d4,8c,27,26,57,dd,0b,f1,8e,05,c9,b4,c2,04,bd,ab,
e2,06,72,b9,46,44,6a,65,e3,1a,48,d1,6d,fc,fd,3b,ff,5a,ed,c2,81,3b,ed,d6,5f,\
"rkeysecu"=hex:60,ab,f8,78,f0,0d,da,f7,46,d5,5f,0d,53,03,19,54

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,de,78,d2,f4,e6,
79,c7,b7,e2,63,26,f1,3f,c8,ff,68,f0,b4,10,3d,2c,22,15,1d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,a0,37,34,b6,f3,
d7,e9,80,6a,9c,d6,61,af,45,84,18,a4,14,08,5f,6d,10,84,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f4,f7,d6,dd,b2,
b0,49,bd,ff,7c,85,e0,43,d4,0e,fe,38,ab,72,1c,84,9f,fd,89,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,37,41,8e,68,9b,
25,2c,78,86,8c,21,01,be,91,eb,e7,36,0b,23,09,ba,f3,98,5b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,46,25,85,c0,d9,
23,43,99,f5,1d,4d,73,a8,13,5c,05,8a,3a,56,06,d1,40,c4,6f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,bf,8c,18,5e,f1,
dc,bf,29,df,20,58,62,78,6b,cf,c8,79,65,e4,3f,86,1b,b5,3e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,30,75,a6,fd,
ae,c5,de,fb,a7,78,e6,12,2f,9a,ea,74,43,89,f9,75,b4,41,4c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,aa,e5,5c,ae,ae,
17,7b,52,01,3a,48,fc,e8,04,4a,f1,6b,aa,42,59,c3,df,c0,b9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,70,76,1b,78,84,
8b,e9,24,f6,0f,4e,58,98,5b,89,c9,83,49,3e,40,1d,b8,c6,22,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,fc,8c,a6,5c,8b,
2e,23,3e,3d,ce,ea,26,2d,45,aa,78,6f,30,79,76,74,23,8a,0a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,64,a3,43,02,
77,db,e5,2a,b7,cc,b5,b9,7f,41,e7,3e,d1,c5,5f,90,cd,d4,2c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,8d,59,82,1a,
e1,43,cc,6c,43,2d,1e,aa,22,2f,9c,fa,9e,87,d9,b5,c8,a0,f6,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-13 15:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 13:10

Pre-Run: 246 611 423 232 octets libres
Post-Run: 247 196 049 408 octets libres

440

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:30, on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PapierPeint\Papier Peint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\users\LOCALS~1\Temp\{A4785A87-3B51-4901-8EDD-D2E57FD04324}\Superbar_ESiti Forum.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\users\Bureau\HiJackThis.exe
C:\WINDOWS\system32\braviax.exe
C:\Documents and Settings\users\Bureau\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PapierPeint] C:\Program Files\PapierPeint\Papier Peint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TopDesk] C:\Program Files\Windows7\TopDesk\topdesk.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Vienna Superbar.lnk = C:\Documents and Settings\users\Bureau\DOC-PULIC-DOC-\LOGICIELS\KUSTOOOOOOOOOO\Win7Superbar_Vienna_Navigator\Windows_7_Superbar_Vienna_Navigator\Applications\Superbar_ESiti Forum.exe
O4 - Startup: Windows Seven Dock.lnk = C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

23 réponses

Précédent
  • 1
  • 2
Réponse 21 / 23
pyromanus
 
non rien trouver car le scan ne demarre meme pas .
0
Réponse 22 / 23
pyromanus
 
effectivement !! tres corriace!!

genproc ne lui a pas plus apparemment. écran bleu juste après . puis impossible a redémarrer le PC ... après windows crash du systeme.

le MBR a etais modifier et toute mes partitions on changer soudainement de nom ...

j'ai pas eu d'autre solution que de mettre le CD et de réinstaller car le pc ne démarrer même plus .

j'ai pas formater jai juste réinstaller par dessus windows ce qui ma permis de garder mes info mais tout les logiciel sont a réinstaller ...

en tout cas merci pour ton aide mais je pense que maintenant il et plus la ! lol
0
Réponse 23 / 23
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
ok j'espère ne plus te revoir pour un virus et fait bien attention sur internet et garde bien tous tes logiciels à jour.
0

Discussions similaires

Supprimer compte Tendermeets.com
anonyme -
anonyme -

1 réponse