Shbdchk13 persistant - Page 3

Précédent
  • 1
  • 2
  • 3
  1. savatage Messages postés 136 Statut Membre
     
    re, voici le rapport :

    ComboFix 08-11-27.01 - nicolas 2008-11-29 1:09:14.6 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1235 [GMT 1:00]
    Lancé depuis: c:\users\nicolas\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\nicolas\Desktop\CFscript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\users\nicolas\AppData\Local\Temp\comrepl.exe
    c:\users\nicolas\AppData\Roaming\msts­c.exe
    c:\windows\system32\drivers\addt4i0c.sys
    c:\windows\System32\drivers\logman.exe
    c:\windows\System32\drivers\mqtgsvc.exe
    c:\windows\System32\spr32d35.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\rkfree

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-28 21:38 . 2008-11-28 21:38 435,578 --a------ c:\windows\Revolution Script CZ Uninstaller.exe
    2008-11-28 18:43 . 2008-11-28 23:32 <REP> d-------- c:\program files\Steam
    2008-11-28 18:43 . 2008-11-28 18:47 <REP> d-------- c:\program files\Common Files\Steam
    2008-11-28 03:35 . 2008-11-28 03:39 <REP> d-------- c:\users\nicolas\AppData\Roaming\vlc
    2008-11-28 03:22 . 2008-11-28 03:22 <REP> d-------- c:\program files\Common Files\xing shared
    2008-11-28 00:27 . 2008-11-28 00:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-28 00:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-11-28 00:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-11-27 15:43 . 2008-11-27 16:13 <REP> d-------- c:\users\nicolas\AppData\Roaming\Skype
    2008-11-27 15:42 . 2008-11-27 15:42 <REP> d-------- c:\program files\Skype
    2008-11-27 15:42 . 2008-11-27 15:42 <REP> d-------- c:\program files\Common Files\Skype
    2008-11-27 15:04 . 2008-11-29 00:01 <REP> d-------- c:\users\nicolas\AppData\Roaming\OnlineArmor
    2008-11-27 15:04 . 2008-11-27 15:04 <REP> d-------- c:\users\All Users\OnlineArmor
    2008-11-27 15:04 . 2008-11-27 15:04 <REP> d-------- c:\programdata\OnlineArmor
    2008-11-27 15:03 . 2008-11-26 17:18 178,376 --a------ c:\windows\System32\drivers\OADriver.sys
    2008-11-27 15:03 . 2008-11-26 17:18 30,920 --a------ c:\windows\System32\drivers\OAmon.sys
    2008-11-27 15:03 . 2008-11-26 16:10 29,384 --a------ c:\windows\System32\drivers\OAnet.sys
    2008-11-27 15:02 . 2008-11-27 15:02 <REP> d-------- c:\program files\Tall Emu
    2008-11-27 15:02 . 2008-11-27 15:02 <REP> d-------- C:\OnlineArmor
    2008-11-26 04:08 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 04:08 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 04:08 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 04:08 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 04:08 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 03:30 . 2008-11-17 00:34 81,920 --a------ c:\users\nicolas\AppData\Roaming\mstsc.exe
    2008-11-25 21:55 . 2008-11-25 21:56 <REP> d-------- C:\rsit
    2008-11-24 23:35 . 2008-11-24 23:42 <REP> d-------- c:\program files\WowCartographe
    2008-11-24 14:02 . 2008-11-24 19:42 <REP> d-------- c:\users\nicolas\WoW-2.3.0.7561-frFR
    2008-11-18 14:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-18 14:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-18 14:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-18 14:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-18 14:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-18 14:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-18 14:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-18 14:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-18 14:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-15 04:24 . 2008-11-15 04:25 <REP> d-------- c:\users\nicolas\AppData\Roaming\LiveCAD2
    2008-11-15 04:23 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
    2008-11-14 01:44 . 2008-11-14 01:44 <REP> d-------- c:\program files\RVG Software
    2008-11-12 13:37 . 2008-11-12 13:37 <REP> dr-h----- C:\AHCache
    2008-11-12 05:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-12 05:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-12 05:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-10-31 23:30 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
    2008-10-31 23:30 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
    2008-10-31 23:30 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
    2008-10-31 23:30 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2008-10-31 23:30 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
    2008-10-29 14:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-10-29 14:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
    2008-10-29 14:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-29 00:08 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
    2008-11-29 00:08 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
    2008-11-28 22:10 --------- d-----w c:\users\nicolas\AppData\Roaming\teamspeak2
    2008-11-28 18:14 --------- d-----w c:\users\nicolas\AppData\Roaming\dvdcss
    2008-11-28 17:36 --------- d-----w c:\users\nicolas\AppData\Roaming\OpenOffice.org2
    2008-11-28 02:34 --------- d-----w c:\program files\VideoLAN
    2008-11-28 02:22 --------- d-----w c:\program files\Common Files\Real
    2008-11-28 00:53 --------- d-----w c:\program files\bwin
    2008-11-27 16:27 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-27 16:26 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
    2008-11-27 15:05 --------- d-----w c:\users\nicolas\AppData\Roaming\skypePM
    2008-11-27 14:42 --------- d-----w c:\programdata\Skype
    2008-11-27 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-27 11:57 --------- d-----w c:\program files\Electronic Arts
    2008-11-17 16:46 --------- d-----w c:\program files\Lavasoft
    2008-11-17 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-16 14:13 --------- d-----w c:\programdata\Codemasters
    2008-11-14 18:38 --------- d-----w c:\program files\WinamaxPoker
    2008-11-14 01:22 --------- d-----w c:\programdata\NVIDIA
    2008-11-12 00:25 --------- d-----w c:\users\nicolas\AppData\Roaming\LimeWire
    2008-10-27 20:53 --------- d-----w c:\program files\Activision
    2008-10-27 01:15 --------- d-----w c:\program files\Pokerbility
    2008-10-25 14:39 --------- d-----w c:\users\nicolas\AppData\Roaming\Mumble
    2008-10-22 11:33 444,952 ----a-w c:\windows\System32\wrap_oal.dll
    2008-10-22 11:33 109,080 ----a-w c:\windows\System32\OpenAL32.dll
    2008-10-22 11:33 --------- d-----w c:\program files\OpenAL
    2008-10-20 12:11 --------- d-----w c:\users\nicolas\AppData\Roaming\Paltalk
    2008-10-20 12:11 --------- d-----w c:\program files\Paltalk Messenger
    2008-10-19 16:08 --------- d-----w c:\program files\PokerStars.NET
    2008-10-18 13:04 --------- d-----w c:\programdata\Media Center Programs
    2008-10-18 11:43 --------- d-----w c:\program files\GameSpy
    2008-10-18 11:39 669,184 ----a-w c:\windows\System32\pbsvc.exe
    2008-10-18 11:39 22,328 ----a-w c:\users\nicolas\AppData\Roaming\PnkBstrK.sys
    2008-10-17 23:12 --------- d-s---w c:\users\émilie\AppData\Roaming\Microsoft
    2008-10-17 23:11 --------- d-----w c:\programdata\Avg7
    2008-10-17 23:10 --------- d-----w c:\programdata\Grisoft
    2008-10-17 19:36 --------- d-----w c:\users\nicolas\AppData\Roaming\AVG7
    2008-10-15 22:14 --------- d-----w c:\program files\Windows Mail
    2008-10-15 09:19 --------- d-----w c:\program files\PokerRewardsCalculator
    2008-10-15 09:18 --------- d-----w c:\program files\Image-Line
    2008-10-15 09:17 1,890 ----a-w c:\windows\System32\ealregsnapshot1.reg
    2008-10-14 17:56 --------- d-----w c:\program files\Common Files\InstallShield
    2008-10-14 17:53 --------- d--h--r c:\users\nicolas\AppData\Roaming\SecuROM
    2008-10-14 17:50 --------- d-----w c:\programdata\Electronic Arts
    2008-10-10 11:14 --------- d-----w c:\programdata\ma-config.com
    2008-10-10 11:14 --------- d-----w c:\program files\ma-config.com
    2008-10-08 14:43 --------- d-----w c:\program files\eMule
    2008-10-07 12:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
    2008-10-07 12:21 --------- d-----w c:\users\nicolas\AppData\Roaming\Disney Interactive Studios
    2008-10-07 12:05 --------- d-----w c:\program files\Disney Interactive Studios
    2008-10-07 12:02 --------- d-----w c:\program files\DAEMON Tools Lite
    2008-10-06 22:15 --------- d-----w c:\program files\Mumble
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-30 12:06 --------- d-----w c:\program files\Sony
    2008-09-28 13:00 --------- d-----w c:\users\nicolas\AppData\Roaming\Sony Corporation
    2008-09-28 12:53 --------- d-----w c:\programdata\Sony Corporation
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-09-06 18:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
    2008-08-31 12:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-08-31 12:07 56 ---ha-w c:\programdata\ezsidmv.dat
    2008-08-27 22:14 174 --sha-w c:\program files\desktop.ini
    2007-12-31 19:36 147,456 ----a-w c:\users\nicolas\vbzip10.dll
    2007-12-07 14:37 44 ----a-w c:\users\nicolas\addresses.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-29_ 1.01.09,75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-29 00:00:32 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-11-29 00:10:36 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-11-28 23:58:01 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-11-29 00:08:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-11-29 00:08:56 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Steam"="c:\program files\steam\steam.exe" [2008-11-28 1410296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
    "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-11-26 6223048]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-28 185872]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Logman"="c:\windows\System32\drivers\logman.exe" [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.X264"= x264vfw.dll
    "msacm.l3codec"= l3codecp.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2006-12-01 13:37 4186112 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{ED529C9F-5CB9-4A9B-890F-FAD69EB8621B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{46B144C2-E876-4240-BABC-37FCA70E5C54}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{5C9ECA7F-D381-4D76-8B45-25125C377193}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
    "UDP Query User{7158C179-D22E-4611-9A81-B7B25ED269A4}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
    "TCP Query User{F3B7E70C-8638-4F77-B70F-6DFD13CF7E8D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{C59C477A-463F-4C27-8548-4B4B88CE2235}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{DC12E3EB-123D-4300-AD80-81A1310A2B12}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{EBD28C76-4C6A-44A6-9597-36290089BD76}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{98BBC409-24E5-456A-91CC-15F2AB0EDDA8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "UDP Query User{AF392EBB-2109-4B07-A7EB-3FF1DC3587FB}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "TCP Query User{75D5B769-E9B7-4ECD-A968-64F69140FEBD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{4072DE3E-2979-4014-99DB-9BCBA6691A2F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{E79107BB-D6D6-4B6D-8CA8-F951207431A1}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{9C8C1F2B-13AA-497A-B1A4-E70DFED2005A}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{4BFF0396-112C-4D87-962A-8441D316B35D}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
    "UDP Query User{203365B6-2ECE-4AB3-8699-DB4D9149D7CF}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
    "TCP Query User{CAB73677-1C09-4081-AD01-5300DB868A15}c:\\windows\\windl\\mirc.exe"= UDP:c:\windows\windl\mirc.exe:mIRC
    "UDP Query User{CC70295B-BB83-48E0-A17F-33D79BAA85BA}c:\\windows\\windl\\mirc.exe"= TCP:c:\windows\windl\mirc.exe:mIRC
    "TCP Query User{770B9900-1F8B-4214-BEED-FB29EA5111D5}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= UDP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{67EDDB4C-49C0-44B2-8E16-8B31F4B2E44E}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= TCP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{734020D3-36B2-462A-A38B-1A3F59C68578}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{81075885-3713-42C7-9021-D3EB634014E6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "{5DC4668A-157D-404D-99CE-C146A4541247}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{54990A40-A2E4-4CC3-8B06-7043FAE0079B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{C60606B6-D970-4157-9D6A-88E78386B774}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{2BF6CF69-373C-416C-B667-AE4195AF2BC7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "TCP Query User{D8F15AAC-ACEC-4E4D-84D1-FF1CF7F6D7E3}c:\\program files\\disney interactive studios\\pure\\pure.exe"= UDP:c:\program files\disney interactive studios\pure\pure.exe:Pure
    "UDP Query User{3023AD3C-05BF-49E0-81D0-1BDF48814CEE}c:\\program files\\disney interactive studios\\pure\\pure.exe"= TCP:c:\program files\disney interactive studios\pure\pure.exe:Pure
    "{7B30449A-A6C0-49F0-8254-1FE93DD9C91A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "{104FA4C2-D549-4E2F-BE38-C22972FA9765}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "TCP Query User{51E0DAB1-CB45-4A8C-9D16-06A5CC1B2276}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "UDP Query User{E0F1FBA4-1DE9-406E-8307-576CFC0FB45D}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "TCP Query User{FDBB74F5-E568-4D53-84F6-F452328C1D54}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{FB09D548-52A1-4BE5-922C-D19248E8A128}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "TCP Query User{813A3210-4E32-41F2-B867-454ED9E70AA9}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{9B9DE649-3A04-4CB1-B3A1-3D5951D4E70C}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{5F3654C7-4019-4EA7-90A5-65BBCEDF0D49}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{95743B52-55D0-4A8D-9D79-A477FF3103A3}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{D9BFE5F3-F090-42C0-BCC8-267C8FA6DCD1}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{3E906ACB-5E48-4138-B695-77AED847D04D}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{EDB04522-575C-4F0B-B2DB-7C4F78E1C150}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= UDP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
    "UDP Query User{B2D7216D-279B-4A90-992B-1B10FB288326}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= TCP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
    "{C1345C7E-BEAD-4749-894F-CB8B8BC43CFE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{5850C9E1-8F1D-48DF-A782-F3D88899F3C0}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "UDP Query User{03F4CC7C-CD7C-4D5C-9114-FC1CB2BFD78D}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "TCP Query User{4CA0CF66-EEA9-4C13-A310-B940317A733C}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{EEEA2276-BA2A-4D4A-9F3C-23E12E1C32BB}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2007-06-18 4484]
    R1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys [2008-11-27 178376]
    R1 OAmon;OAmon;\??\c:\windows\system32\drivers\OAmon.sys [2008-11-27 30920]
    R2 OAcat;Online Armor Helper Service;"c:\program files\Tall Emu\Online Armor\oacat.exe" [2008-11-27 1402568]
    R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2008-11-27 29384]
    S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2008-11-27 3321032]
    S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-03-26 44800]
    S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-03-26 19328]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-11-05 28224]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-11-05 27072]
    S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-28 104944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd6a743-93e8-11dd-93af-001a9219cb78}]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6662202f-79a8-11dd-9321-001a9219cb78}]
    \shell\AutoRun\command - D:\Launcher.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-29 01:10:43
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-29 1:11:58
    ComboFix-quarantined-files.txt 2008-11-29 00:11:55
    ComboFix2.txt 2008-11-27 15:23:03
    ComboFix3.txt 2008-11-27 12:19:47
    ComboFix4.txt 2008-11-26 02:37:10

    Avant-CF: 39,958,863,872 octets libres
    Après-CF: 39,926,288,384 octets libres

    301 --- E O F --- 2008-11-27 17:20:36
    0
  2. savatage Messages postés 136 Statut Membre
     
    plus de réponse lyonnais ???
    0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    sorry, mais pas simple.

    Relance MBAM, mets à jour et fais un scan complet (je te préviens, ça peut durer toute la nuit).

    Poste le rapport.
    0
  4. savatage Messages postés 136 Statut Membre
     
    salut,

    ok je ferais ça cette nuit avant de me coucher. Bonne soirée
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. savatage Messages postés 136 Statut Membre
     
    bonsoir voici le log de MBAM

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1459
    Windows 6.0.6001 Service Pack 1

    04/12/2008 22:44:09
    mbam-log-2008-12-04 (22-44-09).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 187953
    Temps écoulé: 1 hour(s), 55 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  7. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    - > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Utilisation :
    Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
    Ensuite, cliquer sur "Cliquez ici pour scanner".
    Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

    Copier/coller le rapport entier sur le forum.

    Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
    0
  8. savatage Messages postés 136 Statut Membre
     
    salut lyonnais,

    j'ai bien suivi ce que tu m'as demandé au sujet de BitDenfender, mais site me dit qu'il est impossible de démarrer le scan. J'ai bien installer ActiveX.
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    essaye comme ceci.

    Ferme Internet Explorer, réouvre le par un clic droit sur l'icône et Exécuter comme administrateur.

    - Fais un scan en ligne Kaspersky avec Internet Explorer :

    - Dans la nouvelle fenêtre, clique sur J'accepte.
    - Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    - Patiente pendant l'installation des Mises à jour.
    - Choisis par la suite l'analyse du Poste de travail.
    - Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    0
Précédent
  • 1
  • 2
  • 3