Précédent
- 1
- 2
- 3
-
re, voici le rapport :
ComboFix 08-11-27.01 - nicolas 2008-11-29 1:09:14.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1235 [GMT 1:00]
Lancé depuis: c:\users\nicolas\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\nicolas\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\users\nicolas\AppData\Local\Temp\comrepl.exe
c:\users\nicolas\AppData\Roaming\mstsc.exe
c:\windows\system32\drivers\addt4i0c.sys
c:\windows\System32\drivers\logman.exe
c:\windows\System32\drivers\mqtgsvc.exe
c:\windows\System32\spr32d35.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\rkfree
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
.
2008-11-28 21:38 . 2008-11-28 21:38 435,578 --a------ c:\windows\Revolution Script CZ Uninstaller.exe
2008-11-28 18:43 . 2008-11-28 23:32 <REP> d-------- c:\program files\Steam
2008-11-28 18:43 . 2008-11-28 18:47 <REP> d-------- c:\program files\Common Files\Steam
2008-11-28 03:35 . 2008-11-28 03:39 <REP> d-------- c:\users\nicolas\AppData\Roaming\vlc
2008-11-28 03:22 . 2008-11-28 03:22 <REP> d-------- c:\program files\Common Files\xing shared
2008-11-28 00:27 . 2008-11-28 00:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 00:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-28 00:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-27 15:43 . 2008-11-27 16:13 <REP> d-------- c:\users\nicolas\AppData\Roaming\Skype
2008-11-27 15:42 . 2008-11-27 15:42 <REP> d-------- c:\program files\Skype
2008-11-27 15:42 . 2008-11-27 15:42 <REP> d-------- c:\program files\Common Files\Skype
2008-11-27 15:04 . 2008-11-29 00:01 <REP> d-------- c:\users\nicolas\AppData\Roaming\OnlineArmor
2008-11-27 15:04 . 2008-11-27 15:04 <REP> d-------- c:\users\All Users\OnlineArmor
2008-11-27 15:04 . 2008-11-27 15:04 <REP> d-------- c:\programdata\OnlineArmor
2008-11-27 15:03 . 2008-11-26 17:18 178,376 --a------ c:\windows\System32\drivers\OADriver.sys
2008-11-27 15:03 . 2008-11-26 17:18 30,920 --a------ c:\windows\System32\drivers\OAmon.sys
2008-11-27 15:03 . 2008-11-26 16:10 29,384 --a------ c:\windows\System32\drivers\OAnet.sys
2008-11-27 15:02 . 2008-11-27 15:02 <REP> d-------- c:\program files\Tall Emu
2008-11-27 15:02 . 2008-11-27 15:02 <REP> d-------- C:\OnlineArmor
2008-11-26 04:08 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 04:08 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 04:08 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 04:08 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 04:08 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 03:30 . 2008-11-17 00:34 81,920 --a------ c:\users\nicolas\AppData\Roaming\mstsc.exe
2008-11-25 21:55 . 2008-11-25 21:56 <REP> d-------- C:\rsit
2008-11-24 23:35 . 2008-11-24 23:42 <REP> d-------- c:\program files\WowCartographe
2008-11-24 14:02 . 2008-11-24 19:42 <REP> d-------- c:\users\nicolas\WoW-2.3.0.7561-frFR
2008-11-18 14:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 14:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 14:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 14:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 14:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 14:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 14:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 14:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 14:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 04:24 . 2008-11-15 04:25 <REP> d-------- c:\users\nicolas\AppData\Roaming\LiveCAD2
2008-11-15 04:23 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
2008-11-14 01:44 . 2008-11-14 01:44 <REP> d-------- c:\program files\RVG Software
2008-11-12 13:37 . 2008-11-12 13:37 <REP> dr-h----- C:\AHCache
2008-11-12 05:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-31 23:30 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-31 23:30 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 23:30 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 23:30 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 23:30 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 14:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 14:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 14:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:08 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
2008-11-29 00:08 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
2008-11-28 22:10 --------- d-----w c:\users\nicolas\AppData\Roaming\teamspeak2
2008-11-28 18:14 --------- d-----w c:\users\nicolas\AppData\Roaming\dvdcss
2008-11-28 17:36 --------- d-----w c:\users\nicolas\AppData\Roaming\OpenOffice.org2
2008-11-28 02:34 --------- d-----w c:\program files\VideoLAN
2008-11-28 02:22 --------- d-----w c:\program files\Common Files\Real
2008-11-28 00:53 --------- d-----w c:\program files\bwin
2008-11-27 16:27 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 16:26 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-27 15:05 --------- d-----w c:\users\nicolas\AppData\Roaming\skypePM
2008-11-27 14:42 --------- d-----w c:\programdata\Skype
2008-11-27 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 11:57 --------- d-----w c:\program files\Electronic Arts
2008-11-17 16:46 --------- d-----w c:\program files\Lavasoft
2008-11-17 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 14:13 --------- d-----w c:\programdata\Codemasters
2008-11-14 18:38 --------- d-----w c:\program files\WinamaxPoker
2008-11-14 01:22 --------- d-----w c:\programdata\NVIDIA
2008-11-12 00:25 --------- d-----w c:\users\nicolas\AppData\Roaming\LimeWire
2008-10-27 20:53 --------- d-----w c:\program files\Activision
2008-10-27 01:15 --------- d-----w c:\program files\Pokerbility
2008-10-25 14:39 --------- d-----w c:\users\nicolas\AppData\Roaming\Mumble
2008-10-22 11:33 444,952 ----a-w c:\windows\System32\wrap_oal.dll
2008-10-22 11:33 109,080 ----a-w c:\windows\System32\OpenAL32.dll
2008-10-22 11:33 --------- d-----w c:\program files\OpenAL
2008-10-20 12:11 --------- d-----w c:\users\nicolas\AppData\Roaming\Paltalk
2008-10-20 12:11 --------- d-----w c:\program files\Paltalk Messenger
2008-10-19 16:08 --------- d-----w c:\program files\PokerStars.NET
2008-10-18 13:04 --------- d-----w c:\programdata\Media Center Programs
2008-10-18 11:43 --------- d-----w c:\program files\GameSpy
2008-10-18 11:39 669,184 ----a-w c:\windows\System32\pbsvc.exe
2008-10-18 11:39 22,328 ----a-w c:\users\nicolas\AppData\Roaming\PnkBstrK.sys
2008-10-17 23:12 --------- d-s---w c:\users\émilie\AppData\Roaming\Microsoft
2008-10-17 23:11 --------- d-----w c:\programdata\Avg7
2008-10-17 23:10 --------- d-----w c:\programdata\Grisoft
2008-10-17 19:36 --------- d-----w c:\users\nicolas\AppData\Roaming\AVG7
2008-10-15 22:14 --------- d-----w c:\program files\Windows Mail
2008-10-15 09:19 --------- d-----w c:\program files\PokerRewardsCalculator
2008-10-15 09:18 --------- d-----w c:\program files\Image-Line
2008-10-15 09:17 1,890 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-10-14 17:56 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-14 17:53 --------- d--h--r c:\users\nicolas\AppData\Roaming\SecuROM
2008-10-14 17:50 --------- d-----w c:\programdata\Electronic Arts
2008-10-10 11:14 --------- d-----w c:\programdata\ma-config.com
2008-10-10 11:14 --------- d-----w c:\program files\ma-config.com
2008-10-08 14:43 --------- d-----w c:\program files\eMule
2008-10-07 12:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-07 12:21 --------- d-----w c:\users\nicolas\AppData\Roaming\Disney Interactive Studios
2008-10-07 12:05 --------- d-----w c:\program files\Disney Interactive Studios
2008-10-07 12:02 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-06 22:15 --------- d-----w c:\program files\Mumble
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 12:06 --------- d-----w c:\program files\Sony
2008-09-28 13:00 --------- d-----w c:\users\nicolas\AppData\Roaming\Sony Corporation
2008-09-28 12:53 --------- d-----w c:\programdata\Sony Corporation
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-06 18:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-08-31 12:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-31 12:07 56 ---ha-w c:\programdata\ezsidmv.dat
2008-08-27 22:14 174 --sha-w c:\program files\desktop.ini
2007-12-31 19:36 147,456 ----a-w c:\users\nicolas\vbzip10.dll
2007-12-07 14:37 44 ----a-w c:\users\nicolas\addresses.dat
.
((((((((((((((((((((((((((((( snapshot_2008-11-29_ 1.01.09,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-29 00:00:32 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-29 00:10:36 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-28 23:58:01 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-29 00:08:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-29 00:08:56 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Steam"="c:\program files\steam\steam.exe" [2008-11-28 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-11-26 6223048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-28 185872]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\System32\drivers\logman.exe" [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.X264"= x264vfw.dll
"msacm.l3codec"= l3codecp.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-12-01 13:37 4186112 c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{ED529C9F-5CB9-4A9B-890F-FAD69EB8621B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{46B144C2-E876-4240-BABC-37FCA70E5C54}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5C9ECA7F-D381-4D76-8B45-25125C377193}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{7158C179-D22E-4611-9A81-B7B25ED269A4}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{F3B7E70C-8638-4F77-B70F-6DFD13CF7E8D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C59C477A-463F-4C27-8548-4B4B88CE2235}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DC12E3EB-123D-4300-AD80-81A1310A2B12}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{EBD28C76-4C6A-44A6-9597-36290089BD76}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{98BBC409-24E5-456A-91CC-15F2AB0EDDA8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{AF392EBB-2109-4B07-A7EB-3FF1DC3587FB}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{75D5B769-E9B7-4ECD-A968-64F69140FEBD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4072DE3E-2979-4014-99DB-9BCBA6691A2F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E79107BB-D6D6-4B6D-8CA8-F951207431A1}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9C8C1F2B-13AA-497A-B1A4-E70DFED2005A}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{4BFF0396-112C-4D87-962A-8441D316B35D}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"UDP Query User{203365B6-2ECE-4AB3-8699-DB4D9149D7CF}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"TCP Query User{CAB73677-1C09-4081-AD01-5300DB868A15}c:\\windows\\windl\\mirc.exe"= UDP:c:\windows\windl\mirc.exe:mIRC
"UDP Query User{CC70295B-BB83-48E0-A17F-33D79BAA85BA}c:\\windows\\windl\\mirc.exe"= TCP:c:\windows\windl\mirc.exe:mIRC
"TCP Query User{770B9900-1F8B-4214-BEED-FB29EA5111D5}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= UDP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{67EDDB4C-49C0-44B2-8E16-8B31F4B2E44E}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= TCP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{734020D3-36B2-462A-A38B-1A3F59C68578}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{81075885-3713-42C7-9021-D3EB634014E6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{5DC4668A-157D-404D-99CE-C146A4541247}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{54990A40-A2E4-4CC3-8B06-7043FAE0079B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C60606B6-D970-4157-9D6A-88E78386B774}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{2BF6CF69-373C-416C-B667-AE4195AF2BC7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D8F15AAC-ACEC-4E4D-84D1-FF1CF7F6D7E3}c:\\program files\\disney interactive studios\\pure\\pure.exe"= UDP:c:\program files\disney interactive studios\pure\pure.exe:Pure
"UDP Query User{3023AD3C-05BF-49E0-81D0-1BDF48814CEE}c:\\program files\\disney interactive studios\\pure\\pure.exe"= TCP:c:\program files\disney interactive studios\pure\pure.exe:Pure
"{7B30449A-A6C0-49F0-8254-1FE93DD9C91A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{104FA4C2-D549-4E2F-BE38-C22972FA9765}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{51E0DAB1-CB45-4A8C-9D16-06A5CC1B2276}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{E0F1FBA4-1DE9-406E-8307-576CFC0FB45D}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{FDBB74F5-E568-4D53-84F6-F452328C1D54}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{FB09D548-52A1-4BE5-922C-D19248E8A128}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{813A3210-4E32-41F2-B867-454ED9E70AA9}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9B9DE649-3A04-4CB1-B3A1-3D5951D4E70C}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{5F3654C7-4019-4EA7-90A5-65BBCEDF0D49}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{95743B52-55D0-4A8D-9D79-A477FF3103A3}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D9BFE5F3-F090-42C0-BCC8-267C8FA6DCD1}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{3E906ACB-5E48-4138-B695-77AED847D04D}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EDB04522-575C-4F0B-B2DB-7C4F78E1C150}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= UDP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{B2D7216D-279B-4A90-992B-1B10FB288326}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= TCP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"{C1345C7E-BEAD-4749-894F-CB8B8BC43CFE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5850C9E1-8F1D-48DF-A782-F3D88899F3C0}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{03F4CC7C-CD7C-4D5C-9114-FC1CB2BFD78D}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{4CA0CF66-EEA9-4C13-A310-B940317A733C}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{EEEA2276-BA2A-4D4A-9F3C-23E12E1C32BB}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2007-06-18 4484]
R1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys [2008-11-27 178376]
R1 OAmon;OAmon;\??\c:\windows\system32\drivers\OAmon.sys [2008-11-27 30920]
R2 OAcat;Online Armor Helper Service;"c:\program files\Tall Emu\Online Armor\oacat.exe" [2008-11-27 1402568]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2008-11-27 29384]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2008-11-27 3321032]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-03-26 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-03-26 19328]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-11-05 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-11-05 27072]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-28 104944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd6a743-93e8-11dd-93af-001a9219cb78}]
\shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6662202f-79a8-11dd-9321-001a9219cb78}]
\shell\AutoRun\command - D:\Launcher.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 01:10:43
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-29 1:11:58
ComboFix-quarantined-files.txt 2008-11-29 00:11:55
ComboFix2.txt 2008-11-27 15:23:03
ComboFix3.txt 2008-11-27 12:19:47
ComboFix4.txt 2008-11-26 02:37:10
Avant-CF: 39,958,863,872 octets libres
Après-CF: 39,926,288,384 octets libres
301 --- E O F --- 2008-11-27 17:20:36 -
-
Bonjour,
sorry, mais pas simple.
Relance MBAM, mets à jour et fais un scan complet (je te préviens, ça peut durer toute la nuit).
Poste le rapport. -
salut,
ok je ferais ça cette nuit avant de me coucher. Bonne soirée -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
bonsoir voici le log de MBAM
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1459
Windows 6.0.6001 Service Pack 1
04/12/2008 22:44:09
mbam-log-2008-12-04 (22-44-09).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 187953
Temps écoulé: 1 hour(s), 55 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté) -
Re,
- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation) -
salut lyonnais,
j'ai bien suivi ce que tu m'as demandé au sujet de BitDenfender, mais site me dit qu'il est impossible de démarrer le scan. J'ai bien installer ActiveX. -
Re,
essaye comme ceci.
Ferme Internet Explorer, réouvre le par un clic droit sur l'icône et Exécuter comme administrateur.
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Dans la nouvelle fenêtre, clique sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Précédent
- 1
- 2
- 3