[resolu]code d'injection

[mikemmanosa]

tout dabord mille excuse pour ne pas avoir suivi la bonne marche a suivre.

voici le rapport apres la procedure decrite ci-dessus.

et je continue de mon coté a comprendre comment ca fonctionne .....

merci

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:55:22, on 6/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/sha1auth.srf?lc=2060

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [5c25e68c] rundll32.exe "C:\WINDOWS\system32\kdccdvhb.dll",b

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bM5f16d510] Rundll32.exe "C:\WINDOWS\system32\sxrkdbbf.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [cfkwbh] c:\documents and settings\miky\local settings\application data\cfkwbh.exe cfkwbh

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

 

--

End of file - 7752 bytes

[angelique]

'jour mikemmanosa

 

Tu as effectivement plusieurs infections ;o)

 

1• desactive tes solutions de securité, antivirus, antispyware

 

2• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

3• comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
c:\documents and settings\miky\local settings\application data\cfkwbh.exe
C:\WINDOWS\system32\sxrkdbbf.dll
C:\WINDOWS\system32\kdccdvhb.dll

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

*ne t'inquiete pas si tu as un message d'erreur au reboot comme quoi il manque des fichiers , on corrigera les entrées à la vu du rapport

[mikemmanosa]

voici le rapport

 

 

 

ComboFix 08-06-05.3 - miky 2008-06-06 17:45:41.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1531 [GMT 2:00]

Endroit: C:\Documents and Settings\miky\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\miky\Bureau\cfscript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM5f16d510.xml

C:\WINDOWS\system32\bhvdccdk.ini

C:\WINDOWS\system32\felqeybr.dll

C:\WINDOWS\system32\hcnqdtie.ini

C:\WINDOWS\system32\hhrradbc.ini

C:\WINDOWS\system32\jasaikii.dll

C:\WINDOWS\system32\msouirsc.ini

C:\WINDOWS\system32\QqWayyxx.ini

C:\WINDOWS\system32\QqWayyxx.ini2

C:\WINDOWS\system32\rbyeqlef.ini

C:\WINDOWS\system32\sqwnvntr.ini

C:\WINDOWS\system32\xxyyaWqQ.dll

C:\WINDOWS\system32\xxyywxwU.dll

C:\WINDOWS\system32\yidwwolf.dll

.

---- Previous Run -------

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\nvs2.inf

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-06 17:53 . 2008-06-06 17:53 21 --a------ C:\WINDOWS\pskt.ini

2008-06-06 17:52 . 2008-06-06 17:53 109,803 --a------ C:\WINDOWS\BM5f16d510.xml

2008-06-06 17:52 . 2008-06-06 17:53 294 ---hs---- C:\WINDOWS\system32\bhvdccdk.ini

2008-06-06 08:21 . 2008-06-06 09:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-06-06 08:07 . 2008-06-06 08:08 133,120 --a------ C:\WINDOWS\system32\mipjcmgn.dll

2008-06-06 08:03 . 2008-06-06 08:03 117,248 --a------ C:\WINDOWS\system32\kdccdvhb.dll

2008-06-06 07:57 . 2008-06-06 07:57 126,976 --a------ C:\WINDOWS\system32\sxrkdbbf.dll

2008-06-05 19:39 . 2008-06-05 19:39 <REP> d-------- C:\Program Files\Trend Micro

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-06-05 17:30 . 2008-01-14 19:59 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-06-05 17:30 . 2008-01-14 20:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-06-05 17:30 . 2008-06-05 17:30 <REP> d-------- C:\Documents and Settings\Administrateur

2008-06-05 08:04 . 2008-06-05 08:04 132,608 --a------ C:\WINDOWS\system32\cvcplllf.dll

2008-06-05 07:58 . 2008-06-05 07:58 126,976 --a------ C:\WINDOWS\system32\asmvecev.dll

2008-06-04 07:53 . 2008-06-04 07:53 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-04 07:00 . 2008-06-04 07:03 <REP> d-------- C:\Program Files\SolidWorks

2008-06-04 07:00 . 2008-06-04 07:04 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared

2008-06-04 07:00 . 2008-06-04 07:00 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008

2008-06-03 19:10 . 2008-06-06 08:31 1,141 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\Lavasoft

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-06-03 08:29 . 2008-06-03 08:29 <REP> d-------- C:\Program Files\Sunbelt Software

2008-06-02 08:08 . 2008-06-02 08:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-02 08:08 . 2008-06-02 08:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-05-31 08:19 . 2008-05-31 08:20 <REP> d-------- C:\Fraps

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\bits

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-29 20:04 . 2008-05-29 20:04 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-05-29 18:31 . 2004-08-19 15:53 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-05-29 15:45 . 2008-05-29 15:45 1,144,995 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe

2008-05-28 15:51 . 2008-06-04 07:08 4,096 --a------ C:\WINDOWS\system32\crash

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\miky\Application Data\ATI

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI

2008-05-28 15:26 . 2008-05-28 15:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-28 15:24 . 2008-05-28 15:24 <REP> d-------- C:\Program Files\ATI Technologies

2008-05-28 15:24 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-26 15:44 . 2008-05-26 15:44 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVSMedia

2008-05-24 15:16 . 1999-12-01 17:45 22,335 --a------ C:\WINDOWS\emme.wri

2008-05-24 15:15 . 2008-05-24 15:15 <REP> d-------- C:\emme

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\SafeNet Sentinel

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel

2008-05-23 12:47 . 2008-05-29 15:47 <REP> d-------- C:\Program Files\NewTek

2008-05-23 05:15 . 2008-05-23 05:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet

2008-05-23 05:10 . 2008-05-23 05:10 <REP> d-------- C:\Program Files\Bonjour

2008-05-23 05:04 . 2008-05-23 05:04 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-05-23 05:00 . 2008-05-23 05:00 <REP> d-------- C:\Program Files\MagicISO

2008-05-21 22:59 . 2008-05-26 16:04 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-21 22:59 . 2008-05-22 01:10 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVS4YOU

2008-05-21 22:59 . 2008-05-21 22:59 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU

2008-05-21 22:58 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-21 22:58 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-21 22:58 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-05-21 22:58 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-05-21 22:58 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-05-21 21:45 . 2008-05-21 21:46 <REP> d-------- C:\Program Files\UnZixWin

2008-05-21 21:45 . 2008-05-21 21:45 249,856 --------- C:\WINDOWS\Setup1.exe

2008-05-21 21:45 . 2008-05-21 21:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-05-21 21:39 . 2008-06-02 07:24 <REP> d-------- C:\Program Files\GRETECH

2008-05-20 09:39 . 2008-06-02 07:04 <REP> d-------- C:\Documents and Settings\miky\Application Data\BitTorrent

2008-05-20 09:38 . 2008-05-20 09:38 <REP> d-------- C:\Program Files\DNA

2008-05-20 09:38 . 2008-05-20 09:39 <REP> d-------- C:\Program Files\BitTorrent

2008-05-20 09:38 . 2008-06-06 17:49 <REP> d-------- C:\Documents and Settings\miky\Application Data\DNA

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-05-12 18:30 . 2008-05-12 18:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2008-05-12 17:54 . 2008-05-12 17:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll

2008-05-12 17:53 . 2008-05-12 17:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2008-05-12 17:45 . 2008-05-12 17:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll

2008-05-12 17:45 . 2008-05-12 17:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2008-05-12 17:44 . 2008-05-12 17:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll

2008-05-12 17:43 . 2008-05-12 17:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll

2008-05-12 17:43 . 2008-05-12 17:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe

2008-05-12 17:41 . 2008-05-12 17:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2008-05-12 17:32 . 2008-05-12 17:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat

2008-05-12 17:22 . 2008-05-12 17:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll

2008-05-12 17:22 . 2008-05-12 17:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat

2008-05-12 17:09 . 2008-05-12 17:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll

2008-05-12 17:05 . 2008-05-12 17:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll

2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll

2008-05-12 17:03 . 2008-05-12 17:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

2008-05-12 17:02 . 2008-05-12 17:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

2008-05-12 17:02 . 2008-05-12 17:02 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2008-05-12 16:57 . 2008-05-12 16:57 548,864 --a------ C:\WINDOWS\system32\ati2cqag.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-07 14:03 322,066 ----a-r C:\WINDOWS\system32\drivers\u1pvdsm.sys

2009-11-07 14:01 69,632 -c--a-r C:\WINDOWS\pvcyuv.dll

2009-11-07 14:01 6,224 ----a-r C:\WINDOWS\system32\drivers\u1pvdbs.sys

2009-11-07 14:01 37,426 ----a-r C:\WINDOWS\system32\drivers\u1pvdcd.sys

2009-11-07 14:01 15,120 ----a-r C:\WINDOWS\system32\msyuv.dll

2009-11-07 14:01 15,120 ----a-r C:\WINDOWS\msyuv.dll

2008-06-03 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-06-02 05:25 --------- d-----w C:\Program Files\Ubisoft

2008-06-02 05:23 --------- d-----w C:\Program Files\eMule

2008-05-28 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-23 03:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-20 07:23 35,528 ----a-w C:\Documents and Settings\miky\Application Data\GDIPFONTCACHEV1.DAT

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-24 20:25 --------- d-----w C:\Program Files\The All-Seeing Eye

2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll

2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef0d3c89-0c12-48f6-b778-aaa63a831891}]

2008-06-06 08:08 133120 --a------ C:\WINDOWS\system32\mipjcmgn.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 09:38 289088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-12-17 23:00 90112]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 11:46 155648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"5c25e68c"="C:\WINDOWS\system32\kdccdvhb.dll" [2008-06-06 08:03 117248]

"BM5f16d510"="C:\WINDOWS\system32\sxrkdbbf.dll" [2008-06-06 07:57 126976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"D:\\unreal tournament3\\Binaries\\UT3.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2009-11-07 16:01]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 01:00]

R3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2009-11-07 16:03]

S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af10c6d0-c2cd-11dc-98e1-806d6172696f}]

\Shell\AutoRun\command - F:\setup.exe

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-06 17:51:41

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

C:\WINDOWS\system32\bhvdccdk.ini

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 1

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\NavLogon.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\kdccdvhb.dll

-> C:\WINDOWS\system32\sxrkdbbf.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\searchindexer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

C:\WINDOWS\system32\searchprotocolhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\searchfilterhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-06 17:58:07 - machine was rebooted [miky]

ComboFix-quarantined-files.txt 2008-06-06 15:57:57

 

Pre-Run: 1,260,179,456 octets libres

Post-Run: 1,152,176,128 octets libres

 

330 --- E O F --- 2008-05-28 13:00:48

 

 

je dois faire quoi maintenant?

merci

[angelique]

» DECONNECTE TOI d'internet physiquement [debranche ton cable!!] pour executer le CFScript suivant , patiente 10MN et reconnecte toi pour poster le rapport CFScript.

 

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\BM5f16d510.xml
C:\WINDOWS\system32\bhvdccdk.ini
C:\WINDOWS\system32\mipjcmgn.dll
C:\WINDOWS\system32\kdccdvhb.dll
C:\WINDOWS\system32\sxrkdbbf.dll
C:\WINDOWS\system32\cvcplllf.dll
C:\WINDOWS\system32\asmvecev.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef0d3c89-0c12-48f6-b778-aaa63a831891}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5f16d510"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript << comme c'est ecrit!!!!!!!

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[mikemmanosa]

» DECONNECTE TOI d'internet physiquement [debranche ton cable!!] pour executer le CFScript suivant , patiente 10MN et reconnecte toi pour poster le rapport CFScript.

 

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\BM5f16d510.xml
C:\WINDOWS\system32\bhvdccdk.ini
C:\WINDOWS\system32\mipjcmgn.dll
C:\WINDOWS\system32\kdccdvhb.dll
C:\WINDOWS\system32\sxrkdbbf.dll
C:\WINDOWS\system32\cvcplllf.dll
C:\WINDOWS\system32\asmvecev.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef0d3c89-0c12-48f6-b778-aaa63a831891}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5f16d510"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript << comme c'est ecrit!!!!!!!

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

voila le rapport

ComboFix 08-06-05.3 - miky 2008-06-09 3:51:20.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1437 [GMT 2:00]

Endroit: C:\Documents and Settings\miky\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\miky\Bureau\cfscript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM5f16d510.xml

C:\WINDOWS\pskt.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-09 to 2008-06-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-06 17:52 . 2008-06-08 08:05 414 ---hs---- C:\WINDOWS\system32\bhvdccdk.ini

2008-06-06 08:21 . 2008-06-06 09:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-06-06 08:07 . 2008-06-06 08:08 133,120 --a------ C:\WINDOWS\system32\mipjcmgn.dll

2008-06-06 08:03 . 2008-06-06 08:03 117,248 --a------ C:\WINDOWS\system32\kdccdvhb.dll

2008-06-06 07:57 . 2008-06-06 07:57 126,976 --a------ C:\WINDOWS\system32\sxrkdbbf.dll

2008-06-05 19:39 . 2008-06-05 19:39 <REP> d-------- C:\Program Files\Trend Micro

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-06-05 17:30 . 2008-01-14 19:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-06-05 17:30 . 2008-01-14 20:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-06-05 17:30 . 2008-06-05 17:30 <REP> d-------- C:\Documents and Settings\Administrateur

2008-06-05 08:04 . 2008-06-05 08:04 132,608 --a------ C:\WINDOWS\system32\cvcplllf.dll

2008-06-05 07:58 . 2008-06-05 07:58 126,976 --a------ C:\WINDOWS\system32\asmvecev.dll

2008-06-04 07:53 . 2008-06-07 19:24 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-04 07:00 . 2008-06-04 07:03 <REP> d-------- C:\Program Files\SolidWorks

2008-06-04 07:00 . 2008-06-04 07:04 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared

2008-06-04 07:00 . 2008-06-04 07:00 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008

2008-06-03 19:10 . 2008-06-06 08:31 1,141 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\Lavasoft

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-06-03 08:29 . 2008-06-03 08:29 <REP> d-------- C:\Program Files\Sunbelt Software

2008-06-02 08:08 . 2008-06-02 08:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-02 08:08 . 2008-06-02 08:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-05-31 08:19 . 2008-05-31 08:20 <REP> d-------- C:\Fraps

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\bits

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-29 20:04 . 2008-05-29 20:04 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-05-29 18:31 . 2004-08-19 15:53 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-05-29 15:45 . 2008-05-29 15:45 1,144,995 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe

2008-05-28 15:51 . 2008-06-04 07:08 4,096 --a------ C:\WINDOWS\system32\crash

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\miky\Application Data\ATI

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI

2008-05-28 15:26 . 2008-05-28 15:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-28 15:24 . 2008-05-28 15:24 <REP> d-------- C:\Program Files\ATI Technologies

2008-05-28 15:24 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-26 15:44 . 2008-05-26 15:44 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVSMedia

2008-05-24 15:16 . 1999-12-01 17:45 22,335 --a------ C:\WINDOWS\emme.wri

2008-05-24 15:15 . 2008-05-24 15:15 <REP> d-------- C:\emme

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\SafeNet Sentinel

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel

2008-05-23 12:47 . 2008-05-29 15:47 <REP> d-------- C:\Program Files\NewTek

2008-05-23 05:15 . 2008-05-23 05:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet

2008-05-23 05:10 . 2008-05-23 05:10 <REP> d-------- C:\Program Files\Bonjour

2008-05-23 05:04 . 2008-05-23 05:04 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-05-23 05:00 . 2008-05-23 05:00 <REP> d-------- C:\Program Files\MagicISO

2008-05-21 22:59 . 2008-05-26 16:04 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-21 22:59 . 2008-05-22 01:10 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVS4YOU

2008-05-21 22:59 . 2008-05-21 22:59 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU

2008-05-21 22:58 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-21 22:58 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-21 22:58 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-05-21 22:58 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-05-21 22:58 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-05-21 21:45 . 2008-05-21 21:46 <REP> d-------- C:\Program Files\UnZixWin

2008-05-21 21:45 . 2008-05-21 21:45 249,856 --------- C:\WINDOWS\Setup1.exe

2008-05-21 21:45 . 2008-05-21 21:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-05-21 21:39 . 2008-06-02 07:24 <REP> d-------- C:\Program Files\GRETECH

2008-05-20 09:39 . 2008-06-02 07:04 <REP> d-------- C:\Documents and Settings\miky\Application Data\BitTorrent

2008-05-20 09:38 . 2008-05-20 09:38 <REP> d-------- C:\Program Files\DNA

2008-05-20 09:38 . 2008-05-20 09:39 <REP> d-------- C:\Program Files\BitTorrent

2008-05-20 09:38 . 2008-06-09 03:50 <REP> d-------- C:\Documents and Settings\miky\Application Data\DNA

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-05-12 18:30 . 2008-05-12 18:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2008-05-12 17:54 . 2008-05-12 17:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll

2008-05-12 17:53 . 2008-05-12 17:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2008-05-12 17:45 . 2008-05-12 17:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll

2008-05-12 17:45 . 2008-05-12 17:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2008-05-12 17:44 . 2008-05-12 17:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll

2008-05-12 17:43 . 2008-05-12 17:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll

2008-05-12 17:43 . 2008-05-12 17:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe

2008-05-12 17:41 . 2008-05-12 17:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2008-05-12 17:32 . 2008-05-12 17:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat

2008-05-12 17:22 . 2008-05-12 17:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll

2008-05-12 17:22 . 2008-05-12 17:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat

2008-05-12 17:09 . 2008-05-12 17:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll

2008-05-12 17:05 . 2008-05-12 17:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll

2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll

2008-05-12 17:03 . 2008-05-12 17:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

2008-05-12 17:02 . 2008-05-12 17:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

2008-05-12 17:02 . 2008-05-12 17:02 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2008-05-12 16:57 . 2008-05-12 16:57 548,864 --a------ C:\WINDOWS\system32\ati2cqag.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-07 14:03 322,066 ----a-r C:\WINDOWS\system32\drivers\u1pvdsm.sys

2009-11-07 14:01 69,632 -c--a-r C:\WINDOWS\pvcyuv.dll

2009-11-07 14:01 6,224 ----a-r C:\WINDOWS\system32\drivers\u1pvdbs.sys

2009-11-07 14:01 37,426 ----a-r C:\WINDOWS\system32\drivers\u1pvdcd.sys

2009-11-07 14:01 15,120 ----a-r C:\WINDOWS\system32\msyuv.dll

2009-11-07 14:01 15,120 ----a-r C:\WINDOWS\msyuv.dll

2008-06-03 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-06-02 05:25 --------- d-----w C:\Program Files\Ubisoft

2008-06-02 05:23 --------- d-----w C:\Program Files\eMule

2008-05-28 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-23 03:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-20 07:23 35,528 ----a-w C:\Documents and Settings\miky\Application Data\GDIPFONTCACHEV1.DAT

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-24 20:25 --------- d-----w C:\Program Files\The All-Seeing Eye

2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll

2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-06_17.57.04.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-06 15:51:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-08 20:28:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 09:38 289088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-12-17 23:00 90112]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 11:46 155648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"5c25e68c"="C:\WINDOWS\system32\kdccdvhb.dll" [2008-06-06 08:03 117248]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

 

C:\Documents and Settings\miky\Menu D‚marrer\Programmes\D‚marrage\

Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [09/09/2007 06:51:40 488728]

 

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [21/01/2008 11:06:07 110592]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 16:40:46 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"D:\\unreal tournament3\\Binaries\\UT3.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2009-11-07 16:01]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 01:00]

R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

R3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2009-11-07 16:03]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af10c6d0-c2cd-11dc-98e1-806d6172696f}]

\Shell\AutoRun\command - F:\setup.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-09 03:55:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\NavLogon.dll

.

Temps d'accomplissement: 2008-06-09 3:57:46

ComboFix-quarantined-files.txt 2008-06-09 01:57:38

ComboFix2.txt 2008-06-06 15:58:09

 

Pre-Run: 1,720,791,040 octets libres

Post-Run: 1,708,085,248 octets libres

 

297 --- E O F --- 2008-05-28 13:00:48

 

j'ai tout suivi a la lettre.

euuhh voila , que dois je faire maintenant?

[angelique]

j'ai tout suivi a la lettre.

euuhh voila , que dois je faire maintenant?

 

Non tu n'as pas suivi à la lettre ;o) c'est CFScript et non Command switches used :: C:\Documents and Settings\miky\Bureau\cfscript.txt

 

recommence comme precedemment en te deconnectant d'internet avec ce CFScript ci dessous, patiente 10mn apres le rapport pour te reconnecter

 

File::
C:\WINDOWS\system32\bhvdccdk.ini
C:\WINDOWS\system32\mipjcmgn.dll
C:\WINDOWS\system32\kdccdvhb.dll
C:\WINDOWS\system32\sxrkdbbf.dll
C:\WINDOWS\system32\cvcplllf.dll
C:\WINDOWS\system32\asmvecev.dll
C:\WINDOWS\system32\kdccdvhb.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5c25e68c"=-

 

et poste le rapport.

[mikemmanosa]

Non tu n'as pas suivi à la lettre ;o) c'est CFScript et non Command switches used :: C:\Documents and Settings\miky\Bureau\cfscript.txt

 

recommence comme precedemment en te deconnectant d'internet avec ce CFScript ci dessous, patiente 10mn apres le rapport pour te reconnecter

 

File::
C:\WINDOWS\system32\bhvdccdk.ini
C:\WINDOWS\system32\mipjcmgn.dll
C:\WINDOWS\system32\kdccdvhb.dll
C:\WINDOWS\system32\sxrkdbbf.dll
C:\WINDOWS\system32\cvcplllf.dll
C:\WINDOWS\system32\asmvecev.dll
C:\WINDOWS\system32\kdccdvhb.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5c25e68c"=-

 

et poste le rapport.

 

 

donc voila j'ai recommencé

combofix a bien prit le CFScript et voici le rapport.

 

ComboFix 08-06-05.3 - miky 2008-06-10 10:45:31.5 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1421 [GMT 2:00]

Endroit: C:\Documents and Settings\miky\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\miky\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-10 10:41 . 2008-06-10 10:42 <REP> d-------- C:\WINDOWS\LastGood

2008-06-10 10:40 . 2008-06-10 10:40 294 ---hs---- C:\WINDOWS\system32\bhvdccdk.ini

2008-06-06 08:21 . 2008-06-06 09:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-06-06 08:07 . 2008-06-06 08:08 133,120 --a------ C:\WINDOWS\system32\mipjcmgn.dll

2008-06-06 08:03 . 2008-06-06 08:03 117,248 --a------ C:\WINDOWS\system32\kdccdvhb.dll

2008-06-06 07:57 . 2008-06-06 07:57 126,976 --a------ C:\WINDOWS\system32\sxrkdbbf.dll

2008-06-05 19:39 . 2008-06-05 19:39 <REP> d-------- C:\Program Files\Trend Micro

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-06-05 17:30 . 2008-01-14 19:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-06-05 17:30 . 2008-01-14 20:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-06-05 17:30 . 2008-06-05 17:30 <REP> d-------- C:\Documents and Settings\Administrateur

2008-06-05 08:04 . 2008-06-05 08:04 132,608 --a------ C:\WINDOWS\system32\cvcplllf.dll

2008-06-05 07:58 . 2008-06-05 07:58 126,976 --a------ C:\WINDOWS\system32\asmvecev.dll

2008-06-04 07:53 . 2008-06-07 19:24 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-04 07:00 . 2008-06-04 07:03 <REP> d-------- C:\Program Files\SolidWorks

2008-06-04 07:00 . 2008-06-04 07:04 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared

2008-06-04 07:00 . 2008-06-04 07:00 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008

2008-06-03 19:10 . 2008-06-06 08:31 1,141 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\Lavasoft

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-06-03 08:29 . 2008-06-03 08:29 <REP> d-------- C:\Program Files\Sunbelt Software

2008-06-02 08:08 . 2008-06-02 08:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-02 08:08 . 2008-06-02 08:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-05-31 08:19 . 2008-05-31 08:20 <REP> d-------- C:\Fraps

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\bits

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-29 20:04 . 2008-05-29 20:04 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-05-29 18:31 . 2004-08-19 15:53 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-05-29 15:45 . 2008-05-29 15:45 1,144,995 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe

2008-05-28 15:51 . 2008-06-04 07:08 4,096 --a------ C:\WINDOWS\system32\crash

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\miky\Application Data\ATI

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI

2008-05-28 15:26 . 2008-05-28 15:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-28 15:24 . 2008-05-28 15:24 <REP> d-------- C:\Program Files\ATI Technologies

2008-05-28 15:24 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-26 15:44 . 2008-05-26 15:44 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVSMedia

2008-05-24 15:16 . 1999-12-01 17:45 22,335 --a------ C:\WINDOWS\emme.wri

2008-05-24 15:15 . 2008-05-24 15:15 <REP> d-------- C:\emme

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\SafeNet Sentinel

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel

2008-05-23 12:47 . 2008-05-29 15:47 <REP> d-------- C:\Program Files\NewTek

2008-05-23 05:15 . 2008-05-23 05:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet

2008-05-23 05:10 . 2008-05-23 05:10 <REP> d-------- C:\Program Files\Bonjour

2008-05-23 05:04 . 2008-05-23 05:04 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-05-23 05:00 . 2008-05-23 05:00 <REP> d-------- C:\Program Files\MagicISO

2008-05-21 22:59 . 2008-05-26 16:04 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-21 22:59 . 2008-05-22 01:10 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVS4YOU

2008-05-21 22:59 . 2008-05-21 22:59 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU

2008-05-21 22:58 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-21 22:58 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-21 22:58 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-05-21 22:58 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-05-21 22:58 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-05-21 21:45 . 2008-05-21 21:46 <REP> d-------- C:\Program Files\UnZixWin

2008-05-21 21:45 . 2008-05-21 21:45 249,856 --------- C:\WINDOWS\Setup1.exe

2008-05-21 21:45 . 2008-05-21 21:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-05-21 21:39 . 2008-06-02 07:24 <REP> d-------- C:\Program Files\GRETECH

2008-05-20 09:39 . 2008-06-02 07:04 <REP> d-------- C:\Documents and Settings\miky\Application Data\BitTorrent

2008-05-20 09:38 . 2008-05-20 09:38 <REP> d-------- C:\Program Files\DNA

2008-05-20 09:38 . 2008-05-20 09:39 <REP> d-------- C:\Program Files\BitTorrent

2008-05-20 09:38 . 2008-06-10 06:56 <REP> d-------- C:\Documents and Settings\miky\Application Data\DNA

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-05-12 18:30 . 2008-05-12 18:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2008-05-12 17:54 . 2008-05-12 17:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll

2008-05-12 17:53 . 2008-05-12 17:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2008-05-12 17:45 . 2008-05-12 17:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll

2008-05-12 17:45 . 2008-05-12 17:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2008-05-12 17:44 . 2008-05-12 17:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll

2008-05-12 17:43 . 2008-05-12 17:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll

2008-05-12 17:43 . 2008-05-12 17:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe

2008-05-12 17:41 . 2008-05-12 17:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2008-05-12 17:32 . 2008-05-12 17:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat

2008-05-12 17:22 . 2008-05-12 17:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll

2008-05-12 17:22 . 2008-05-12 17:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat

2008-05-12 17:09 . 2008-05-12 17:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll

2008-05-12 17:05 . 2008-05-12 17:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll

2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll

2008-05-12 17:03 . 2008-05-12 17:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

2008-05-12 17:02 . 2008-05-12 17:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

2008-05-12 17:02 . 2008-05-12 17:02 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2008-05-12 16:57 . 2008-05-12 16:57 548,864 --a------ C:\WINDOWS\system32\ati2cqag.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-07 14:03 322,066 ----a-r C:\WINDOWS\system32\drivers\u1pvdsm.sys

2009-11-07 14:01 69,632 -c--a-r C:\WINDOWS\pvcyuv.dll

2009-11-07 14:01 6,224 ----a-r C:\WINDOWS\system32\drivers\u1pvdbs.sys

2009-11-07 14:01 37,426 ----a-r C:\WINDOWS\system32\drivers\u1pvdcd.sys

2009-11-07 14:01 15,120 ----a-r C:\WINDOWS\system32\msyuv.dll

2009-11-07 14:01 15,120 ----a-r C:\WINDOWS\msyuv.dll

2008-06-03 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-06-02 05:25 --------- d-----w C:\Program Files\Ubisoft

2008-06-02 05:23 --------- d-----w C:\Program Files\eMule

2008-05-28 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-23 03:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-20 07:23 35,528 ----a-w C:\Documents and Settings\miky\Application Data\GDIPFONTCACHEV1.DAT

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-24 20:25 --------- d-----w C:\Program Files\The All-Seeing Eye

2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll

2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-06_17.57.04.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-06 15:51:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-10 08:40:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-14 02:33:27 47,616 ----a-w C:\WINDOWS\LastGood\system32\iyuv_32.dll

+ 2008-04-14 02:34:34 294,912 ----a-w C:\WINDOWS\LastGood\system32\msh263.drv

+ 2001-08-23 16:47:20 8,192 ----a-w C:\WINDOWS\LastGood\system32\tsbyuv.dll

+ 2008-04-14 02:33:48 54,784 ----a-w C:\WINDOWS\LastGood\system32\vfwwdm32.dll

+ 2008-04-14 02:33:28 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll

- 2001-08-23 16:47:20 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll

+ 2001-08-23 15:47:20 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll

+ 2008-04-14 02:33:48 54,784 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 09:38 289088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-12-17 23:00 90112]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 11:46 155648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"5c25e68c"="C:\WINDOWS\system32\kdccdvhb.dll" [2008-06-06 08:03 117248]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

 

C:\Documents and Settings\miky\Menu D‚marrer\Programmes\D‚marrage\

Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [09/09/2007 06:51:40 488728]

 

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [21/01/2008 11:06:07 110592]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 16:40:46 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"D:\\unreal tournament3\\Binaries\\UT3.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2009-11-07 16:01]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 01:00]

R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

S3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2009-11-07 16:03]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af10c6d0-c2cd-11dc-98e1-806d6172696f}]

\Shell\AutoRun\command - F:\setup.exe

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 10:49:38

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\NavLogon.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\kdccdvhb.dll

.

Temps d'accomplissement: 2008-06-10 10:51:39

ComboFix-quarantined-files.txt 2008-06-10 08:51:31

ComboFix2.txt 2008-06-10 04:38:13

ComboFix3.txt 2008-06-09 01:57:49

ComboFix4.txt 2008-06-06 15:58:09

 

Pre-Run: 1,595,932,672 octets libres

Post-Run: 1,608,019,968 octets libres

 

304 --- E O F --- 2008-05-28 13:00:48

[angelique]

Bon y'a un truc qui doit gener ComboFix pour nettoyer, on refait un essaie sinon on utilise un autre utilitaire.

 

• desinstalle le en copiant_collant la ligne ci dessous dans executer, et valide:

 

ComboFix /u

 

• desactive temporairement juste ton antivirus

 

• retelecharge ComboFix SUR TON BUREAU

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

»ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\bhvdccdk.ini
C:\WINDOWS\system32\mipjcmgn.dll
C:\WINDOWS\system32\kdccdvhb.dll
C:\WINDOWS\system32\sxrkdbbf.dll
C:\WINDOWS\system32\cvcplllf.dll
C:\WINDOWS\system32\asmvecev.dll
C:\WINDOWS\system32\kdccdvhb.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5c25e68c"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[mikemmanosa]

voici

 

 

ComboFix 08-06-05.3 - miky 2008-06-10 11:26:19.6 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1506 [GMT 2:00]

Endroit: C:\Documents and Settings\miky\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\miky\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\asmvecev.dll

C:\WINDOWS\system32\bhvdccdk.ini

C:\WINDOWS\system32\cvcplllf.dll

C:\WINDOWS\system32\kdccdvhb.dll

C:\WINDOWS\system32\mipjcmgn.dll

C:\WINDOWS\system32\sxrkdbbf.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\asmvecev.dll

C:\WINDOWS\system32\bhvdccdk.ini

C:\WINDOWS\system32\cvcplllf.dll

C:\WINDOWS\system32\kdccdvhb.dll

C:\WINDOWS\system32\mipjcmgn.dll

C:\WINDOWS\system32\sxrkdbbf.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-06 08:21 . 2008-06-06 09:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-06-05 19:39 . 2008-06-05 19:39 <REP> d-------- C:\Program Files\Trend Micro

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-06-05 17:30 . 2008-01-14 19:59 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-06-05 17:30 . 2008-01-14 20:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-06-05 17:30 . 2008-01-14 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-06-05 17:30 . 2008-06-05 17:30 <REP> d-------- C:\Documents and Settings\Administrateur

2008-06-04 07:53 . 2008-06-07 19:24 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-04 07:00 . 2008-06-04 07:03 <REP> d-------- C:\Program Files\SolidWorks

2008-06-04 07:00 . 2008-06-04 07:04 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared

2008-06-04 07:00 . 2008-06-04 07:00 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008

2008-06-03 19:10 . 2008-06-10 11:31 1,306 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\Lavasoft

2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-06-03 08:29 . 2008-06-03 08:29 <REP> d-------- C:\Program Files\Sunbelt Software

2008-06-02 08:08 . 2008-06-02 08:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-02 08:08 . 2008-06-02 08:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-06-02 06:41 . 2008-06-02 06:43 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-05-31 08:19 . 2008-05-31 08:20 <REP> d-------- C:\Fraps

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\fr

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\system32\bits

2008-05-29 20:05 . 2008-05-29 20:05 <REP> d-------- C:\WINDOWS\l2schemas

2008-05-29 20:04 . 2008-05-29 20:04 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-05-29 18:31 . 2004-08-19 15:53 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-05-29 15:45 . 2008-05-29 15:45 1,144,995 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe

2008-05-28 15:51 . 2008-06-04 07:08 4,096 --a------ C:\WINDOWS\system32\crash

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\miky\Application Data\ATI

2008-05-28 15:27 . 2008-05-28 15:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI

2008-05-28 15:26 . 2008-05-28 15:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-28 15:24 . 2008-05-28 15:24 <REP> d-------- C:\Program Files\ATI Technologies

2008-05-28 15:24 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-26 15:44 . 2008-05-26 15:44 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVSMedia

2008-05-24 15:16 . 1999-12-01 17:45 22,335 --a------ C:\WINDOWS\emme.wri

2008-05-24 15:15 . 2008-05-24 15:15 <REP> d-------- C:\emme

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\SafeNet Sentinel

2008-05-23 12:51 . 2008-05-23 12:51 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel

2008-05-23 12:47 . 2008-05-29 15:47 <REP> d-------- C:\Program Files\NewTek

2008-05-23 05:15 . 2008-05-23 05:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet

2008-05-23 05:10 . 2008-05-23 05:10 <REP> d-------- C:\Program Files\Bonjour

2008-05-23 05:04 . 2008-05-23 05:04 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-05-23 05:00 . 2008-05-23 05:00 <REP> d-------- C:\Program Files\MagicISO

2008-05-21 22:59 . 2008-05-26 16:04 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-21 22:59 . 2008-05-22 01:10 <REP> d-------- C:\Documents and Settings\miky\Application Data\AVS4YOU

2008-05-21 22:59 . 2008-05-21 22:59 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU

2008-05-21 22:58 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-21 22:58 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-21 22:58 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-05-21 22:58 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-05-21 22:58 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-05-21 21:45 . 2008-05-21 21:46 <REP> d-------- C:\Program Files\UnZixWin

2008-05-21 21:45 . 2008-05-21 21:45 249,856 --------- C:\WINDOWS\Setup1.exe

2008-05-21 21:45 . 2008-05-21 21:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-05-21 21:39 . 2008-06-02 07:24 <REP> d-------- C:\Program Files\GRETECH

2008-05-20 09:39 . 2008-06-02 07:04 <REP> d-------- C:\Documents and Settings\miky\Application Data\BitTorrent

2008-05-20 09:38 . 2008-05-20 09:38 <REP> d-------- C:\Program Files\DNA

2008-05-20 09:38 . 2008-05-20 09:39 <REP> d-------- C:\Program Files\BitTorrent

2008-05-20 09:38 . 2008-06-10 11:30 <REP> d-------- C:\Documents and Settings\miky\Application Data\DNA

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-05-12 18:30 . 2008-05-12 18:30 3,007,488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2008-05-12 17:54 . 2008-05-12 17:54 305,152 --a------ C:\WINDOWS\system32\ati2dvag.dll

2008-05-12 17:53 . 2008-05-12 17:53 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2008-05-12 17:45 . 2008-05-12 17:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll

2008-05-12 17:45 . 2008-05-12 17:45 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2008-05-12 17:45 . 2008-05-12 17:45 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2008-05-12 17:44 . 2008-05-12 17:44 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll

2008-05-12 17:43 . 2008-05-12 17:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll

2008-05-12 17:43 . 2008-05-12 17:43 540,672 --a------ C:\WINDOWS\system32\ati2evxx.exe

2008-05-12 17:41 . 2008-05-12 17:41 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2008-05-12 17:32 . 2008-05-12 17:32 3,203,168 --a------ C:\WINDOWS\system32\ati3duag.dll

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat

2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat

2008-05-12 17:22 . 2008-05-12 17:22 1,999,616 --a------ C:\WINDOWS\system32\ativvaxx.dll

2008-05-12 17:22 . 2008-05-12 17:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat

2008-05-12 17:09 . 2008-05-12 17:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll

2008-05-12 17:05 . 2008-05-12 17:05 327,680 --a------ C:\WINDOWS\system32\atikvmag.dll

2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll

2008-05-12 17:03 . 2008-05-12 17:03 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

2008-05-12 17:02 . 2008-05-12 17:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll

2008-05-12 17:02 . 2008-05-12 17:02 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2008-05-12 16:57 . 2008-05-12 16:57 548,864 --a------ C:\WINDOWS\system32\ati2cqag.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-02 19:35 318,419 ----a-r C:\WINDOWS\system32\drivers\u1pvdsm.sys

2010-01-02 19:34 6,225 ----a-r C:\WINDOWS\system32\drivers\u1pvdbs.sys

2010-01-02 19:34 37,843 ----a-r C:\WINDOWS\system32\drivers\u1pvdcd.sys

2008-06-03 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-06-02 05:25 --------- d-----w C:\Program Files\Ubisoft

2008-06-02 05:23 --------- d-----w C:\Program Files\eMule

2008-05-28 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-23 03:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-20 07:23 35,528 ----a-w C:\Documents and Settings\miky\Application Data\GDIPFONTCACHEV1.DAT

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-24 20:25 --------- d-----w C:\Program Files\The All-Seeing Eye

2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys

2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys

2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys

2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys

2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys

2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys

2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys

2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-06_17.57.04.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-06 15:51:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-10 09:31:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-05-16 16:31:26 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2008-06-10 08:59:52 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe

- 2009-11-07 14:01:48 15,120 ----a-r C:\WINDOWS\msyuv.dll

+ 2008-02-13 23:18:20 15,120 ----a-r C:\WINDOWS\msyuv.dll

- 2009-11-07 14:01:48 69,632 -c--a-r C:\WINDOWS\pvcyuv.dll

+ 2008-01-23 19:22:00 69,632 ----a-r C:\WINDOWS\pvcyuv.dll

+ 2008-04-14 02:33:28 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll

- 2001-08-23 16:47:20 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll

+ 2001-08-23 15:47:20 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll

+ 2008-04-14 02:33:48 54,784 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll

- 2008-04-14 02:33:27 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll

+ 2008-04-14 02:33:28 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll

- 2009-11-07 14:01:48 15,120 ----a-r C:\WINDOWS\system32\msyuv.dll

+ 2008-02-13 23:18:20 15,120 ----a-r C:\WINDOWS\system32\msyuv.dll

- 2001-08-23 16:47:20 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll

+ 2001-08-23 15:47:20 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 09:38 289088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-12-17 23:00 90112]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 11:46 155648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"D:\\unreal tournament3\\Binaries\\UT3.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2010-01-02 21:34]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 01:00]

R3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2010-01-02 21:35]

S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af10c6d0-c2cd-11dc-98e1-806d6172696f}]

\Shell\AutoRun\command - F:\setup.exe

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 11:32:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\NavLogon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\searchindexer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\searchprotocolhost.exe

C:\WINDOWS\system32\searchfilterhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-10 11:39:41 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-10 09:39:34

ComboFix2.txt 2008-06-10 08:51:41

ComboFix3.txt 2008-06-10 04:38:13

ComboFix4.txt 2008-06-09 01:57:49

ComboFix5.txt 2008-06-06 15:58:09

 

Pre-Run: 1,547,747,328 octets libres

Post-Run: 1,539,383,296 octets libres

 

331 --- E O F --- 2008-06-10 08:59:53

[angelique]

desinstalle ComboFix comme precedemment et supprime si toujours existant:

 

c:qoobox , c:\bug , c:\combofix

 

• Pour mettre en evidence le reste des infections non actives , mais presentes:

 

* Fais un scan en ligne Kaspersky avec IE

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

tuto:: http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291566

 

Poste le rapport que tu auras enregistré en fin de scan