Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Voici le rapport de SDFix :

 

SDFix: Version 1.194

Run by user on 2008-06-19 at 18:05

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix\SDFix

 

Checking Services :

 

Name :

msupdate

qalwpmdgt

qaszpurn

tcpsr

USB2_04

widuxngq

zalpqbj

zeqbqwp

FUR15

PDG07

CCH73

 

Path :

c:\windows\system32\mssrv32.exe

\??\C:\WINDOWS\qalwpmdgt.sys

\??\C:\WINDOWS\qaszpurn.sys

\??\C:\WINDOWS\System32\drivers\tcpsr.sys

\??\C:\WINDOWS\system32\drivers\nkv2.sys

\??\C:\WINDOWS\widuxngq.sys

\??\C:\WINDOWS\zalpqbj.sys

\??\C:\WINDOWS\zeqbqwp.sys

\SystemRoot\System32\Drivers\Fur15.sys

\SystemRoot\System32\Drivers\pdG07.sys

\SystemRoot\System32\Drivers\ccH73.sys

 

msupdate - Deleted

qalwpmdgt - Deleted

qaszpurn - Deleted

tcpsr - Deleted

USB2_04 - Deleted

widuxngq - Deleted

zalpqbj - Deleted

zeqbqwp - Deleted

FUR15 - Deleted

PDG07 - Deleted

CCH73 - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default Desktop Wallpaper

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\CBOCR.DLL - Deleted

C:\-17143~1 - Deleted

C:\WINDOWS\system32\config\systemprofile\Application Data\Install.dat - Deleted

C:\Documents and Settings\user\Application Data\Install.dat - Deleted

C:\Program Files\tmp0.exe - Deleted

C:\Program Files\tmp1.exe - Deleted

C:\Program Files\tmp2.exe - Deleted

C:\Program Files\tmp3.exe - Deleted

C:\Documents and Settings\user\Application Data\WinTouch\wintouch.cfg - Deleted

C:\Documents and Settings\user\Favoris\Error Cleaner.url - Deleted

C:\Documents and Settings\user\Bureau\Error Cleaner.url - Deleted

C:\Documents and Settings\user\Favoris\Privacy Protector.url - Deleted

C:\Documents and Settings\user\Bureau\Privacy Protector.url - Deleted

C:\Documents and Settings\user\Favoris\Spyware&Malware Protection.url - Deleted

C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted

C:\WINDOWS\system32\maxpaynowti.exe - Deleted

C:\WINDOWS\kiasys.dll - Deleted

C:\WINDOWS\system32\cmd.com - Deleted

C:\WINDOWS\system32\netstat.com - Deleted

C:\WINDOWS\system32\ping.com - Deleted

C:\WINDOWS\system32\regedit.com - Deleted

C:\WINDOWS\system32\taskkill.com - Deleted

C:\WINDOWS\system32\tasklist.com - Deleted

C:\WINDOWS\system32\tracert.com - Deleted

C:\WINDOWS\system32\vx.tll - Deleted

C:\WINDOWS\system32\WinCtrl32.dll - Deleted

C:\WINDOWS\Temp\ed47fa.$ - Deleted

C:\WINDOWS\Temp\removalfile.bat - Deleted

C:\WINDOWS\system32\drivers\tcpsr.sys - Deleted

C:\WINDOWS\system32\ntos.exe - Deleted

C:\WINDOWS\system32\WinNt32.dll - Deleted

C:\WINDOWS\system32\WLCtrl32.dll - Deleted

C:\WINDOWS\yeTyezzd.sys - Deleted

C:\WINDOWS\system32\drivers\FUR15.sys - Deleted

C:\WINDOWS\system32\drivers\PDG07.sys - Deleted

C:\WINDOWS\system32\drivers\CCH73.sys - Deleted

C:\WINDOWS\system32\wsnpoem\video.dll - Deleted

C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted

 

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer or CureIt by Dr.Web

 

Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$

Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$

 

Folder C:\Documents and Settings\user\Application Data\WinTouch - Removed

Folder C:\WINDOWS\system32\wsnpoem - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 18:13:26

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Google\\Google Earth\\googleearth.exe"="C:\\Program Files\\Google\\Google Earth\\googleearth.exe:*:Enabled:Google Earth"

"C:\\Program Files\\Weezo\\bin\\Weezo.exe"="C:\\Program Files\\Weezo\\bin\\Weezo.exe:*:Enabled:Weezo"

"C:\\Program Files\\Weezo\\Apache\\bin\\WeezoHttpd.exe"="C:\\Program Files\\Weezo\\Apache\\bin\\WeezoHttpd.exe:*:Enabled:WeezoHttpd.exe"

"C:\\Documents and Settings\\USER\\Bureau\\serveur\\serveur\\Serveur.exe"="C:\\Documents and Settings\\USER\\Bureau\\serveur\\serveur\\Serveur.exe:*:Enabled:mIRC"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

"C:\\Program Files\\TYPSoft FTP Server\\ftpserv.exe"="C:\\Program Files\\TYPSoft FTP Server\\ftpserv.exe:*:Enabled:TYPSoft FTP Server"

"C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"C:\\Program Files\\Half Life\\HALF-LIFE\\hltv.exe"="C:\\Program Files\\Half Life\\HALF-LIFE\\hltv.exe:*:Enabled:hltv"

"C:\\Program Files\\Valve\\Counter-Strike Source\\srcds.exe"="C:\\Program Files\\Valve\\Counter-Strike Source\\srcds.exe:*:Enabled:srcds"

"C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program Files\\Bobot\\Bobot.exe"="C:\\Program Files\\Bobot\\Bobot.exe:*:Enabled:Bot for IRC"

"C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program Files\\Steam\\SteamApps\\lartak\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\lartak\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program Files\\Steam\\SteamApps\\lartak\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\SteamApps\\lartak\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"

"C:\\Program Files\\MOZILLA.ORG\\Mozilla\\mozilla.exe"="C:\\Program Files\\MOZILLA.ORG\\Mozilla\\mozilla.exe:*:Enabled:Mozilla"

"C:\\Documents and Settings\\USER\\Local Settings\\Temporary Internet Files\\Content.IE5\\PZCPWUME\\WoW-frFR-Installer-downloader[1].exe"="C:\\Documents and Settings\\USER\\Local Settings\\Temporary Internet Files\\Content.IE5\\PZCPWUME\\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"

"F:\\utorrent.exe"="F:\\utorrent.exe:*:Enabled:æTorrent"

"F:\\LimeWire\\LimeWire.exe"="F:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"

"C:\\WINDOWS\\WinVNC.exe"="C:\\WINDOWS\\WinVNC.exe:*:Enabled:VNC BND"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

C:\WINDOWS\Temp\bca4e2da.$$$ Found

C:\WINDOWS\Temp\fa56d7ec.$$$ Found

 

File Backups: - C:\SDFix\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 3 Mar 2008 3,507,272 ..SH. --- "C:\WINDOWS\setup2.exe"

Thu 21 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT5E.tmp"

Sat 6 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\user\Bureau\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage)\MSDE2000\SQLRESLD.DLL"

 

Finished!

Posté(e)

:P bon y'a un RK MBR à gerer et je pense aussi un egdaccess \o/ , tu sorts d'où avec toutes ces infections :P , tu ne surfs pas sur le net STP!!! juste ici avec ce pc.y'a la totale \o/ et faut que je tombe dessus :P:P .

Là y'a une sérieuse initiation informatique à faire , sinon faut faire du tricot hein!!!.....

 

• Télécharge sur ton bureau : http://www2.gmer.net/mbr/mbr.exe

double-clic dessus et poste le rapport log qui est créé sur ton bureau.

 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Télécharge Navilog1.exe (Il Mafioso)

Installe le,un raccourci est crée sur le bureau il va se lancer tout seul, choisis ta langue, l'option 1 et poste le rapport + un nouveau rapport HijackThis

 

• ComboFix est désormais obsolete +24H , desinstalle le en copiant_collant la ligne ci dessous dans executer et valide:

 

ComboFix /u

 

On devrait pouvoir l'utiliser apres \o_

Posté(e) (modifié)

Rapport mrb :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

MBR rootkit code detected !

malicious code @ sector 0x12a18ac1 size 0x1a8 !

copy of MBR has been found in sector 62 !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Rapport Navilog :

Search Navipromo version 3.5.8 commencé le 2008-06-19 à 20:38:18.42

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "user"

 

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 6.0.2900.2180

Système de fichiers : FAT32

 

Recherche executé en mode normal

 

*** Recherche Programmes installés ***

 

Windows Live Favorites para Windows Live Toolbar

 

*** Recherche dossiers dans "C:\WINDOWS" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\user\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\LARTAK\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\user\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\user\menud+~1\progra~1" ***

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

 

Aucun Fichier trouvé

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\WINDOWS\system32" *

 

* Recherche dans "C:\Documents and Settings\user\locals~1\applic~1" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\WINDOWS\system32" :

 

 

* Dans "C:\Documents and Settings\user\locals~1\applic~1" :

 

 

3)Recherche Certificats :

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

C:\WINDOWS\system32\jRqBeMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

C:\WINDOWS\system32\aayHNqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

C:\WINDOWS\system32\sDddKUvw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

 

 

*** Analyse terminée le 2008-06-19 à 20:40:01.51 ***

Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:42, on 2008-06-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\HJT\plop.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &windows live search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: add to windows &live favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: Agregar entrada - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 5081 bytes

(combofix désinstallé)

Voilà :P

Modifié par Lartak09
Posté(e)

Voilà :P \o_

 

• supprime c:\SDFix , desinstalle navilog1 via ajout \supp de programmes et supprime son repertoire restant

» C:\Program Files\Navilog1

 

• Copie_Colle la ligne ci dessous dans executer et valide la:

 

"%userprofile%\Bureau\mbr.exe" -f

 

un rapport log doit etre crée sur ton bureau , sinon tu repetes un .log de MBR.exe en le relançant

 

• relance HijackThis " do a system scan only" et coche puis clic fixchecked la ligne ci dessous:

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

 

• Télécharger OTMoveIt2 par OldTimer.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

 

* Enregistrer ce fichier sur le Bureau.

* Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\WINDOWS\system32\vobmpcrq.exe
C:\Windows\xpupdate.exe
EmptyTemp

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste List of Files/Folders to Move" ) puis choisir Coller.

* Cliquer sur le bouton rouge Moveit!.

* Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

* Fermer OTMoveIt2

 

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

 

• tu retelecharge ComboFix et tu me colles son rapport [en mode normal ! ça devrait le faire :P ]

Posté(e) (modifié)

Rapport OTMoveIt2 :

File/Folder C:\WINDOWS\system32\vobmpcrq.exe not found.

File/Folder C:\Windows\xpupdate.exe not found.

< EmptyTemp >

File delete failed. C:\WINDOWS\temp\bca4e2da.$$$ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\fa56d7ec.$$$ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_530.dat scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

 

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06192008_211033

Rapport combofix :

ComboFix 08-06-16.5 - user 2008-06-19 21:25:22.1 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.264 [GMT 2:00]

Endroit: C:\Documents and Settings\user\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\NetworkService\Menu Démarrer\Programmes\Brave-Sentry

C:\Documents and Settings\NetworkService\Menu Démarrer\Programmes\Brave-Sentry\BraveSentry.lnk

C:\Documents and Settings\NetworkService\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk

C:\Documents and Settings\user\Application Data\ShoppingReport

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\user\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

C:\Documents and Settings\user\Menu Démarrer\Programmes\Brave-Sentry

C:\Documents and Settings\user\Menu Démarrer\Programmes\Brave-Sentry\BraveSentry.lnk

C:\Documents and Settings\user\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk

C:\WINDOWS\BM9ae35acb.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\aayHNqss.ini

C:\WINDOWS\system32\aayHNqss.ini2

C:\WINDOWS\system32\akreuddn.exe

C:\WINDOWS\system32\amtumcwv.exe

C:\WINDOWS\system32\astqjrwc.ini

C:\WINDOWS\system32\avmeqeak.ini

C:\WINDOWS\system32\bcgiklvk.ini

C:\WINDOWS\system32\bgoykfra.ini

C:\WINDOWS\system32\bjctjljk.ini

C:\WINDOWS\system32\bpyhlujk.exe

C:\WINDOWS\system32\bszip.dll

C:\WINDOWS\system32\clwpariw.dll

C:\WINDOWS\system32\cotlrfll.ini

C:\WINDOWS\system32\cwmqvfnm.ini

C:\WINDOWS\system32\dbtmtpvo.ini

C:\WINDOWS\system32\dhchelki.ini

C:\WINDOWS\system32\djdksyje.ini

C:\WINDOWS\system32\dminqcku.ini

C:\WINDOWS\system32\dosditky.ini

C:\WINDOWS\system32\driktcfa.dll

C:\WINDOWS\system32\dvwhhgxw.ini

C:\WINDOWS\system32\eocbempg.ini

C:\WINDOWS\system32\eqfqcerw.exe

C:\WINDOWS\system32\etqudslv.ini

C:\WINDOWS\system32\ewovvwiq.exe

C:\WINDOWS\system32\fmkcindg.exe

C:\WINDOWS\system32\foisssqt.exe

C:\WINDOWS\system32\fptgogdj.exe

C:\WINDOWS\system32\fswqvgsn.dll

C:\WINDOWS\system32\fumwpqch.ini

C:\WINDOWS\system32\fvwcvmtw.ini

C:\WINDOWS\system32\fxqrxbto.ini

C:\WINDOWS\system32\gchehamq.ini

C:\WINDOWS\system32\gifleyau.ini

C:\WINDOWS\system32\glavfluo.ini

C:\WINDOWS\system32\hdppaheu.ini

C:\WINDOWS\system32\heqseypr.ini

C:\WINDOWS\system32\hnddwltl.ini

C:\WINDOWS\system32\idrswabt.ini

C:\WINDOWS\system32\iegqwtjs.ini

C:\WINDOWS\system32\ifjbvktg.ini

C:\WINDOWS\system32\imcqyfmt.ini

C:\WINDOWS\system32\ixvkqigq.ini

C:\WINDOWS\system32\jbwefbrx.exe

C:\WINDOWS\system32\jesyilvg.ini

C:\WINDOWS\system32\jnokrmtb.ini

C:\WINDOWS\system32\jRqBeMoq.ini

C:\WINDOWS\system32\jRqBeMoq.ini2

C:\WINDOWS\system32\jtolrkbr.ini

C:\WINDOWS\system32\kdiiucwt.ini

C:\WINDOWS\system32\ldriaklf.ini

C:\WINDOWS\system32\lmxpoxfr.ini

C:\WINDOWS\system32\lwowteee.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mfeklnsk.ini

C:\WINDOWS\system32\mgnvugkx.ini

C:\WINDOWS\system32\mpvgndbq.ini

C:\WINDOWS\system32\mtovpqps.ini

C:\WINDOWS\system32\nhnthkvj.ini

C:\WINDOWS\system32\niidibfc.exe

C:\WINDOWS\system32\nspggftx.ini

C:\WINDOWS\system32\nwayepkv.ini

C:\WINDOWS\system32\ofkrrckl.exe

C:\WINDOWS\system32\ovvhidai.ini

C:\WINDOWS\system32\oxjhcgwq.ini

C:\WINDOWS\system32\pdyndvjd.ini

C:\WINDOWS\system32\pmidyeti.ini

C:\WINDOWS\system32\pqyjhlje.exe

C:\WINDOWS\system32\pufprusp.exe

C:\WINDOWS\system32\puumnebt.exe

C:\WINDOWS\system32\pxkywrxm.ini

C:\WINDOWS\system32\qcnvvxxr.ini

C:\WINDOWS\system32\qqbtsoyo.ini

C:\WINDOWS\system32\rbtqvxjl.dll

C:\WINDOWS\system32\rfcfvnqi.exe

C:\WINDOWS\system32\rkfksaok.ini

C:\WINDOWS\system32\rtvpgugd.exe

C:\WINDOWS\system32\sDddKUvw.ini

C:\WINDOWS\system32\sDddKUvw.ini2

C:\WINDOWS\system32\sgroipvr.exe

C:\WINDOWS\system32\tfblyakq.ini

C:\WINDOWS\system32\tosuwxxk.ini

C:\WINDOWS\system32\trudkcra.ini

C:\WINDOWS\system32\tstaxsos.ini

C:\WINDOWS\system32\uvifkngl.exe

C:\WINDOWS\system32\vebtquvk.ini

C:\WINDOWS\system32\vewkpjpy.ini

C:\WINDOWS\system32\vtvmwgys.ini

C:\WINDOWS\system32\wehrafml.exe

C:\WINDOWS\system32\wggwsrvy.ini

C:\WINDOWS\system32\wikiawgs.ini

C:\WINDOWS\system32\wimoervr.ini

C:\WINDOWS\system32\wvtbbdjd.ini

C:\WINDOWS\system32\xdaxvcai.ini

C:\WINDOWS\system32\xprqdaoq.ini

C:\WINDOWS\system32\xsatelwk.ini

C:\WINDOWS\system32\xvvdrgey.dll

C:\WINDOWS\system32\xyrujvhh.exe

C:\WINDOWS\system32\ybanmtuc.exe

C:\WINDOWS\system32\yqowmqxy.dll

C:\WINDOWS\system32\yuwhhefg.ini

C:\WINDOWS\system32\yuwqsoyw.ini

C:\WINDOWS\system32\yxqmwoqy.ini

C:\WINDOWS\system32\yylcspjs.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}

-------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-19 21:10 . 2008-06-19 21:10 <REP> d-------- C:\_OTMoveIt

2008-06-19 17:35 . 2008-06-19 17:35 <REP> d--hs---- C:\FOUND.123

2008-06-19 17:21 . 2008-06-19 17:21 <REP> d--hs---- C:\FOUND.122

2008-06-19 16:50 . 2008-06-19 16:50 <REP> d--hs---- C:\FOUND.121

2008-06-19 16:47 . 2008-06-19 16:47 <REP> d--hs---- C:\FOUND.120

2008-06-19 16:38 . 2008-06-19 16:38 <REP> d--hs---- C:\FOUND.119

2008-06-19 16:15 . 2008-06-19 16:15 <REP> d--hs---- C:\FOUND.118

2008-06-19 16:12 . 2008-06-19 16:12 <REP> d--hs---- C:\FOUND.117

2008-06-19 15:44 . 2008-06-19 15:44 <REP> d--hs---- C:\FOUND.116

2008-06-19 15:41 . 2008-06-19 15:41 <REP> d--hs---- C:\FOUND.115

2008-06-19 15:32 . 2008-06-19 15:32 <REP> d--hs---- C:\FOUND.114

2008-06-19 15:28 . 2008-06-19 15:28 <REP> d--hs---- C:\FOUND.113

2008-06-19 14:56 . 2008-06-19 14:56 <REP> d-------- C:\HJT

2008-06-19 14:51 . 2008-06-19 14:51 <REP> d--hs---- C:\FOUND.112

2008-06-19 14:47 . 2008-06-19 14:47 <REP> d--hs---- C:\FOUND.111

2008-06-19 14:32 . 2008-06-19 14:32 <REP> d--hs---- C:\FOUND.110

2008-06-19 14:24 . 2008-06-19 14:24 <REP> d--hs---- C:\FOUND.109

2008-06-19 14:10 . 2008-06-19 14:10 <REP> d--hs---- C:\FOUND.108

2008-06-19 14:05 . 2008-06-19 14:05 <REP> d--hs---- C:\FOUND.107

2008-06-19 13:24 . 2008-06-19 13:24 <REP> d--hs---- C:\FOUND.106

2008-06-19 12:53 . 2008-06-19 12:53 <REP> d--hs---- C:\FOUND.105

2008-06-19 12:47 . 2008-06-19 12:47 <REP> d--hs---- C:\FOUND.104

2008-06-19 12:44 . 2008-06-19 12:44 <REP> d--hs---- C:\FOUND.103

2008-06-18 02:16 . 2008-06-18 02:16 <REP> d-------- C:\Program Files\Avira

2008-06-18 01:36 . 2008-06-18 01:36 <REP> d--hs---- C:\FOUND.102

2008-06-18 00:45 . 2008-06-18 00:45 <REP> d--hs---- C:\FOUND.101

2008-06-18 00:40 . 2008-06-18 00:40 <REP> d-------- C:\NVIDIA

2008-06-18 00:38 . 2008-06-18 00:38 <REP> d-------- C:\Pilote Nvidia

2008-06-18 00:38 . 2008-06-18 00:38 <REP> d-------- C:\NVMonitor

2008-06-18 00:38 . 2008-06-18 00:38 <REP> d-------- C:\NTUNE

2008-06-17 23:04 . 2008-06-17 23:04 <REP> d-------- C:\winfokeys

2008-06-17 22:31 . 2008-06-17 22:31 <REP> d--hs---- C:\FOUND.100

2008-06-17 22:02 . 2008-06-17 22:02 <REP> d-------- C:\Program Files\NVIDIA Corporation

2008-06-17 20:14 . 2008-06-17 20:14 <REP> d--hs---- C:\FOUND.099

2008-06-17 20:10 . 2008-06-17 20:10 <REP> d--hs---- C:\FOUND.098

2008-06-17 17:44 . 2008-06-17 17:44 <REP> d--hs---- C:\FOUND.097

2008-06-17 16:58 . 2008-06-17 16:58 <REP> d--hs---- C:\FOUND.096

2008-06-17 16:54 . 2008-06-17 16:54 <REP> d--hs---- C:\FOUND.095

2008-06-17 16:50 . 2008-06-17 16:51 <REP> d-------- C:\Program Files\Fichiers communs\supportsoft

2008-06-17 16:47 . 2008-06-17 16:47 <REP> d--hs---- C:\FOUND.094

2008-06-17 16:43 . 2008-06-17 16:43 <REP> d--hs---- C:\FOUND.093

2008-06-17 16:35 . 2008-06-17 16:35 31,542,424 --a------ C:\dell_support_center.exe

2008-06-17 16:24 . 2008-06-17 16:24 <REP> d--hs---- C:\FOUND.092

2008-06-16 21:50 . 2008-06-16 21:50 <REP> d--hs---- C:\FOUND.091

2008-06-16 21:50 . 2008-06-17 21:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-16 21:27 . 2008-06-16 21:27 <REP> d--hs---- C:\FOUND.090

2008-06-16 02:49 . 2008-06-16 02:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell

2008-06-16 02:47 . 2008-06-16 02:47 <REP> d--hs---- C:\FOUND.089

2008-06-16 01:54 . 2008-06-16 01:54 <REP> d--hs---- C:\FOUND.088

2008-06-16 01:43 . 2008-06-16 01:43 <REP> d-------- C:\WINDOWS\nvidia icons

2008-06-16 00:52 . 2008-06-16 00:52 <REP> d--hs---- C:\FOUND.087

2008-06-16 00:47 . 2008-06-16 00:47 <REP> d-------- C:\Program Files\Opera

2008-06-16 00:44 . 2008-06-16 00:44 8,926,832 --a------ C:\Opera_950_in_Setup.exe

2008-06-16 00:29 . 2008-06-16 00:29 <REP> d--hs---- C:\FOUND.086

2008-06-16 00:26 . 2008-06-16 00:26 <REP> d--hs---- C:\FOUND.085

2008-06-15 23:23 . 2008-06-15 23:23 <REP> d--hs---- C:\FOUND.084

2008-06-15 20:52 . 2008-06-15 20:52 <REP> d-------- C:\Program Files\xp-AntiSpy

2008-06-15 20:51 . 2008-06-15 20:51 348,112 --a------ C:\xp-AntiSpy_setup-french.exe

2008-06-15 20:13 . 2008-06-15 20:13 <REP> d--hs---- C:\FOUND.083

2008-06-15 19:57 . 2008-06-15 19:57 <REP> d--hs---- C:\FOUND.082

2008-06-15 15:28 . 2008-06-15 15:28 <REP> d--hs---- C:\FOUND.081

2008-06-15 15:18 . 2008-06-15 15:18 <REP> d--hs---- C:\FOUND.080

2008-06-14 09:43 . 2008-06-14 09:43 <REP> d-------- C:\Program Files\backups

2008-06-14 09:37 . 2008-06-14 09:37 <REP> d-------- C:\backups

2008-06-14 09:27 . 2008-06-14 09:27 <REP> d--hs---- C:\FOUND.079

2008-06-14 09:24 . 2008-06-14 09:24 <REP> d--hs---- C:\FOUND.078

2008-06-14 09:15 . 2008-06-14 09:15 <REP> d--hs---- C:\FOUND.077

2008-06-14 09:07 . 2008-06-14 09:07 <REP> d--hs---- C:\FOUND.076

2008-06-14 08:47 . 2008-06-14 08:47 <REP> d--hs---- C:\FOUND.075

2008-06-14 08:44 . 2008-06-14 08:44 <REP> d--hs---- C:\FOUND.074

2008-06-14 08:18 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 08:18 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 07:55 . 2008-06-14 07:55 <REP> d--hs---- C:\FOUND.073

2008-06-14 07:47 . 2008-06-14 07:47 <REP> d--hs---- C:\FOUND.072

2008-06-14 07:43 . 2008-06-14 07:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-14 07:11 . 2006-05-19 15:23 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-14 07:05 . 2008-06-14 07:05 <REP> d--hs---- C:\FOUND.071

2008-06-13 12:51 . 2008-06-13 12:51 <REP> d--hs---- C:\FOUND.070

2008-06-11 15:06 . 2008-06-11 15:06 <REP> d--hs---- C:\FOUND.069

2008-06-11 10:56 . 2008-06-11 10:56 <REP> d--hs---- C:\FOUND.068

2008-06-10 16:05 . 2008-06-10 16:05 <REP> d--hs---- C:\FOUND.067

2008-06-10 09:00 . 2008-06-10 09:00 <REP> d-------- C:\def01.jsp_fichiers

2008-06-10 09:00 . 2008-06-10 09:00 70,682 --a------ C:\def01.jsp.htm

2008-06-10 05:29 . 2008-06-10 05:29 <REP> d-------- C:\Program Files\Lavalys

2008-06-10 05:29 . 2008-06-10 05:29 4,179,293 --a------ C:\everesthome220.exe

2008-06-10 01:45 . 2008-06-10 01:45 <REP> d--hs---- C:\FOUND.066

2008-06-09 18:23 . 2008-06-09 18:23 <REP> d--hs---- C:\FOUND.065

2008-06-09 12:24 . 2008-06-09 12:24 <REP> d-------- C:\Program Files\HolyGloryOnline

2008-06-09 11:58 . 2008-06-09 12:20 1,276,171,667 --a------ C:\Program Files\HolyGlory.exe

2008-06-08 19:44 . 2008-06-08 19:44 <REP> d-------- C:\Program Files\Seagrand

2008-06-08 19:36 . 2008-06-18 01:00 51 --a------ C:\WINDOWS\Graphex3.ini

2008-06-08 19:35 . 2008-06-08 19:35 <REP> d-------- C:\Program Files\Graphex3

2008-06-08 18:57 . 2008-06-08 18:57 <REP> d--hs---- C:\FOUND.064

2008-06-08 18:53 . 2008-06-10 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-08 18:53 . 2008-06-08 18:53 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-08 16:46 . 2008-06-08 16:46 <REP> d--hs---- C:\FOUND.063

2008-06-08 16:28 . 2008-06-08 16:28 1,495,112 --a------ C:\Program Files\install_flash_player.exe

2008-06-08 11:42 . 2008-06-08 11:42 <REP> d--hs---- C:\FOUND.062

2008-06-08 00:55 . 2008-06-08 00:55 <REP> d--hs---- C:\FOUND.061

2008-06-07 18:02 . 2008-06-07 18:02 <REP> d--hs---- C:\FOUND.060

2008-06-06 23:52 . 2008-06-06 23:52 <REP> d--hs---- C:\FOUND.059

2008-06-06 23:49 . 2008-06-06 23:49 <REP> d--hs---- C:\FOUND.058

2008-06-06 19:51 . 2008-06-06 19:51 <REP> d--hs---- C:\FOUND.057

2008-06-06 19:14 . 2008-06-06 19:14 <REP> d--hs---- C:\FOUND.056

2008-06-06 19:10 . 2008-06-06 19:10 <REP> d--hs---- C:\FOUND.055

2008-06-06 19:03 . 2008-06-06 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-06 18:39 . 2008-06-06 18:39 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-06-06 18:39 . 2008-06-06 18:39 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared

2008-06-06 18:39 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-06-06 18:39 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-06-06 18:38 . 2008-05-23 14:38 5,970,177 --a------ C:\Program Files\ZHP 2.27.exe

2008-06-06 18:01 . 2008-06-06 18:01 <REP> d--hs---- C:\FOUND.054

2008-06-06 17:56 . 2008-06-06 17:56 <REP> d-------- C:\InstallXP

2008-06-06 17:27 . 2008-06-06 17:27 <REP> d--hs---- C:\FOUND.053

2008-06-06 17:22 . 2008-06-06 17:22 <REP> d--hs---- C:\FOUND.052

2008-06-06 17:13 . 2008-06-06 17:13 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-06-06 15:02 . 2008-06-06 15:02 <REP> d--hs---- C:\FOUND.051

2008-06-06 09:58 . 2008-06-06 09:58 <REP> d--hs---- C:\FOUND.050

2008-06-06 02:51 . 2008-06-06 02:51 <REP> d--hs---- C:\FOUND.049

2008-06-05 15:40 . 2008-06-05 15:40 <REP> d--hs---- C:\FOUND.048

2008-06-05 15:19 . 2008-06-05 15:19 <REP> d--hs---- C:\FOUND.047

2008-06-05 15:16 . 2008-06-05 15:16 <REP> d--hs---- C:\FOUND.046

2008-06-05 15:12 . 2008-06-05 15:12 <REP> d--hs---- C:\FOUND.045

2008-06-04 19:21 . 2008-06-04 19:21 <REP> d--hs---- C:\FOUND.044

2008-06-04 19:16 . 2008-06-04 19:16 <REP> d--hs---- C:\FOUND.043

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 14:51 90,112 ----a-w C:\WINDOWS\DUMP59ed.tmp

2008-06-19 14:38 90,112 ----a-w C:\WINDOWS\DUMP4617.tmp

2008-06-19 13:32 90,112 ----a-w C:\WINDOWS\DUMP3faf.tmp

2008-06-19 12:13 90,112 ----a-w C:\WINDOWS\DUMP4368.tmp

2008-06-19 10:37 90,112 ----a-w C:\WINDOWS\DUMP1999.tmp

2008-06-17 18:07 90,112 ----a-w C:\WINDOWS\DUMP1d23.tmp

2008-06-17 16:57 5,517 ----a-w C:\Program Files\hijackthis.log

2008-06-17 14:58 90,112 ----a-w C:\WINDOWS\DUMP42db.tmp

2008-06-16 19:27 90,112 ----a-w C:\WINDOWS\DUMP3f8f.tmp

2008-06-15 23:50 90,112 ----a-w C:\WINDOWS\DUMP3677.tmp

2008-06-15 23:24 90,112 ----a-w C:\WINDOWS\DUMP3ed4.tmp

2008-06-15 13:18 90,112 ----a-w C:\WINDOWS\DUMP4759.tmp

2008-06-15 13:14 90,112 ----a-w C:\WINDOWS\DUMP4cbe.tmp

2008-06-14 06:38 90,112 ----a-w C:\WINDOWS\DUMP4e16.tmp

2008-06-14 04:38 90,112 ----a-w C:\WINDOWS\DUMP2dbd.tmp

2008-06-10 14:05 90,112 ----a-w C:\WINDOWS\DUMP5da6.tmp

2008-06-09 23:45 90,112 ----a-w C:\WINDOWS\DUMP6a43.tmp

2008-06-09 23:35 90,112 ----a-w C:\WINDOWS\DUMP5cc6.tmp

2008-06-09 11:08 90,112 ----a-w C:\WINDOWS\DUMP668a.tmp

2008-06-09 06:35 90,112 ----a-w C:\WINDOWS\DUMP3a2a.tmp

2008-06-08 13:06 90,112 ----a-w C:\WINDOWS\DUMP3de3.tmp

2008-06-07 15:53 90,112 ----a-w C:\WINDOWS\DUMP359c.tmp

2008-06-06 21:33 90,112 ----a-w C:\WINDOWS\DUMP49e0.tmp

2008-06-06 21:22 90,112 ----a-w C:\WINDOWS\DUMP2764.tmp

2008-06-06 16:02 90,112 ----a-w C:\WINDOWS\DUMP3f80.tmp

2008-06-06 15:27 90,112 ----a-w C:\WINDOWS\DUMP59de.tmp

2008-06-06 00:57 90,112 ----a-w C:\WINDOWS\DUMP47fc.tmp

2008-06-05 17:33 90,112 ----a-w C:\WINDOWS\DUMP43cf.tmp

2008-06-03 18:12 90,112 ----a-w C:\WINDOWS\DUMP48a7.tmp

2008-06-02 13:53 90,112 ----a-w C:\WINDOWS\DUMP5133.tmp

2008-06-02 07:24 90,112 ----a-w C:\WINDOWS\DUMP5402.tmp

2008-06-02 06:24 90,112 ----a-w C:\WINDOWS\DUMP4fbc.tmp

2008-06-01 18:23 90,112 ----a-w C:\WINDOWS\DUMP8572.tmp

2008-05-31 10:33 90,112 ----a-w C:\WINDOWS\DUMP5d1a.tmp

2008-05-30 11:51 90,112 ----a-w C:\WINDOWS\DUMP577c.tmp

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-08 01:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-07 10:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-05-07 10:30 --------- d-----w C:\Program Files\Windows Live Favorites

2008-05-07 10:14 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-05-07 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2008-05-03 03:46 768,544 ----a-w C:\WINDOWS\system32\nvcplui.exe

2008-05-03 03:46 6,554,496 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-05-03 03:46 6,108,160 ------w C:\WINDOWS\system32\nv4_disp.dll

2008-05-03 03:46 5,783,552 ----a-w C:\WINDOWS\system32\nvdispsr.dll

2008-05-03 03:46 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

2008-05-03 03:46 4,136,960 ----a-w C:\WINDOWS\system32\nvvitvsr.dll

2008-05-03 03:46 313,888 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2008-05-03 03:46 3,424,256 ----a-w C:\WINDOWS\system32\nvgamesr.dll

2008-05-03 03:46 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll

2008-05-03 03:46 2,670,592 ----a-w C:\WINDOWS\system32\nvwssr.dll

2008-05-03 03:46 1,079,840 ----a-w C:\WINDOWS\system32\nvcpluir.dll

2008-04-24 11:43 93,248 ----a-w C:\WINDOWS\system32\iwdgkfed.dll

2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2008-04-11 07:47 430,080 ----a-w C:\WINDOWS\ntuneoem.dll

2008-04-11 07:47 29,952 ----a-w C:\WINDOWS\nvoclock.sys

2008-04-09 20:52 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2007-06-26 06:38 3,997,266 ----a-w C:\Program Files\AlertInfo20Setup.exe

2007-02-08 00:10 14,705,768 ----a-w C:\Program Files\DivXInstaller.exe

2007-02-08 00:09 693,840 ----a-w C:\Program Files\wmv9VCMsetup.exe

2007-01-12 14:59 150,016 --sha-w C:\Program Files\Thumbs.db

2006-04-29 12:48 1,179 ----a-w C:\Program Files\!llusion.txt

2002-07-09 14:44 786 ----a-w C:\Program Files\qvgdm2.ccd

2002-07-09 14:44 70 ----a-w C:\Program Files\qvgdm2.cue

2002-07-09 14:44 450,099,888 ----a-w C:\Program Files\qvgdm2.img

2002-07-09 14:44 18,371,424 ----a-w C:\Program Files\qvgdm2.sub

2008-03-03 15:32 3,507,272 --sh--w C:\WINDOWS\setup2.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:09 15360]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 09:44 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:09 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mui03.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Google\\Google Earth\\googleearth.exe"=

"C:\\Program Files\\Weezo\\bin\\Weezo.exe"=

"C:\\Program Files\\Weezo\\Apache\\bin\\WeezoHttpd.exe"=

"C:\\WINDOWS\\System32\\LEXPPS.EXE"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero deleted scenes\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\counter-strike\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\dedicated server\\hlds.exe"=

"C:\\Program Files\\MOZILLA.ORG\\Mozilla\\mozilla.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\xchat\\xchat.exe"=

"C:\\WINDOWS\\WinVNC.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"0:TCP"= 0:TCP:BND

":TCP"= :TCP:BNDFTP

 

S0 mui03;mui03;C:\WINDOWS\system32\Drivers\Mui03.sys []

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 pnicml;pnicml;C:\DOCUME~1\user\LOCALS~1\Temp\pnicml.sys []

S3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys []

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-30 14:26:20 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2008-06-04 18:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-19 18:33:02 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 21:29:33

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\controlset004\Services\EverestDriver]

"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\LEXBCES.EXE

C:\WINDOWS\SYSTEM32\LEXPPS.EXE

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

C:\WINDOWS\SYSTEM32\FTRTSVC.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\PROGRAM FILES\NVIDIA CORPORATION\NTUNE\NTUNESERVICE.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-19 21:31:20 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-19 19:31:18

 

Pre-Run: 3,334,209,536 octets libres

Post-Run: 3,178,364,928 octets libres

 

428 --- E O F --- 2008-06-15 12:24:04

 

Merci et bonne nuit :P

 

En tout cas je sens que mon PC va déjà mieux.

Modifié par Lartak09
Posté(e)

Le rapport MBR , il manque STP!!!!!

 

1• * Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\def01.jsp.htm
C:\FOUND.123
C:\FOUND.122
C:\FOUND.121
C:\FOUND.120
C:\FOUND.119
C:\FOUND.118
C:\FOUND.115
C:\FOUND.117
C:\FOUND.116
C:\FOUND.115
C:\FOUND.114
C:\FOUND.113
C:\FOUND.112
C:\FOUND.111
C:\FOUND.110
C:\FOUND.109
C:\FOUND.108
C:\FOUND.107
C:\FOUND.106
C:\FOUND.105
C:\FOUND.104
C:\FOUND.103
C:\FOUND.102
C:\FOUND.101
C:\FOUND.099
C:\FOUND.098
C:\FOUND.097
C:\FOUND.096
C:\FOUND.095
C:\FOUND.092
C:\FOUND.091
C:\FOUND.094
C:\FOUND.093
C:\FOUND.090
C:\FOUND.089
C:\FOUND.088
C:\FOUND.087
C:\FOUND.086
C:\FOUND.085
C:\FOUND.084
C:\FOUND.083
C:\FOUND.082
C:\FOUND.081
C:\FOUND.080
C:\FOUND.079
C:\FOUND.078
C:\FOUND.077
C:\FOUND.076
C:\FOUND.075
C:\FOUND.074
C:\FOUND.073
C:\FOUND.072
C:\FOUND.071
C:\FOUND.070
C:\FOUND.069
C:\FOUND.068
C:\FOUND.067
C:\def01.jsp_fichiers
C:\FOUND.066
C:\FOUND.065
C:\FOUND.063
C:\FOUND.064
C:\FOUND.062
C:\FOUND.061
C:\FOUND.060
C:\FOUND.059
C:\FOUND.058
C:\FOUND.057
C:\FOUND.056
C:\FOUND.055
C:\FOUND.054
C:\FOUND.053
C:\FOUND.052
C:\FOUND.051
C:\FOUND.050
C:\FOUND.049
C:\FOUND.048
C:\FOUND.047
C:\FOUND.046
C:\FOUND.045
C:\FOUND.044
C:\FOUND.043
C:\WINDOWS\DUMP*.tmp

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste List of Files/Folders to Move" ) puis choisir Coller.

* Cliquer sur le bouton rouge Moveit!.

* Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

* Fermer OTMoveIt2

 

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Driver::
mui03
pnicml

File::
C:\WINDOWS\system32\Drivers\Mui03.sys
C:\WINDOWS\Tasks\Norton Security Scan.job

Folder::
C:\Program Files\Norton Security Scan

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mui03.sys]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Désactive temporairement antivir guard , decoche antivir guard enable,clic droit sue le parapluie dans le systray

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Posté(e)

Rapport MRB :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

 

Rapport OTMoveIt2 :

C:\def01.jsp.htm moved successfully.

C:\FOUND.123 moved successfully.

C:\FOUND.122 moved successfully.

C:\FOUND.121 moved successfully.

C:\FOUND.120 moved successfully.

C:\FOUND.119 moved successfully.

C:\FOUND.118 moved successfully.

C:\FOUND.115 moved successfully.

C:\FOUND.117 moved successfully.

C:\FOUND.116 moved successfully.

File/Folder C:\FOUND.115 not found.

C:\FOUND.114 moved successfully.

C:\FOUND.113 moved successfully.

C:\FOUND.112 moved successfully.

C:\FOUND.111 moved successfully.

C:\FOUND.110 moved successfully.

C:\FOUND.109 moved successfully.

C:\FOUND.108 moved successfully.

C:\FOUND.107 moved successfully.

C:\FOUND.106 moved successfully.

C:\FOUND.105 moved successfully.

C:\FOUND.104 moved successfully.

C:\FOUND.103 moved successfully.

C:\FOUND.102 moved successfully.

C:\FOUND.101 moved successfully.

C:\FOUND.099 moved successfully.

C:\FOUND.098 moved successfully.

C:\FOUND.097 moved successfully.

C:\FOUND.096 moved successfully.

C:\FOUND.095 moved successfully.

C:\FOUND.092 moved successfully.

C:\FOUND.091 moved successfully.

C:\FOUND.094 moved successfully.

C:\FOUND.093 moved successfully.

C:\FOUND.090 moved successfully.

C:\FOUND.089 moved successfully.

C:\FOUND.088 moved successfully.

C:\FOUND.087 moved successfully.

C:\FOUND.086 moved successfully.

C:\FOUND.085 moved successfully.

C:\FOUND.084 moved successfully.

C:\FOUND.083 moved successfully.

C:\FOUND.082 moved successfully.

C:\FOUND.081 moved successfully.

C:\FOUND.080 moved successfully.

C:\FOUND.079 moved successfully.

C:\FOUND.078 moved successfully.

C:\FOUND.077 moved successfully.

C:\FOUND.076 moved successfully.

C:\FOUND.075 moved successfully.

C:\FOUND.074 moved successfully.

C:\FOUND.073 moved successfully.

C:\FOUND.072 moved successfully.

C:\FOUND.071 moved successfully.

C:\FOUND.070 moved successfully.

C:\FOUND.069 moved successfully.

C:\FOUND.068 moved successfully.

C:\FOUND.067 moved successfully.

File/Folder C:\def01.jsp_fichiers not found.

C:\FOUND.066 moved successfully.

C:\FOUND.065 moved successfully.

C:\FOUND.063 moved successfully.

C:\FOUND.064 moved successfully.

C:\FOUND.062 moved successfully.

C:\FOUND.061 moved successfully.

C:\FOUND.060 moved successfully.

C:\FOUND.059 moved successfully.

C:\FOUND.058 moved successfully.

C:\FOUND.057 moved successfully.

C:\FOUND.056 moved successfully.

C:\FOUND.055 moved successfully.

C:\FOUND.054 moved successfully.

C:\FOUND.053 moved successfully.

C:\FOUND.052 moved successfully.

C:\FOUND.051 moved successfully.

C:\FOUND.050 moved successfully.

C:\FOUND.049 moved successfully.

C:\FOUND.048 moved successfully.

C:\FOUND.047 moved successfully.

C:\FOUND.046 moved successfully.

C:\FOUND.045 moved successfully.

C:\FOUND.044 moved successfully.

C:\FOUND.043 moved successfully.

< C:\WINDOWS\DUMP*.tmp >

C:\WINDOWS\DUMP3f8f.tmp moved successfully.

C:\WINDOWS\DUMP43cf.tmp moved successfully.

C:\WINDOWS\DUMP4617.tmp moved successfully.

C:\WINDOWS\DUMP47fc.tmp moved successfully.

C:\WINDOWS\DUMP2764.tmp moved successfully.

C:\WINDOWS\DUMP4368.tmp moved successfully.

C:\WINDOWS\DUMP8572.tmp moved successfully.

C:\WINDOWS\DUMP3faf.tmp moved successfully.

C:\WINDOWS\DUMP2dbd.tmp moved successfully.

C:\WINDOWS\DUMP49e0.tmp moved successfully.

C:\WINDOWS\DUMP59de.tmp moved successfully.

C:\WINDOWS\DUMP5402.tmp moved successfully.

C:\WINDOWS\DUMP5133.tmp moved successfully.

C:\WINDOWS\DUMP577c.tmp moved successfully.

C:\WINDOWS\DUMP3f80.tmp moved successfully.

C:\WINDOWS\DUMP5d1a.tmp moved successfully.

C:\WINDOWS\DUMP4fbc.tmp moved successfully.

C:\WINDOWS\DUMP48a7.tmp moved successfully.

C:\WINDOWS\DUMP359c.tmp moved successfully.

C:\WINDOWS\DUMP3de3.tmp moved successfully.

C:\WINDOWS\DUMP3a2a.tmp moved successfully.

C:\WINDOWS\DUMP668a.tmp moved successfully.

C:\WINDOWS\DUMP5cc6.tmp moved successfully.

C:\WINDOWS\DUMP6a43.tmp moved successfully.

C:\WINDOWS\DUMP5da6.tmp moved successfully.

C:\WINDOWS\DUMP4cbe.tmp moved successfully.

C:\WINDOWS\DUMP4e16.tmp moved successfully.

C:\WINDOWS\DUMP4759.tmp moved successfully.

C:\WINDOWS\DUMP3677.tmp moved successfully.

C:\WINDOWS\DUMP3ed4.tmp moved successfully.

C:\WINDOWS\DUMP42db.tmp moved successfully.

C:\WINDOWS\DUMP1d23.tmp moved successfully.

C:\WINDOWS\DUMP1999.tmp moved successfully.

C:\WINDOWS\DUMP59ed.tmp moved successfully.

 

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_131813

Rapport combofix :

ComboFix 08-06-16.5 - user 2008-06-20 13:23:52.2 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.230 [GMT 2:00]

Endroit: C:\Documents and Settings\user\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\user\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\Drivers\Mui03.sys

C:\WINDOWS\Tasks\Norton Security Scan.job

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\NetworkService\Bureau\bravesentry.lnk

C:\Documents and Settings\user\Bureau\bravesentry.lnk

C:\Program Files\Norton Security Scan

C:\Program Files\Norton Security Scan\ccL60U.dll

C:\Program Files\Norton Security Scan\ccScanw.dll

C:\Program Files\Norton Security Scan\ccVrTrst.dll

C:\Program Files\Norton Security Scan\dec_abi.dll

C:\Program Files\Norton Security Scan\DefUtDCD.dll

C:\Program Files\Norton Security Scan\ecmldr32.dll

C:\Program Files\Norton Security Scan\help.htm

C:\Program Files\Norton Security Scan\msl.dll

C:\Program Files\Norton Security Scan\msvcp71.dll

C:\Program Files\Norton Security Scan\msvcr71.dll

C:\Program Files\Norton Security Scan\Nss.exe

C:\Program Files\Norton Security Scan\NSS.exe.replace

C:\Program Files\Norton Security Scan\patch25d.dll

C:\Program Files\Norton Security Scan\SAUpdt.dll

C:\Program Files\Norton Security Scan\ScanCore.dll

C:\Program Files\Norton Security Scan\ScanRes.dll

C:\Program Files\Norton Security Scan\SKURes.dll

C:\WINDOWS\Tasks\Norton Security Scan.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_mui03

-------\Legacy_PNICML

-------\Service_mui03

-------\Service_pnicml

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-19 22:18 . 2008-05-03 05:46 219,669 --a------ C:\WINDOWS\system32\nvdspchs.chm

2008-06-19 22:18 . 2008-05-03 05:46 213,493 --a------ C:\WINDOWS\system32\nvdspcht.chm

2008-06-19 22:18 . 2008-06-20 13:03 182,038 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-19 22:18 . 2008-05-03 05:46 139,792 --a------ C:\WINDOWS\system32\nv3dcht.chm

2008-06-19 22:18 . 2008-05-03 05:46 134,133 --a------ C:\WINDOWS\system32\nv3dchs.chm

2008-06-19 22:18 . 2008-05-03 05:46 59,261 --a------ C:\WINDOWS\system32\nvmobcht.chm

2008-06-19 22:18 . 2008-05-03 05:46 58,607 --a------ C:\WINDOWS\system32\nvmobchs.chm

2008-06-19 21:10 . 2008-06-19 21:10 <REP> d-------- C:\_OTMoveIt

2008-06-19 14:56 . 2008-06-19 14:56 <REP> d-------- C:\HJT

2008-06-18 02:16 . 2008-06-18 02:16 <REP> d-------- C:\Program Files\Avira

2008-06-18 00:40 . 2008-06-18 00:40 <REP> d-------- C:\NVIDIA

2008-06-18 00:38 . 2008-06-18 00:38 <REP> d-------- C:\Pilote Nvidia

2008-06-18 00:38 . 2008-06-18 00:38 <REP> d-------- C:\NVMonitor

2008-06-18 00:38 . 2008-06-18 00:38 <REP> d-------- C:\NTUNE

2008-06-17 23:04 . 2008-06-17 23:04 <REP> d-------- C:\winfokeys

2008-06-17 22:31 . 2008-06-17 22:31 <REP> d--hs---- C:\FOUND.100

2008-06-17 22:02 . 2008-06-17 22:02 <REP> d-------- C:\Program Files\NVIDIA Corporation

2008-06-17 16:50 . 2008-06-17 16:51 <REP> d-------- C:\Program Files\Fichiers communs\supportsoft

2008-06-17 16:35 . 2008-06-17 16:35 31,542,424 --a------ C:\dell_support_center.exe

2008-06-16 21:50 . 2008-06-19 22:18 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-16 02:49 . 2008-06-16 02:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell

2008-06-16 01:43 . 2008-06-16 01:43 <REP> d-------- C:\WINDOWS\nvidia icons

2008-06-16 00:47 . 2008-06-16 00:47 <REP> d-------- C:\Program Files\Opera

2008-06-16 00:44 . 2008-06-16 00:44 8,926,832 --a------ C:\Opera_950_in_Setup.exe

2008-06-15 20:52 . 2008-06-15 20:52 <REP> d-------- C:\Program Files\xp-AntiSpy

2008-06-15 20:51 . 2008-06-15 20:51 348,112 --a------ C:\xp-AntiSpy_setup-french.exe

2008-06-14 09:43 . 2008-06-14 09:43 <REP> d-------- C:\Program Files\backups

2008-06-14 09:37 . 2008-06-14 09:37 <REP> d-------- C:\backups

2008-06-14 08:18 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 08:18 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 07:43 . 2008-06-14 07:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-14 07:11 . 2006-05-19 15:23 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-10 05:29 . 2008-06-10 05:29 <REP> d-------- C:\Program Files\Lavalys

2008-06-10 05:29 . 2008-06-10 05:29 4,179,293 --a------ C:\everesthome220.exe

2008-06-09 12:24 . 2008-06-09 12:24 <REP> d-------- C:\Program Files\HolyGloryOnline

2008-06-09 11:58 . 2008-06-09 12:20 1,276,171,667 --a------ C:\Program Files\HolyGlory.exe

2008-06-08 19:44 . 2008-06-08 19:44 <REP> d-------- C:\Program Files\Seagrand

2008-06-08 19:36 . 2008-06-18 01:00 51 --a------ C:\WINDOWS\Graphex3.ini

2008-06-08 19:35 . 2008-06-08 19:35 <REP> d-------- C:\Program Files\Graphex3

2008-06-08 18:53 . 2008-06-10 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-08 18:53 . 2008-06-08 18:53 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-08 16:28 . 2008-06-08 16:28 1,495,112 --a------ C:\Program Files\install_flash_player.exe

2008-06-06 19:03 . 2008-06-06 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-06 18:39 . 2008-06-06 18:39 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-06-06 18:39 . 2008-06-06 18:39 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared

2008-06-06 18:39 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-06-06 18:39 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-06-06 18:38 . 2008-05-23 14:38 5,970,177 --a------ C:\Program Files\ZHP 2.27.exe

2008-06-06 17:56 . 2008-06-06 17:56 <REP> d-------- C:\InstallXP

2008-06-06 17:13 . 2008-06-06 17:13 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-06-04 19:00 . 2008-06-04 19:00 <REP> d--hs---- C:\FOUND.042

2008-06-04 13:37 . 2008-06-04 13:37 <REP> d--hs---- C:\FOUND.041

2008-06-04 12:27 . 2008-06-04 12:27 <REP> d--hs---- C:\FOUND.040

2008-06-03 21:29 . 2008-06-03 21:29 <REP> d--hs---- C:\FOUND.039

2008-06-03 21:25 . 2008-06-03 21:25 <REP> d--hs---- C:\FOUND.038

2008-06-03 17:44 . 2008-06-03 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield

2008-06-03 17:38 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl

2008-06-03 17:30 . 2008-04-22 17:00 1,960,809,098 --a------ C:\Program Files\Rappelz_FR.exe

2008-06-03 17:15 . 2008-06-03 17:15 <REP> d--hs---- C:\FOUND.037

2008-06-03 16:37 . 2008-06-03 16:37 50 --a------ C:\WINDOWS\MegaManager.INI

2008-06-02 19:41 . 2008-06-02 19:41 <REP> d--hs---- C:\FOUND.036

2008-06-02 19:36 . 2008-06-02 19:36 <REP> d--hs---- C:\FOUND.035

2008-06-02 19:20 . 2008-06-02 19:20 2,624 --a------ C:\WINDOWS\system32\rtqibuje.exe

2008-06-02 19:14 . 2008-06-02 19:15 4,513,302 ---hs---- C:\WINDOWS\system32\snrqbumc.ini

2008-06-02 19:14 . 2008-06-02 19:14 94,784 --a------ C:\WINDOWS\system32\cmubqrns.dll

2008-06-02 19:00 . 2008-06-02 19:00 104,512 --a------ C:\WINDOWS\system32\qcesqpus.dll

2008-06-02 18:50 . 2008-06-02 18:50 <REP> d--hs---- C:\FOUND.034

2008-06-02 18:46 . 2008-06-02 18:46 <REP> d--hs---- C:\FOUND.033

2008-06-02 16:24 . 2008-06-02 18:54 4,501,908 ---hs---- C:\WINDOWS\system32\hrnfrcnc.ini

2008-06-02 16:03 . 2008-06-02 16:03 <REP> d--hs---- C:\FOUND.032

2008-06-02 15:56 . 2008-06-02 15:56 <REP> d--hs---- C:\FOUND.031

2008-06-01 17:51 . 2008-06-01 17:51 <REP> d--hs---- C:\FOUND.030

2008-05-31 12:43 . 2008-05-31 12:43 <REP> d--hs---- C:\FOUND.029

2008-05-31 12:33 . 2008-05-31 12:33 <REP> d--hs---- C:\FOUND.028

2008-05-31 12:05 . 2008-05-31 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-05-30 22:24 . 2008-05-30 22:24 <REP> d--hs---- C:\FOUND.027

2008-05-30 19:39 . 2008-05-30 19:39 <REP> d--hs---- C:\FOUND.026

2008-05-30 18:42 . 2008-05-30 18:42 <REP> d--hs---- C:\FOUND.025

2008-05-30 16:25 . 2008-05-30 16:25 <REP> d--hs---- C:\FOUND.024

2008-05-30 13:47 . 2008-06-19 17:57 14,336 --a------ C:\WINDOWS\system32\WinCtrl32_0001.dll

2008-05-30 13:47 . 2008-05-30 13:47 12,800 --a------ C:\WINDOWS\system32\WinNt32.hui

2008-05-24 20:29 . 2008-05-25 16:45 572 ---hs---- C:\WINDOWS\system32\yjkluswx.ini

2008-05-23 16:46 . 2008-05-23 16:47 34,304 --a------ C:\WINDOWS\system32\mshtms.dll

2008-05-22 16:11 . 2008-05-22 16:11 <REP> d--hs---- C:\FOUND.023

2008-05-21 20:13 . 2008-05-21 20:13 <REP> d--hs---- C:\FOUND.022

2008-05-20 13:02 . 2008-05-20 13:02 <REP> d--hs---- C:\FOUND.021

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-17 16:57 5,517 ----a-w C:\Program Files\hijackthis.log

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-08 01:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-07 10:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-05-07 10:30 --------- d-----w C:\Program Files\Windows Live Favorites

2008-05-07 10:14 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-05-07 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2008-04-24 11:43 93,248 ----a-w C:\WINDOWS\system32\iwdgkfed.dll

2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2008-04-11 07:47 430,080 ----a-w C:\WINDOWS\ntuneoem.dll

2008-04-11 07:47 29,952 ----a-w C:\WINDOWS\nvoclock.sys

2008-04-09 20:52 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2007-06-26 06:38 3,997,266 ----a-w C:\Program Files\AlertInfo20Setup.exe

2007-02-08 00:10 14,705,768 ----a-w C:\Program Files\DivXInstaller.exe

2007-02-08 00:09 693,840 ----a-w C:\Program Files\wmv9VCMsetup.exe

2007-01-12 14:59 150,016 --sha-w C:\Program Files\Thumbs.db

2006-04-29 12:48 1,179 ----a-w C:\Program Files\!llusion.txt

2002-07-09 14:44 786 ----a-w C:\Program Files\qvgdm2.ccd

2002-07-09 14:44 70 ----a-w C:\Program Files\qvgdm2.cue

2002-07-09 14:44 450,099,888 ----a-w C:\Program Files\qvgdm2.img

2002-07-09 14:44 18,371,424 ----a-w C:\Program Files\qvgdm2.sub

2008-03-03 15:32 3,507,272 --sh--w C:\WINDOWS\setup2.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-19_21.31.03.15 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-19 19:29:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-20 11:27:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-03 03:46:00 6,108,160 ----a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll

+ 2008-05-03 03:46:00 6,554,496 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys

+ 2008-05-03 03:46:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

+ 2008-05-03 03:46:00 425,984 ----a-w C:\WINDOWS\system32\nvapi.dll

+ 2008-05-03 03:46:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

+ 2008-05-03 03:46:00 41,984 ----a-w C:\WINDOWS\system32\nvcod.dll

+ 2008-05-03 03:46:00 41,984 ----a-w C:\WINDOWS\system32\nvcodins.dll

+ 2008-05-03 03:46:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

+ 2008-05-03 03:46:00 13,529,088 ----a-w C:\WINDOWS\system32\nvcpl.dll

+ 2008-05-03 03:46:00 1,241,088 ----a-w C:\WINDOWS\system32\nvcuda.dll

+ 2008-05-03 03:46:00 6,582,272 ----a-w C:\WINDOWS\system32\nvdisps.dll

+ 2008-05-03 03:46:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

+ 2008-05-03 03:46:00 3,391,488 ----a-w C:\WINDOWS\system32\nvgames.dll

+ 2008-05-03 03:46:00 1,486,848 ----a-w C:\WINDOWS\system32\nview.dll

+ 2008-05-03 03:46:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

+ 2008-05-03 03:46:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

+ 2008-05-03 03:46:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

+ 2008-05-03 03:46:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll

+ 2008-05-03 03:46:00 1,257,472 ----a-w C:\WINDOWS\system32\nvmobls.dll

+ 2008-05-03 03:46:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

+ 2008-05-03 03:46:00 8,769,536 ----a-w C:\WINDOWS\system32\nvoglnt.dll

+ 2008-05-03 03:46:00 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll

+ 2008-05-03 03:46:00 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll

+ 2008-05-03 03:46:00 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll

+ 2008-05-03 03:46:00 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll

+ 2008-05-03 03:46:00 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll

+ 2008-05-03 03:46:00 249,856 ----a-w C:\WINDOWS\system32\nvrseng.dll

+ 2008-05-03 03:46:00 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll

+ 2008-05-03 03:46:00 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll

+ 2008-05-03 03:46:00 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll

+ 2008-05-03 03:46:00 286,720 ----a-w C:\WINDOWS\system32\nvrsfr.dll

+ 2008-05-03 03:46:00 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll

+ 2008-05-03 03:46:00 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll

+ 2008-05-03 03:46:00 282,624 ----a-w C:\WINDOWS\system32\nvrsit.dll

+ 2008-05-03 03:46:00 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll

+ 2008-05-03 03:46:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll

+ 2008-05-03 03:46:00 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll

+ 2008-05-03 03:46:00 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll

+ 2008-05-03 03:46:00 258,048 ----a-w C:\WINDOWS\system32\nvrspl.dll

+ 2008-05-03 03:46:00 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll

+ 2008-05-03 03:46:00 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll

+ 2008-05-03 03:46:00 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll

+ 2008-05-03 03:46:00 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll

+ 2008-05-03 03:46:00 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll

+ 2008-05-03 03:46:00 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll

+ 2008-05-03 03:46:00 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll

+ 2008-05-03 03:46:00 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll

+ 2008-05-03 03:46:00 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll

+ 2008-05-03 03:46:00 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll

+ 2008-05-03 03:46:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

+ 2008-05-03 03:46:00 159,812 ----a-w C:\WINDOWS\system32\nvsvc32.exe

+ 2008-05-03 03:46:00 442,368 ----a-w C:\WINDOWS\system32\nvudisp.exe

+ 2008-05-03 03:46:00 442,368 ----a-w C:\WINDOWS\system32\nvuninst.exe

+ 2008-05-03 03:46:00 3,776,512 ----a-w C:\WINDOWS\system32\nvvitvs.dll

+ 2008-05-03 03:46:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

+ 2008-05-03 03:46:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

+ 2008-05-03 03:46:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

+ 2008-05-03 03:46:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll

+ 2008-05-03 03:46:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll

+ 2008-05-03 03:46:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll

+ 2008-05-03 03:46:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

+ 2008-05-03 03:46:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

+ 2008-05-03 03:46:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll

+ 2008-05-03 03:46:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

+ 2008-05-03 03:46:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

+ 2008-05-03 03:46:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll

+ 2008-05-03 03:46:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

+ 2008-05-03 03:46:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll

+ 2008-05-03 03:46:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

+ 2008-05-03 03:46:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

+ 2008-05-03 03:46:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll

+ 2008-05-03 03:46:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll

+ 2008-05-03 03:46:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll

+ 2008-05-03 03:46:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll

+ 2008-05-03 03:46:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll

+ 2008-05-03 03:46:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll

+ 2008-05-03 03:46:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

+ 2008-05-03 03:46:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

+ 2008-05-03 03:46:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll

+ 2008-05-03 03:46:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll

+ 2008-05-03 03:46:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll

+ 2008-05-03 03:46:00 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll

+ 2008-05-03 03:46:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

+ 2008-05-03 03:46:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll

+ 2008-05-03 03:46:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll

+ 2008-05-03 03:46:00 2,629,632 ----a-w C:\WINDOWS\system32\nvwss.dll

+ 2008-05-03 03:46:00 1,630,208 ----a-w C:\WINDOWS\system32\nwiz.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:09 15360]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 09:44 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]

"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:09 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Google\\Google Earth\\googleearth.exe"=

"C:\\Program Files\\Weezo\\bin\\Weezo.exe"=

"C:\\Program Files\\Weezo\\Apache\\bin\\WeezoHttpd.exe"=

"C:\\WINDOWS\\System32\\LEXPPS.EXE"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\condition zero deleted scenes\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\counter-strike\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\lartak\\dedicated server\\hlds.exe"=

"C:\\Program Files\\MOZILLA.ORG\\Mozilla\\mozilla.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\xchat\\xchat.exe"=

"C:\\WINDOWS\\WinVNC.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"0:TCP"= 0:TCP:BND

":TCP"= :TCP:BNDFTP

 

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys []

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-04 18:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-20 03:33:02 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-20 13:27:17

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\controlset004\Services\EverestDriver]

"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\LEXBCES.EXE

C:\WINDOWS\SYSTEM32\LEXPPS.EXE

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

C:\WINDOWS\SYSTEM32\FTRTSVC.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\PROGRAM FILES\NVIDIA CORPORATION\NTUNE\NTUNESERVICE.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-20 13:28:55 - machine was rebooted [user]

ComboFix-quarantined-files.txt 2008-06-20 11:28:54

ComboFix2.txt 2008-06-19 19:31:22

 

Pre-Run: 2,942,271,488 octets libres

Post-Run: 2,928,312,320 octets libres

 

346 --- E O F --- 2008-06-15 12:24:04

Posté(e)

:P

 

• supprime MBR.exe et son\ses rapports

 

• j'ai besoin que tu fasses analyser chez jotti ou là http://www.virustotal.com/

Vas sur le site http://virusscan.jotti.org/ou http://www.virustotal.com/

  • Clique en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ces fichiers :
    C:\WINDOWS\system32\mshtms.dllC:\WINDOWS\system32\iwdgkfed.dll
  • Clique sur submit toujours en haut à droite
  • Le scan va se lancer, ça va prendre un petit instant
  • A la fin du scan, un rapport va apparaître : Copie/Colle le résultat complet du scan dans un fichier texte
  • Poste ce fichier dans ta prochaine réponse

ATTENTION de bien prendre le résultat du scan de ton fichier (le nom du fichier apparaît en haut) et non le scan fait avant le tiens!

Aide : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId662799

Posté(e)

Rapport mshtms.dll :

File: mshtms.dll

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: a914db7453bd87345ca23b1140acea30

Packers detected: PE_PATCH.UPX, UPX

mshtms.dll-440172.jpg

Rapport iwdgkfed.dll :

File: iwdgkfed.dll

Status: INFECTED/MALWARE

MD5: 6d799f7efe0a561b9e52328428486e90

Packers detected: -

iwdgkfed.dll-4401fd.jpg

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...