Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu] très désagréablement infecté

jude18

Par jude18
dans Analyses et éradication malwares

 Partager

Messages recommandés

jude18 Power Member

jude18

Posté(e)
Posté(e) (modifié)

Bonjour je suis infecté par virtumonde depuis 2 jours... Habituellement j'arrive à me débrouiller mais là c'est dur.. entre ralentissemet et mozilla qui ne réponds plus, le clavier qui répond une fois sur deux...

voici mon rapport Hijackthis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45:29, on 25/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Julien\Bureau\mwav\mwavscan.com

C:\Documents and Settings\Julien\Bureau\mwav\kavss.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\IZArc\IZArc.exe

C:\DOCUME~1\Julien\LOCALS~1\Temp\ARC94D\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} - C:\WINDOWS\system32\ssQJDSii.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AE1C822A-E94D-44C4-9AA4-6A94AD699212} - C:\WINDOWS\system32\urqNHWpo.dll (file missing)

O2 - BHO: {d7b4498e-2785-b928-fb54-e765f63e70fe} - {ef07e36f-567e-45bf-829b-5872e8944b7d} - C:\WINDOWS\system32\jqvnqvum.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [bM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\pelltkfe.dll",s

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfert par Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212431502580

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212431638690

O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFEAABE-27B1-44C1-90DA-686FAFC4121D}: NameServer = 80.10.246.2,80.10.246.129

O20 - Winlogon Notify: ssQJDSii - C:\WINDOWS\SYSTEM32\ssQJDSii.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 8634 bytes

 

 

merci our vos réponse

Modifié par jude18

angelique Devil Member !

angelique

Posté(e)
Posté(e)

1• desinstalle avast via ajout\supp de programmes , on réinstallera antivir en fin de desinfection , telecharge le deja mais ne l'installe pas » http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

 

2• HijackThis est mal placé!!!!

 

creer un nouveau dossier en c:\ nommé HJT

telecharger HijackThis.exe dans ce nouveau dossier crée::

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

 

la lancer, Choisis l'option "Do a system scan only" , coche les lignes ci dessous et clic Fixchecked:

 

O2 - BHO: (no name) - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} - C:\WINDOWS\system32\ssQJDSii.dll

O2 - BHO: (no name) - {AE1C822A-E94D-44C4-9AA4-6A94AD699212} - C:\WINDOWS\system32\urqNHWpo.dll (file missing)

O2 - BHO: {d7b4498e-2785-b928-fb54-e765f63e70fe} - {ef07e36f-567e-45bf-829b-5872e8944b7d} - C:\WINDOWS\system32\jqvnqvum.dll

O4 - HKLM\..\Run: [bM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\pelltkfe.dll",s

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

 

 

==> clic fixchecked

 

3• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

» ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\ssQJDSii.dll
C:\WINDOWS\system32\jqvnqvum.dll
C:\WINDOWS\system32\pelltkfe.dll

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

jude18 Power Member

jude18

Posté(e)
  • Auteur
Posté(e)

voilà c'est effectué:

 

 

ComboFix 08-06-20.4 - Julien 2008-06-25 17:08:52.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.510 [GMT 2:00]

Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Julien\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM5796bdc3.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\opWHNqru.ini

C:\WINDOWS\system32\opWHNqru.ini2

C:\WINDOWS\system32\xmklqjvf.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-25 17:16 . 2008-06-25 17:16 294 ---hs---- C:\WINDOWS\system32\xmklqjvf.ini

2008-06-25 17:15 . 2008-06-25 17:16 122,276 --a------ C:\WINDOWS\BM5796bdc3.xml

2008-06-25 17:15 . 2008-06-25 17:15 22 --a------ C:\WINDOWS\pskt.ini

2008-06-25 17:01 . 2008-06-25 17:04 <REP> d-------- C:\HJT

2008-06-25 15:14 . 2008-06-25 16:44 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-06-25 14:04 . 2008-06-25 14:04 99,840 --a------ C:\WINDOWS\system32\jqvnqvum.dll

2008-06-25 14:01 . 2008-06-25 14:01 99,840 --a------ C:\WINDOWS\system32\iveqtfvb.dll

2008-06-25 14:01 . 2008-06-25 14:01 91,136 --a------ C:\WINDOWS\system32\pelltkfe.dll

2008-06-25 14:01 . 2008-06-25 14:01 81,920 --a------ C:\WINDOWS\system32\fvjqlkmx.dll

2008-06-25 14:00 . 2008-06-25 14:00 323,072 --------- C:\WINDOWS\system32\urqNHWpo.dll_old

2008-06-25 13:59 . 2008-06-25 13:59 <REP> d-------- C:\Bases

2008-06-25 02:25 . 2008-06-24 01:11 <REP> d-------- C:\SDFix

2008-06-25 01:54 . 2008-06-25 01:54 <REP> d-------- C:\VundoFix Backups

2008-06-24 12:26 . 2008-06-24 12:26 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-06-24 12:26 . 2008-06-24 12:26 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared

2008-06-24 12:26 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-06-24 12:26 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-06-24 12:26 . 2008-06-25 02:22 13,030 --a------ C:\PDOXUSRS.NET

2008-06-24 12:19 . 2008-06-25 13:38 1,834 --a------ C:\WINDOWS\system32\tmp.reg

2008-06-24 12:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-06-24 12:18 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-06-24 12:18 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-06-24 12:18 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-06-24 12:18 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-06-24 12:18 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe

2008-06-24 12:18 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-06-24 12:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-06-24 12:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-06-24 11:32 . 2008-06-24 11:32 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-24 11:32 . 2008-06-25 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-24 10:52 . 2008-06-24 10:52 98 --a------ C:\WINDOWS\WirelessFTP.INI

2008-06-23 14:02 . 2008-06-23 14:02 25,600 --a------ C:\WINDOWS\system32\ssQJDSii.dll

2008-06-20 00:04 . 2008-06-23 14:02 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Azureus

2008-06-20 00:04 . 2008-06-20 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-06-20 00:02 . 2008-06-23 13:29 <REP> d-------- C:\Program Files\Azureus

2008-06-19 17:53 . 2008-06-19 17:53 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Toshiba

2008-06-18 20:41 . 2008-06-18 20:41 <REP> d-------- C:\Program Files\VideoLAN

2008-06-18 18:56 . 2008-06-18 19:00 <REP> d-------- C:\Documents and Settings\Julien\MUTE

2008-06-17 03:19 . 2008-06-17 03:19 <REP> d-------- C:\Program Files\Windows Media Connect 2

2008-06-17 03:16 . 2008-06-17 03:17 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-16 14:00 . 2008-06-19 00:51 <REP> d-------- C:\Documents and Settings\Julien\Application Data\vlc

2008-06-12 23:10 . 2008-06-12 23:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-12 23:06 . 2006-10-18 21:47 2,450,944 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-06-12 23:06 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 23:06 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-08 00:51 . 2008-06-08 00:51 <REP> d-------- C:\Program Files\NVIDIA Corporation

2008-06-08 00:50 . 2008-06-08 00:50 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-06-08 00:41 . 2007-12-05 07:41 1,703,936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2008-06-08 00:40 . 2008-06-08 00:40 <REP> d-------- C:\Program Files\Nvidia Omega Drivers

2008-06-08 00:40 . 2008-06-08 00:40 472,576 --a------ C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe

2008-06-08 00:25 . 2008-04-28 20:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys

2008-06-08 00:23 . 2008-06-08 00:30 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-07 23:40 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll

2008-06-07 23:40 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll

2008-06-07 23:40 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll

2008-06-07 23:40 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll

2008-06-07 23:40 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll

2008-06-07 23:40 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll

2008-06-07 23:40 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll

2008-06-07 23:39 . 2008-06-07 23:39 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2008-06-07 23:38 . 2008-06-07 23:38 <REP> d-------- C:\WINDOWS\Logs

2008-06-07 03:34 . 2008-04-10 17:07 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-07 03:31 . 2008-04-14 01:20 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-06-07 03:31 . 2008-06-08 19:04 160,371 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-07 03:31 . 2007-12-05 07:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-06-07 03:18 . 2008-04-14 04:03 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys

2008-06-07 03:18 . 2008-04-14 04:03 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys

2008-06-07 02:52 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2008-06-07 02:38 . 2008-06-07 02:37 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-06-07 02:25 . 2008-06-07 02:25 1,169 --a------ C:\WINDOWS\mozver.dat

2008-06-06 23:49 . 2008-06-06 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-06-06 23:47 . 2008-06-08 00:43 <REP> d-------- C:\WINDOWS\nview

2008-06-06 22:30 . 2008-06-06 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters

2008-06-06 22:29 . 2008-06-06 22:29 <REP> d-------- C:\Program Files\OpenAL

2008-06-05 10:33 . 2008-06-05 10:33 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Talkback

2008-06-05 10:33 . 2008-06-05 10:33 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-05 10:28 . 2008-06-24 22:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-05 10:28 . 2008-06-05 10:28 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Malwarebytes

2008-06-05 10:28 . 2008-06-05 10:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-05 10:28 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-05 10:28 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-03 17:27 . 2008-06-03 17:27 <REP> d--hs---- C:\Diskeeper

2008-06-03 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-03 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-03 14:02 . 2008-06-03 14:02 0 --a------ C:\Documents and Settings\Julien\Application Data\wklnhst.dat

2008-06-03 13:59 . 2008-06-03 13:59 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio

2008-06-03 13:59 . 2008-06-03 13:59 <REP> d-------- C:\Documents and Settings\Julien\Application Data\sony

2008-06-03 13:50 . 2007-12-05 07:41 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll

2008-06-03 13:41 . 2008-06-03 13:41 <REP> d-------- C:\Documents and Settings\Julien\Application Data\InterVideo

2008-06-03 04:20 . 2008-06-17 03:16 <REP> d-------- C:\WINDOWS\system32\LogFiles

2008-06-03 04:14 . 2008-06-03 04:14 <REP> d-------- C:\Program Files\Alwil Software

2008-06-03 03:18 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-06-03 02:51 . 2008-06-03 02:51 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-06-03 02:49 . 2008-06-03 02:49 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Sonic

2008-06-03 02:48 . 2008-06-03 02:48 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Leadertech

2008-06-03 02:36 . 2008-06-25 14:31 <REP> d-------- C:\Program Files\Codemasters

2008-06-03 02:35 . 2008-06-03 02:35 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-06-03 02:30 . 2008-06-03 02:30 <REP> d-------- C:\Program Files\Lavalys

2008-06-03 02:09 . 2008-06-03 02:09 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-06-03 02:09 . 2008-06-03 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe

2008-06-03 02:08 . 2008-06-03 02:08 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-06-03 02:08 . 2008-06-03 02:08 21,361 --a------ C:\WINDOWS\AegisP.sys

2008-06-03 02:08 . 2008-06-03 02:08 13,984 --a------ C:\WINDOWS\AegisP.inf

2008-06-03 02:08 . 2008-06-03 02:08 10,640 --a------ C:\WINDOWS\AegisP.cat

2008-06-03 02:07 . 2008-06-03 02:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel

2008-06-03 02:07 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll

2008-06-03 02:07 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys

2008-06-03 02:07 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll

2008-06-03 02:07 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-06-03 01:30 . 2008-06-03 01:30 <REP> d-------- C:\Program Files\SystemRequirementsLab

2008-06-03 01:22 . 2008-06-03 01:22 <REP> d-------- C:\Program Files\IZArc

2008-06-03 01:20 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-03 01:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-03 01:20 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-03 01:20 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-03 01:20 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-03 01:20 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-03 01:20 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-03 01:20 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-03 01:20 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 15:14 --------- d-----w C:\Program Files\Google

2008-06-20 10:39 180 ----a-w C:\WINDOWS\system32\drivers\sthdae.log

2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 16:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-08 16:54 --------- d-----w C:\Program Files\Sony

2008-06-08 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-06-07 21:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-06-07 21:40 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared

2008-06-03 11:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sony Corporation

2008-06-02 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-14 02:34 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

2008-04-14 02:34 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 02:34 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe

2008-04-14 02:34 172,544 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 02:34 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe

2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-25_ 2.17.04.75 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-25 13:15:13 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll

+ 2008-06-25 13:15:13 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll

+ 2008-06-25 13:15:13 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll

+ 2008-06-25 13:15:16 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll

+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll

+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll

+ 2008-06-25 13:15:16 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll

+ 2008-06-25 13:15:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll

+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

- 2008-06-25 00:11:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-25 15:14:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll

+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll

- 2008-06-19 09:47:15 287,704 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-06-25 15:14:13 286,904 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-06-24 09:11:31 70,226 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-25 11:59:20 70,226 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-24 09:11:31 86,282 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-06-25 11:59:21 86,282 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-06-24 09:11:31 419,228 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-25 11:59:20 419,228 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-24 09:11:31 490,030 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-25 11:59:21 490,030 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-25 15:14:42 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_1d4.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}]

2008-06-23 14:02 25600 --a------ C:\WINDOWS\system32\ssQJDSii.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE1C822A-E94D-44C4-9AA4-6A94AD699212}]

C:\WINDOWS\system32\urqNHWpo.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]

"nwiz"="nwiz.exe" [2007-12-05 07:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"54a58e5f"="C:\WINDOWS\system32\fvjqlkmx.dll" [2008-06-25 14:01 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 07:41 8523776]

"BM5796bdc3"="C:\WINDOWS\system32\pelltkfe.dll" [2008-06-25 14:01 91136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}"= C:\WINDOWS\system32\ssQJDSii.dll [2008-06-23 14:02 25600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssQJDSii]

ssQJDSii.dll 2008-06-23 14:02 25600 C:\WINDOWS\system32\ssQJDSii.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Documents and Settings\\Julien\\Bureau\\mwav\\kavupd.exe"=

 

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]

R4 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys []

S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-04-28 20:25]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]

S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-14 10:13]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 17:15:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

C:\WINDOWS\system32\xmklqjvf.ini 294 bytes

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 1

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\ssQJDSii.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

-> C:\WINDOWS\system32\fvjqlkmx.dll

-> C:\WINDOWS\system32\pelltkfe.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Apoint\ApntEx.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-25 17:20:28 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-25 15:20:21

ComboFix2.txt 2008-06-25 12:01:34

ComboFix3.txt 2008-06-25 00:17:52

 

Pre-Run: 46,350,761,984 octets libres

Post-Run: 46,397,603,840 octets libres

 

291 --- E O F --- 2008-06-20 07:23:54

angelique Devil Member !

angelique

Posté(e)
Posté(e)

je suis desolée , j'ai pas mis le switch File:: :P dans le precedent CFScript ;o)

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

 

http://forum.zebulon.fr/tres-desagreablement-infecte-t146951.html
Collect::
C:\WINDOWS\system32\ssQJDSii.dll
C:\WINDOWS\system32\jqvnqvum.dll
C:\WINDOWS\system32\iveqtfvb.dll
C:\WINDOWS\system32\pelltkfe.dll
C:\WINDOWS\system32\fvjqlkmx.dll

File::
C:\WINDOWS\system32\xmklqjvf.ini
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\urqNHWpo.dll_old
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe

Folder::
C:\Bases
C:\SDFix
C:\VundoFix Backups
C:\Documents and Settings\Julien\Bureau\mwav

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE1C822A-E94D-44C4-9AA4-6A94AD699212}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"54a58e5f"=-
"BM5796bdc3"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssQJDSii]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

- Un fichier zippé sera créé sur le bureau de l'utilisateur > [4]-Submit_Date_Time.zip

- Un autre fichier est ajouté à présent sur le bureau > CF-Submit.htm

 

Lorsque CF termine son travail, il affiche le rapport CF > si le fichier CF-Submit.htm est détecté, le message suivant va s'afficher >

 

CF-Submit_notice.gif

 

 

*clique sur [OK], le navigateur va charger CF-Submit.htm comme ceci >

 

CF-Submit.gif

 

*copier/coller le chemin du fichier dans la boite et à cliquer sur [OK][sendFile] et rien d'autre!

jude18 Power Member

jude18

Posté(e)
  • Auteur
Posté(e)

voici le rapport:

 

ComboFix 08-06-20.4 - Julien 2008-06-25 20:56:41.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.622 [GMT 2:00]

Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Julien\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\BM5796bdc3.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.C.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\urqNHWpo.dll_old

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\system32\xmklqjvf.ini

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Bases

C:\Documents and Settings\Julien\Bureau\mwav

C:\Documents and Settings\Julien\Bureau\mwav\0004960D.key

C:\Documents and Settings\Julien\Bureau\mwav\0005DA77.key

C:\Documents and Settings\Julien\Bureau\mwav\0006C9D5.key

C:\Documents and Settings\Julien\Bureau\mwav\00184596.key

C:\Documents and Settings\Julien\Bureau\mwav\00184597.key

C:\Documents and Settings\Julien\Bureau\mwav\01FA0F93.key

C:\Documents and Settings\Julien\Bureau\mwav\101_45095.klc

C:\Documents and Settings\Julien\Bureau\mwav\102_4060.klc

C:\Documents and Settings\Julien\Bureau\mwav\102_45097.klc

C:\Documents and Settings\Julien\Bureau\mwav\125_45027.klc

C:\Documents and Settings\Julien\Bureau\mwav\7_45097.klc

C:\Documents and Settings\Julien\Bureau\mwav\advware.avc

C:\Documents and Settings\Julien\Bureau\mwav\avcmhk5.mhk

C:\Documents and Settings\Julien\Bureau\mwav\avp.klb

C:\Documents and Settings\Julien\Bureau\mwav\avp.set

C:\Documents and Settings\Julien\Bureau\mwav\avp.vnd

C:\Documents and Settings\Julien\Bureau\mwav\avp0406.avc

C:\Documents and Settings\Julien\Bureau\mwav\backdoor.avc

C:\Documents and Settings\Julien\Bureau\mwav\base001.avc

C:\Documents and Settings\Julien\Bureau\mwav\base001c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base002.avc

C:\Documents and Settings\Julien\Bureau\mwav\base002c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base003.avc

C:\Documents and Settings\Julien\Bureau\mwav\base003c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base004.avc

C:\Documents and Settings\Julien\Bureau\mwav\base004c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base005.avc

C:\Documents and Settings\Julien\Bureau\mwav\base005c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base006.avc

C:\Documents and Settings\Julien\Bureau\mwav\base006c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base007.avc

C:\Documents and Settings\Julien\Bureau\mwav\base007c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base008.avc

C:\Documents and Settings\Julien\Bureau\mwav\base008c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base009.avc

C:\Documents and Settings\Julien\Bureau\mwav\base009c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base010.avc

C:\Documents and Settings\Julien\Bureau\mwav\base010c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base011.avc

C:\Documents and Settings\Julien\Bureau\mwav\base011c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base012.avc

C:\Documents and Settings\Julien\Bureau\mwav\base012c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base013.avc

C:\Documents and Settings\Julien\Bureau\mwav\base013c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base014.avc

C:\Documents and Settings\Julien\Bureau\mwav\base014c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base015.avc

C:\Documents and Settings\Julien\Bureau\mwav\base015c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base016.avc

C:\Documents and Settings\Julien\Bureau\mwav\base016c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base017.avc

C:\Documents and Settings\Julien\Bureau\mwav\base017c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base018.avc

C:\Documents and Settings\Julien\Bureau\mwav\base018c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base019.avc

C:\Documents and Settings\Julien\Bureau\mwav\base019c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base020.avc

C:\Documents and Settings\Julien\Bureau\mwav\base020c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base021.avc

C:\Documents and Settings\Julien\Bureau\mwav\base021c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base022.avc

C:\Documents and Settings\Julien\Bureau\mwav\base022c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base023.avc

C:\Documents and Settings\Julien\Bureau\mwav\base023c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base024.avc

C:\Documents and Settings\Julien\Bureau\mwav\base024c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base025.avc

C:\Documents and Settings\Julien\Bureau\mwav\base025c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base026.avc

C:\Documents and Settings\Julien\Bureau\mwav\base026c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base027.avc

C:\Documents and Settings\Julien\Bureau\mwav\base027c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base028.avc

C:\Documents and Settings\Julien\Bureau\mwav\base028c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base029.avc

C:\Documents and Settings\Julien\Bureau\mwav\base029c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base030.avc

C:\Documents and Settings\Julien\Bureau\mwav\base030c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base031.avc

C:\Documents and Settings\Julien\Bureau\mwav\base031c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base032.avc

C:\Documents and Settings\Julien\Bureau\mwav\base032c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base033.avc

C:\Documents and Settings\Julien\Bureau\mwav\base033c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base034.avc

C:\Documents and Settings\Julien\Bureau\mwav\base034c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base035.avc

C:\Documents and Settings\Julien\Bureau\mwav\base035c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base036.avc

C:\Documents and Settings\Julien\Bureau\mwav\base036c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base037.avc

C:\Documents and Settings\Julien\Bureau\mwav\base037c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base038.avc

C:\Documents and Settings\Julien\Bureau\mwav\base038c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base039.avc

C:\Documents and Settings\Julien\Bureau\mwav\base039c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base040.avc

C:\Documents and Settings\Julien\Bureau\mwav\base040c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base041.avc

C:\Documents and Settings\Julien\Bureau\mwav\base041c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base042.avc

C:\Documents and Settings\Julien\Bureau\mwav\base042c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base043.avc

C:\Documents and Settings\Julien\Bureau\mwav\base043c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base044.avc

C:\Documents and Settings\Julien\Bureau\mwav\base044c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base045.avc

C:\Documents and Settings\Julien\Bureau\mwav\base045c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base046.avc

C:\Documents and Settings\Julien\Bureau\mwav\base046c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base047.avc

C:\Documents and Settings\Julien\Bureau\mwav\base047c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base048.avc

C:\Documents and Settings\Julien\Bureau\mwav\base048c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base049.avc

C:\Documents and Settings\Julien\Bureau\mwav\base049c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base050.avc

C:\Documents and Settings\Julien\Bureau\mwav\base050c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base051.avc

C:\Documents and Settings\Julien\Bureau\mwav\base051c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base052.avc

C:\Documents and Settings\Julien\Bureau\mwav\base052c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base053.avc

C:\Documents and Settings\Julien\Bureau\mwav\base053c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base054.avc

C:\Documents and Settings\Julien\Bureau\mwav\base054c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base055.avc

C:\Documents and Settings\Julien\Bureau\mwav\base055c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base056.avc

C:\Documents and Settings\Julien\Bureau\mwav\base056c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base057.avc

C:\Documents and Settings\Julien\Bureau\mwav\base057c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base058.avc

C:\Documents and Settings\Julien\Bureau\mwav\base058c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base059.avc

C:\Documents and Settings\Julien\Bureau\mwav\base059c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base060.avc

C:\Documents and Settings\Julien\Bureau\mwav\base060c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base061.avc

C:\Documents and Settings\Julien\Bureau\mwav\base061c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base062.avc

C:\Documents and Settings\Julien\Bureau\mwav\base062c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base063.avc

C:\Documents and Settings\Julien\Bureau\mwav\base063c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base064.avc

C:\Documents and Settings\Julien\Bureau\mwav\base064c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base065.avc

C:\Documents and Settings\Julien\Bureau\mwav\base065c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base066.avc

C:\Documents and Settings\Julien\Bureau\mwav\base066c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base067.avc

C:\Documents and Settings\Julien\Bureau\mwav\base067c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base068.avc

C:\Documents and Settings\Julien\Bureau\mwav\base068c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base069.avc

C:\Documents and Settings\Julien\Bureau\mwav\base069c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base070.avc

C:\Documents and Settings\Julien\Bureau\mwav\base070c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base071.avc

C:\Documents and Settings\Julien\Bureau\mwav\base071c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base072.avc

C:\Documents and Settings\Julien\Bureau\mwav\base072c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base073.avc

C:\Documents and Settings\Julien\Bureau\mwav\base073c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base074.avc

C:\Documents and Settings\Julien\Bureau\mwav\base074c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base075.avc

C:\Documents and Settings\Julien\Bureau\mwav\base075c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base076.avc

C:\Documents and Settings\Julien\Bureau\mwav\base076c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base077.avc

C:\Documents and Settings\Julien\Bureau\mwav\base077c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base078.avc

C:\Documents and Settings\Julien\Bureau\mwav\base078c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base079.avc

C:\Documents and Settings\Julien\Bureau\mwav\base079c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base080.avc

C:\Documents and Settings\Julien\Bureau\mwav\base080c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base081.avc

C:\Documents and Settings\Julien\Bureau\mwav\base081c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base082.avc

C:\Documents and Settings\Julien\Bureau\mwav\base082c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base083.avc

C:\Documents and Settings\Julien\Bureau\mwav\base083c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base084.avc

C:\Documents and Settings\Julien\Bureau\mwav\base084c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base085.avc

C:\Documents and Settings\Julien\Bureau\mwav\base085c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base086.avc

C:\Documents and Settings\Julien\Bureau\mwav\base086c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base087.avc

C:\Documents and Settings\Julien\Bureau\mwav\base087c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base088.avc

C:\Documents and Settings\Julien\Bureau\mwav\base088c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base089.avc

C:\Documents and Settings\Julien\Bureau\mwav\base089c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base090.avc

C:\Documents and Settings\Julien\Bureau\mwav\base090c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base091.avc

C:\Documents and Settings\Julien\Bureau\mwav\base091c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base092.avc

C:\Documents and Settings\Julien\Bureau\mwav\base092c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base093.avc

C:\Documents and Settings\Julien\Bureau\mwav\base093c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base094.avc

C:\Documents and Settings\Julien\Bureau\mwav\base094c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base095.avc

C:\Documents and Settings\Julien\Bureau\mwav\base095c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base096.avc

C:\Documents and Settings\Julien\Bureau\mwav\base096c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base097.avc

C:\Documents and Settings\Julien\Bureau\mwav\base097c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base098.avc

C:\Documents and Settings\Julien\Bureau\mwav\base098c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base099.avc

C:\Documents and Settings\Julien\Bureau\mwav\base099c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base100.avc

C:\Documents and Settings\Julien\Bureau\mwav\base100c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base101.avc

C:\Documents and Settings\Julien\Bureau\mwav\base101c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base102.avc

C:\Documents and Settings\Julien\Bureau\mwav\base102c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base103.avc

C:\Documents and Settings\Julien\Bureau\mwav\base103c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base104.avc

C:\Documents and Settings\Julien\Bureau\mwav\base104c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base105.avc

C:\Documents and Settings\Julien\Bureau\mwav\base105c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base106.avc

C:\Documents and Settings\Julien\Bureau\mwav\base106c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base107.avc

C:\Documents and Settings\Julien\Bureau\mwav\base107c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base108.avc

C:\Documents and Settings\Julien\Bureau\mwav\base108c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base109.avc

C:\Documents and Settings\Julien\Bureau\mwav\base109c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base110.avc

C:\Documents and Settings\Julien\Bureau\mwav\base110c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base111.avc

C:\Documents and Settings\Julien\Bureau\mwav\base111c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base112.avc

C:\Documents and Settings\Julien\Bureau\mwav\base112c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base113.avc

C:\Documents and Settings\Julien\Bureau\mwav\base113c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base114.avc

C:\Documents and Settings\Julien\Bureau\mwav\base114c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base115.avc

C:\Documents and Settings\Julien\Bureau\mwav\base115c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base116.avc

C:\Documents and Settings\Julien\Bureau\mwav\base116c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base117.avc

C:\Documents and Settings\Julien\Bureau\mwav\base117c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base118.avc

C:\Documents and Settings\Julien\Bureau\mwav\base118c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base119.avc

C:\Documents and Settings\Julien\Bureau\mwav\base119c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base120.avc

C:\Documents and Settings\Julien\Bureau\mwav\base120c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base121.avc

C:\Documents and Settings\Julien\Bureau\mwav\base121c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base122.avc

C:\Documents and Settings\Julien\Bureau\mwav\base122c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base123.avc

C:\Documents and Settings\Julien\Bureau\mwav\base123c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base124.avc

C:\Documents and Settings\Julien\Bureau\mwav\base124c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base125.avc

C:\Documents and Settings\Julien\Bureau\mwav\base125c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base126.avc

C:\Documents and Settings\Julien\Bureau\mwav\base126c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base127.avc

C:\Documents and Settings\Julien\Bureau\mwav\base127c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base128.avc

C:\Documents and Settings\Julien\Bureau\mwav\base128c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base129.avc

C:\Documents and Settings\Julien\Bureau\mwav\base129c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base130.avc

C:\Documents and Settings\Julien\Bureau\mwav\base130c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base131.avc

C:\Documents and Settings\Julien\Bureau\mwav\base131c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base132.avc

C:\Documents and Settings\Julien\Bureau\mwav\base132c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base133.avc

C:\Documents and Settings\Julien\Bureau\mwav\base133c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base134.avc

C:\Documents and Settings\Julien\Bureau\mwav\base134c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base135.avc

C:\Documents and Settings\Julien\Bureau\mwav\base135c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base136.avc

C:\Documents and Settings\Julien\Bureau\mwav\base136c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base137.avc

C:\Documents and Settings\Julien\Bureau\mwav\base137c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base138.avc

C:\Documents and Settings\Julien\Bureau\mwav\base138c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base139.avc

C:\Documents and Settings\Julien\Bureau\mwav\base139c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base140.avc

C:\Documents and Settings\Julien\Bureau\mwav\base140c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base141.avc

C:\Documents and Settings\Julien\Bureau\mwav\base141c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base142.avc

C:\Documents and Settings\Julien\Bureau\mwav\base142c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base143.avc

C:\Documents and Settings\Julien\Bureau\mwav\base143c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base144.avc

C:\Documents and Settings\Julien\Bureau\mwav\base144c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base145.avc

C:\Documents and Settings\Julien\Bureau\mwav\base145c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base146.avc

C:\Documents and Settings\Julien\Bureau\mwav\base146c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base147.avc

C:\Documents and Settings\Julien\Bureau\mwav\base147c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base148.avc

C:\Documents and Settings\Julien\Bureau\mwav\base148c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base149.avc

C:\Documents and Settings\Julien\Bureau\mwav\base149c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base150.avc

C:\Documents and Settings\Julien\Bureau\mwav\base150c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base151.avc

C:\Documents and Settings\Julien\Bureau\mwav\base151c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base152.avc

C:\Documents and Settings\Julien\Bureau\mwav\base152c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base153.avc

C:\Documents and Settings\Julien\Bureau\mwav\base153c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base154.avc

C:\Documents and Settings\Julien\Bureau\mwav\base154c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base155.avc

C:\Documents and Settings\Julien\Bureau\mwav\base155c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base156.avc

C:\Documents and Settings\Julien\Bureau\mwav\base156c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base157.avc

C:\Documents and Settings\Julien\Bureau\mwav\base157c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base158.avc

C:\Documents and Settings\Julien\Bureau\mwav\base158c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base159.avc

C:\Documents and Settings\Julien\Bureau\mwav\base159c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base160.avc

C:\Documents and Settings\Julien\Bureau\mwav\base160c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base161.avc

C:\Documents and Settings\Julien\Bureau\mwav\base161c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base162.avc

C:\Documents and Settings\Julien\Bureau\mwav\base162c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base163.avc

C:\Documents and Settings\Julien\Bureau\mwav\base163c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base164.avc

C:\Documents and Settings\Julien\Bureau\mwav\base164c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base165c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base166c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base167c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base168c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base169c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base170c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base171c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base172c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base173c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base174c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base175c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base176c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base177c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base178c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base179c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base180c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base181c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base182c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base183c.avc

C:\Documents and Settings\Julien\Bureau\mwav\base999.avc

C:\Documents and Settings\Julien\Bureau\mwav\bitmap1.bmp

C:\Documents and Settings\Julien\Bureau\mwav\ca.avc

C:\Documents and Settings\Julien\Bureau\mwav\chuka.avc

C:\Documents and Settings\Julien\Bureau\mwav\config.lan

C:\Documents and Settings\Julien\Bureau\mwav\config.old

C:\Documents and Settings\Julien\Bureau\mwav\daily-ec.avc

C:\Documents and Settings\Julien\Bureau\mwav\daily-ex.avc

C:\Documents and Settings\Julien\Bureau\mwav\daily.avc

C:\Documents and Settings\Julien\Bureau\mwav\dailyc.avc

C:\Documents and Settings\Julien\Bureau\mwav\eicar.avc

C:\Documents and Settings\Julien\Bureau\mwav\engine.cfg

C:\Documents and Settings\Julien\Bureau\mwav\engine.dt

C:\Documents and Settings\Julien\Bureau\mwav\ext001.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext001c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext002.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext002c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext003.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext003c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext004.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext004c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext005.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext005c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext006.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext006c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext007.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext007c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext008.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext008c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext009.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext009c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext010c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext011c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext012c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext013c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext014c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext015c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext016c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext017c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext018c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext019c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext020c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext021c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext022c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext023c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext024c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext025c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext026c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext027c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext028c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext029c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext030c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext031c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext032c.avc

C:\Documents and Settings\Julien\Bureau\mwav\ext999.avc

C:\Documents and Settings\Julien\Bureau\mwav\extr-cab.avc

C:\Documents and Settings\Julien\Bureau\mwav\extract.avc

C:\Documents and Settings\Julien\Bureau\mwav\fa.avc

C:\Documents and Settings\Julien\Bureau\mwav\fa001.avc

C:\Documents and Settings\Julien\Bureau\mwav\gen001.avc

C:\Documents and Settings\Julien\Bureau\mwav\gen002.avc

C:\Documents and Settings\Julien\Bureau\mwav\gen003.avc

C:\Documents and Settings\Julien\Bureau\mwav\gen004.avc

C:\Documents and Settings\Julien\Bureau\mwav\gen005.avc

C:\Documents and Settings\Julien\Bureau\mwav\gen999.avc

C:\Documents and Settings\Julien\Bureau\mwav\generic.avc

C:\Documents and Settings\Julien\Bureau\mwav\Getvlist.exe

C:\Documents and Settings\Julien\Bureau\mwav\ipc.dll

C:\Documents and Settings\Julien\Bureau\mwav\kavss.dll

C:\Documents and Settings\Julien\Bureau\mwav\kavss.exe

C:\Documents and Settings\Julien\Bureau\mwav\kavssd.dll

C:\Documents and Settings\Julien\Bureau\mwav\kavssdi.dll

C:\Documents and Settings\Julien\Bureau\mwav\kavssi.dll

C:\Documents and Settings\Julien\Bureau\mwav\KAVUpd.dll

C:\Documents and Settings\Julien\Bureau\mwav\kavupd.exe

C:\Documents and Settings\Julien\Bureau\mwav\kavvlg.dll

C:\Documents and Settings\Julien\Bureau\mwav\kernel.avc

C:\Documents and Settings\Julien\Bureau\mwav\keyid.dat

C:\Documents and Settings\Julien\Bureau\mwav\krn001.avc

C:\Documents and Settings\Julien\Bureau\mwav\krn002.avc

C:\Documents and Settings\Julien\Bureau\mwav\krn003.avc

C:\Documents and Settings\Julien\Bureau\mwav\krn004.avc

C:\Documents and Settings\Julien\Bureau\mwav\krn005.avc

C:\Documents and Settings\Julien\Bureau\mwav\krndos.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnengn.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnexe.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnexe32.avc

C:\Documents and Settings\Julien\Bureau\mwav\krngen.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnjava.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnmacro.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnun001.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnun002.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnun003.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnun004.avc

C:\Documents and Settings\Julien\Bureau\mwav\krnunp.avc

C:\Documents and Settings\Julien\Bureau\mwav\macro.avc

C:\Documents and Settings\Julien\Bureau\mwav\mail.avc

C:\Documents and Settings\Julien\Bureau\mwav\main.avi

C:\Documents and Settings\Julien\Bureau\mwav\malware.avc

C:\Documents and Settings\Julien\Bureau\mwav\MicroWorld Toolkit Utility.txt

C:\Documents and Settings\Julien\Bureau\mwav\msvlclnt.dll

C:\Documents and Settings\Julien\Bureau\mwav\mwav.ini

C:\Documents and Settings\Julien\Bureau\mwav\mwav.log

C:\Documents and Settings\Julien\Bureau\mwav\mwavscan.com

C:\Documents and Settings\Julien\Bureau\mwav\mwXface.log

C:\Documents and Settings\Julien\Bureau\mwav\newexe.avc

C:\Documents and Settings\Julien\Bureau\mwav\newexeg.avc

C:\Documents and Settings\Julien\Bureau\mwav\ocr.avc

C:\Documents and Settings\Julien\Bureau\mwav\pornware.avc

C:\Documents and Settings\Julien\Bureau\mwav\product.bmp

C:\Documents and Settings\Julien\Bureau\mwav\psapi.dll

C:\Documents and Settings\Julien\Bureau\mwav\riched32.dll

C:\Documents and Settings\Julien\Bureau\mwav\riskware.avc

C:\Documents and Settings\Julien\Bureau\mwav\script.avc

C:\Documents and Settings\Julien\Bureau\mwav\smart.avc

C:\Documents and Settings\Julien\Bureau\mwav\trojan.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp000.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp001.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp002.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp003.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp004.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp005.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp006.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp007.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp008.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp009.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp010.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp011.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp012.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp013.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp014.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp015.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp016.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp017.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp018.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp019.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp020.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp021.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp022.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp023.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp024.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp025.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp026.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp027.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp028.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp029.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp030.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp031.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp032.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp033.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp034.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp035.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp036.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp037.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp038.avc

C:\Documents and Settings\Julien\Bureau\mwav\unp039.avc

C:\Documents and Settings\Julien\Bureau\mwav\unpack.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040702.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040709.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040716.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040723.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040730.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040806.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040813.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040820.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040827.avc

C:\Documents and Settings\Julien\Bureau\mwav\up040903.avc

C:\Documents and Settings\Julien\Bureau\mwav\virus.avi

C:\Documents and Settings\Julien\Bureau\mwav\worm.avc

C:\Documents and Settings\Julien\Bureau\mwav\x-files.avc

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\HPFix8.reg

C:\SDFix\apps\HPFix9.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\catchme.exe

C:\SDFix\dummy.sys

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\SDFix\W2K_CodecRepair.inf

C:\SDFix\XP_CodecRepair.inf

C:\VundoFix Backups

C:\WINDOWS\BM5796bdc3.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.C.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\IOnoWvut.ini

C:\WINDOWS\system32\IOnoWvut.ini2

C:\WINDOWS\system32\iveqtfvb.dll

C:\WINDOWS\system32\jqvnqvum.dll

C:\WINDOWS\system32\pelltkfe.dll

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\tmp57.tmp

C:\WINDOWS\system32\tmp58.tmp

C:\WINDOWS\system32\tuvUMdDU.dll

C:\WINDOWS\system32\UDdMUvut.ini

C:\WINDOWS\system32\UDdMUvut.ini2

C:\WINDOWS\system32\urqNHWpo.dll_old

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\system32\xeyurgab.ini

C:\WINDOWS\system32\xmklqjvf.ini

C:\WINDOWS\system32\xytbhttn.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-25 19:38 . 2008-06-25 19:38 106,496 --a------ C:\WINDOWS\system32\gfbeqorl.dll

2008-06-25 19:36 . 2008-06-25 20:42 91,136 --------- C:\WINDOWS\system32\hejeitgg.dll

2008-06-25 19:36 . 2008-06-25 20:42 81,920 --------- C:\WINDOWS\system32\bagruyex.dll

2008-06-25 18:29 . 2008-06-25 18:29 <REP> d-------- C:\Documents and Settings\joss

2008-06-25 18:00 . 2008-06-25 18:00 <REP> d-------- C:\Program Files\Avira

2008-06-25 18:00 . 2008-06-25 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-25 17:48 . 2008-06-25 20:42 81,920 --------- C:\WINDOWS\system32\ntthbtyx.dll

2008-06-25 17:47 . 2008-06-25 17:47 106,496 --a------ C:\WINDOWS\system32\jjhdlyoc.dll

2008-06-25 17:47 . 2008-06-25 17:47 91,136 --a------ C:\WINDOWS\system32\ohexgyqu.dll

2008-06-25 17:31 . 2008-06-25 17:31 <REP> d-------- C:\Program Files\MSXML 4.0

2008-06-25 17:01 . 2008-06-25 17:04 <REP> d-------- C:\HJT

2008-06-25 15:14 . 2008-06-25 16:44 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-06-24 12:26 . 2008-06-24 12:26 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-06-24 12:26 . 2008-06-24 12:26 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared

2008-06-24 12:26 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-06-24 12:26 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-06-24 12:26 . 2008-06-25 02:22 13,030 --a------ C:\PDOXUSRS.NET

2008-06-24 12:19 . 2008-06-25 13:38 1,834 --a------ C:\WINDOWS\system32\tmp.reg

2008-06-24 11:32 . 2008-06-25 18:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-24 11:32 . 2008-06-25 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-24 10:52 . 2008-06-24 10:52 98 --a------ C:\WINDOWS\WirelessFTP.INI

2008-06-20 00:04 . 2008-06-23 14:02 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Azureus

2008-06-20 00:04 . 2008-06-20 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-06-20 00:02 . 2008-06-23 13:29 <REP> d-------- C:\Program Files\Azureus

2008-06-19 17:53 . 2008-06-19 17:53 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Toshiba

2008-06-18 20:41 . 2008-06-18 20:41 <REP> d-------- C:\Program Files\VideoLAN

2008-06-17 03:19 . 2008-06-17 03:19 <REP> d-------- C:\Program Files\Windows Media Connect 2

2008-06-17 03:16 . 2008-06-17 03:17 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-16 14:00 . 2008-06-19 00:51 <REP> d-------- C:\Documents and Settings\Julien\Application Data\vlc

2008-06-12 23:10 . 2008-06-12 23:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-12 23:06 . 2006-10-18 21:47 2,450,944 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-06-12 23:06 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 23:06 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-08 00:51 . 2008-06-08 00:51 <REP> d-------- C:\Program Files\NVIDIA Corporation

2008-06-08 00:50 . 2008-06-08 00:50 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-06-08 00:41 . 2007-12-05 07:41 1,703,936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2008-06-08 00:40 . 2008-06-08 00:40 <REP> d-------- C:\Program Files\Nvidia Omega Drivers

2008-06-08 00:40 . 2008-06-08 00:40 472,576 --a------ C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe

2008-06-08 00:25 . 2008-04-28 20:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys

2008-06-08 00:23 . 2008-06-08 00:30 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-07 23:40 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll

2008-06-07 23:40 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll

2008-06-07 23:40 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll

2008-06-07 23:40 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll

2008-06-07 23:40 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll

2008-06-07 23:40 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll

2008-06-07 23:40 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll

2008-06-07 23:39 . 2008-06-07 23:39 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2008-06-07 23:38 . 2008-06-07 23:38 <REP> d-------- C:\WINDOWS\Logs

2008-06-07 03:34 . 2008-04-10 17:07 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-07 03:31 . 2008-04-14 01:20 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-06-07 03:31 . 2008-06-08 19:04 160,371 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-07 03:31 . 2007-12-05 07:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-06-07 03:18 . 2008-04-14 04:03 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys

2008-06-07 03:18 . 2008-04-14 04:03 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys

2008-06-07 02:52 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2008-06-07 02:38 . 2008-06-07 02:37 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-06-07 02:25 . 2008-06-07 02:25 1,169 --a------ C:\WINDOWS\mozver.dat

2008-06-06 23:49 . 2008-06-06 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-06-06 23:47 . 2008-06-08 00:43 <REP> d-------- C:\WINDOWS\nview

2008-06-06 22:30 . 2008-06-06 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters

2008-06-06 22:29 . 2008-06-06 22:29 <REP> d-------- C:\Program Files\OpenAL

2008-06-05 10:33 . 2008-06-05 10:33 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Talkback

2008-06-05 10:33 . 2008-06-05 10:33 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-05 10:28 . 2008-06-24 22:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-05 10:28 . 2008-06-05 10:28 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Malwarebytes

2008-06-05 10:28 . 2008-06-05 10:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-05 10:28 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-05 10:28 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-03 17:27 . 2008-06-03 17:27 <REP> d--hs---- C:\Diskeeper

2008-06-03 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-03 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-03 14:02 . 2008-06-03 14:02 0 --a------ C:\Documents and Settings\Julien\Application Data\wklnhst.dat

2008-06-03 13:59 . 2008-06-03 13:59 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio

2008-06-03 13:59 . 2008-06-03 13:59 <REP> d-------- C:\Documents and Settings\Julien\Application Data\sony

2008-06-03 13:50 . 2007-12-05 07:41 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll

2008-06-03 13:41 . 2008-06-03 13:41 <REP> d-------- C:\Documents and Settings\Julien\Application Data\InterVideo

2008-06-03 04:20 . 2008-06-17 03:16 <REP> d-------- C:\WINDOWS\system32\LogFiles

2008-06-03 04:14 . 2008-06-03 04:14 <REP> d-------- C:\Program Files\Alwil Software

2008-06-03 03:18 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-06-03 02:51 . 2008-06-03 02:51 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-06-03 02:49 . 2008-06-03 02:49 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Sonic

2008-06-03 02:48 . 2008-06-03 02:48 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Leadertech

2008-06-03 02:36 . 2008-06-25 14:31 <REP> d-------- C:\Program Files\Codemasters

2008-06-03 02:35 . 2008-06-03 02:35 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-06-03 02:30 . 2008-06-03 02:30 <REP> d-------- C:\Program Files\Lavalys

2008-06-03 02:09 . 2008-06-03 02:09 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-06-03 02:09 . 2008-06-03 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe

2008-06-03 02:08 . 2008-06-03 02:08 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-06-03 02:08 . 2008-06-03 02:08 21,361 --a------ C:\WINDOWS\AegisP.sys

2008-06-03 02:08 . 2008-06-03 02:08 13,984 --a------ C:\WINDOWS\AegisP.inf

2008-06-03 02:08 . 2008-06-03 02:08 10,640 --a------ C:\WINDOWS\AegisP.cat

2008-06-03 02:07 . 2008-06-03 02:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel

2008-06-03 02:07 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll

2008-06-03 02:07 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys

2008-06-03 02:07 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll

2008-06-03 02:07 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-06-03 01:30 . 2008-06-03 01:30 <REP> d-------- C:\Program Files\SystemRequirementsLab

2008-06-03 01:22 . 2008-06-03 01:22 <REP> d-------- C:\Program Files\IZArc

2008-06-03 01:20 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-03 01:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-03 01:20 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-03 01:20 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-03 01:20 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-03 01:20 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-03 01:20 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-03 01:20 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-03 01:20 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-03 01:17 . 2008-06-03 01:17 <REP> d-------- C:\Documents and Settings\Julien\Application Data\DAEMON Tools

2008-06-03 01:17 . 2008-06-03 01:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-03 00:56 . 2008-06-03 00:56 <REP> d-------- C:\Intel

2008-06-03 00:55 . 2008-06-03 00:55 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-06-03 00:35 . 2008-06-20 12:42 <REP> d-------- C:\Program Files\ma-config.com

2008-06-03 00:35 . 2008-06-20 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com

2008-06-02 22:03 . 2008-06-03 01:21 <REP> d-------- C:\WINDOWS\system32\fr-fr

2008-06-02 22:03 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\system32\fr

2008-06-02 22:03 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\system32\bits

2008-06-02 22:03 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\l2schemas

2008-06-02 22:00 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-06-02 22:00 . 2008-06-02 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 15:14 --------- d-----w C:\Program Files\Google

2008-06-20 10:39 180 ----a-w C:\WINDOWS\system32\drivers\sthdae.log

2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 16:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-08 16:54 --------- d-----w C:\Program Files\Sony

2008-06-08 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-06-07 21:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-06-07 21:40 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared

2008-06-03 11:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sony Corporation

2008-06-02 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 02:33 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll

2008-04-14 02:33 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

2008-04-14 02:33 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll

2008-04-14 02:33 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll

2008-04-14 02:33 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll

2008-04-14 02:33 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-25_ 2.17.04.75 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-25 13:15:13 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll

+ 2008-06-25 13:15:13 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll

+ 2008-06-25 13:15:13 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll

+ 2008-06-25 13:15:16 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll

+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll

+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll

+ 2008-06-25 13:15:16 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll

+ 2008-06-25 13:15:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll

+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

- 2008-06-25 00:11:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-25 19:00:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll

+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll

+ 2008-06-25 15:31:13 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe

+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

- 2008-06-19 09:47:15 287,704 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-06-25 15:14:13 286,904 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll

+ 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll

- 2008-06-24 09:11:31 70,226 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-25 11:59:20 70,226 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-24 09:11:31 86,282 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-06-25 11:59:21 86,282 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-06-24 09:11:31 419,228 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-25 11:59:20 419,228 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-24 09:11:31 490,030 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-25 11:59:21 490,030 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-25 19:00:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_15c.dat

+ 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6e80b13-709e-4488-a82c-fae7b8caccbe}]

2008-06-25 19:38 106496 --a------ C:\WINDOWS\system32\gfbeqorl.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]

"nwiz"="nwiz.exe" [2007-12-05 07:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 07:41 8523776]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]

S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-04-28 20:25]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]

S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-14 10:13]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 21:01:40

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Apoint\ApntEx.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-25 21:05:42 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-25 19:05:39

ComboFix2.txt 2008-06-25 15:20:29

ComboFix3.txt 2008-06-25 12:01:34

ComboFix4.txt 2008-06-25 00:17:52

 

Pre-Run: 46,294,847,488 octets libres

Post-Run: 46,288,199,680 octets libres

 

935 --- E O F --- 2008-06-25 15:31:14

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Tu aurais du patienter avant d'installer Antivir , enfin c'est fait!!par contre il doit couiner :P , faut qu'il reste desactivé pour executer CFScript. Tu as desinstallé Avast alors supprime son repertoire restant C:\Program Files\Alwil Software

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\gfbeqorl.dll
C:\WINDOWS\system32\hejeitgg.dll
C:\WINDOWS\system32\bagruyex.dll
C:\WINDOWS\system32\ntthbtyx.dll
C:\WINDOWS\system32\jjhdlyoc.dll
C:\WINDOWS\system32\ohexgyqu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6e80b13-709e-4488-a82c-fae7b8caccbe}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Deconnecte toi physiquement d'internet [debranche le cable], execute le CFScript et attend 10Mn avant de te reconnecter

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

jude18 Power Member

jude18

Posté(e)
  • Auteur
Posté(e)

Bonjour Angélique et merci ,

 

Voici le rapport :

 

ComboFix 08-06-20.4 - Julien 2008-06-26 17:06:59.6 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.673 [GMT 2:00]

Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Julien\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\bagruyex.dll

C:\WINDOWS\system32\gfbeqorl.dll

C:\WINDOWS\system32\hejeitgg.dll

C:\WINDOWS\system32\jjhdlyoc.dll

C:\WINDOWS\system32\ntthbtyx.dll

C:\WINDOWS\system32\ohexgyqu.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\bagruyex.dll

C:\WINDOWS\system32\gfbeqorl.dll

C:\WINDOWS\system32\hejeitgg.dll

C:\WINDOWS\system32\jjhdlyoc.dll

C:\WINDOWS\system32\ntthbtyx.dll

C:\WINDOWS\system32\ohexgyqu.dll

H:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-25 18:00 . 2008-06-25 18:00 <REP> d-------- C:\Program Files\Avira

2008-06-25 18:00 . 2008-06-25 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-25 17:31 . 2008-06-25 17:31 <REP> d-------- C:\Program Files\MSXML 4.0

2008-06-25 17:01 . 2008-06-25 21:15 <REP> d-------- C:\HJT

2008-06-25 15:14 . 2008-06-25 16:44 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-06-24 12:26 . 2008-06-24 12:26 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-06-24 12:26 . 2008-06-24 12:26 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared

2008-06-24 12:26 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-06-24 12:26 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-06-24 12:26 . 2008-06-25 02:22 13,030 --a------ C:\PDOXUSRS.NET

2008-06-24 12:19 . 2008-06-25 13:38 1,834 --a------ C:\WINDOWS\system32\tmp.reg

2008-06-24 11:32 . 2008-06-25 18:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-24 11:32 . 2008-06-25 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-24 10:52 . 2008-06-24 10:52 98 --a------ C:\WINDOWS\WirelessFTP.INI

2008-06-20 00:04 . 2008-06-23 14:02 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Azureus

2008-06-20 00:04 . 2008-06-20 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-06-20 00:02 . 2008-06-23 13:29 <REP> d-------- C:\Program Files\Azureus

2008-06-19 17:53 . 2008-06-19 17:53 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Toshiba

2008-06-18 20:41 . 2008-06-18 20:41 <REP> d-------- C:\Program Files\VideoLAN

2008-06-17 03:19 . 2008-06-17 03:19 <REP> d-------- C:\Program Files\Windows Media Connect 2

2008-06-17 03:16 . 2008-06-17 03:17 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-16 14:00 . 2008-06-19 00:51 <REP> d-------- C:\Documents and Settings\Julien\Application Data\vlc

2008-06-12 23:10 . 2008-06-12 23:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-12 23:06 . 2006-10-18 21:47 2,450,944 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-06-12 23:06 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 23:06 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-08 00:51 . 2008-06-08 00:51 <REP> d-------- C:\Program Files\NVIDIA Corporation

2008-06-08 00:50 . 2008-06-08 00:50 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-06-08 00:41 . 2007-12-05 07:41 1,703,936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2008-06-08 00:40 . 2008-06-08 00:40 <REP> d-------- C:\Program Files\Nvidia Omega Drivers

2008-06-08 00:40 . 2008-06-08 00:40 472,576 --a------ C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe

2008-06-08 00:25 . 2008-04-28 20:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys

2008-06-08 00:23 . 2008-06-08 00:30 <REP> d-------- C:\Program Files\RivaTuner v2.09

2008-06-07 23:40 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll

2008-06-07 23:40 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll

2008-06-07 23:40 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll

2008-06-07 23:40 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll

2008-06-07 23:40 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll

2008-06-07 23:40 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll

2008-06-07 23:40 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll

2008-06-07 23:39 . 2008-06-07 23:39 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2008-06-07 23:38 . 2008-06-07 23:38 <REP> d-------- C:\WINDOWS\Logs

2008-06-07 03:34 . 2008-04-10 17:07 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-07 03:31 . 2008-04-14 01:20 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-06-07 03:31 . 2008-06-08 19:04 160,371 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-07 03:31 . 2007-12-05 07:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-06-07 03:18 . 2008-04-14 04:03 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys

2008-06-07 03:18 . 2008-04-14 04:03 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys

2008-06-07 02:52 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2008-06-07 02:38 . 2008-06-07 02:37 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-06-07 02:25 . 2008-06-07 02:25 1,169 --a------ C:\WINDOWS\mozver.dat

2008-06-06 23:49 . 2008-06-06 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-06-06 23:47 . 2008-06-08 00:43 <REP> d-------- C:\WINDOWS\nview

2008-06-06 22:30 . 2008-06-06 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters

2008-06-06 22:29 . 2008-06-06 22:29 <REP> d-------- C:\Program Files\OpenAL

2008-06-05 10:33 . 2008-06-05 10:33 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Talkback

2008-06-05 10:33 . 2008-06-05 10:33 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-05 10:28 . 2008-06-24 22:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-05 10:28 . 2008-06-05 10:28 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Malwarebytes

2008-06-05 10:28 . 2008-06-05 10:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-05 10:28 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-05 10:28 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-03 17:27 . 2008-06-03 17:27 <REP> d--hs---- C:\Diskeeper

2008-06-03 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-03 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-03 14:02 . 2008-06-03 14:02 0 --a------ C:\Documents and Settings\Julien\Application Data\wklnhst.dat

2008-06-03 13:59 . 2008-06-03 13:59 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio

2008-06-03 13:59 . 2008-06-03 13:59 <REP> d-------- C:\Documents and Settings\Julien\Application Data\sony

2008-06-03 13:50 . 2007-12-05 07:41 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll

2008-06-03 13:41 . 2008-06-03 13:41 <REP> d-------- C:\Documents and Settings\Julien\Application Data\InterVideo

2008-06-03 04:20 . 2008-06-25 21:51 <REP> d-------- C:\WINDOWS\system32\LogFiles

2008-06-03 03:18 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-06-03 02:51 . 2008-06-03 02:51 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-06-03 02:49 . 2008-06-03 02:49 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Sonic

2008-06-03 02:48 . 2008-06-03 02:48 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Leadertech

2008-06-03 02:36 . 2008-06-25 14:31 <REP> d-------- C:\Program Files\Codemasters

2008-06-03 02:35 . 2008-06-03 02:35 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-06-03 02:30 . 2008-06-03 02:30 <REP> d-------- C:\Program Files\Lavalys

2008-06-03 02:09 . 2008-06-03 02:09 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-06-03 02:09 . 2008-06-03 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel

2008-06-03 02:08 . 2008-06-03 02:08 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe

2008-06-03 02:08 . 2008-06-03 02:08 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-06-03 02:08 . 2008-06-03 02:08 21,361 --a------ C:\WINDOWS\AegisP.sys

2008-06-03 02:08 . 2008-06-03 02:08 13,984 --a------ C:\WINDOWS\AegisP.inf

2008-06-03 02:08 . 2008-06-03 02:08 10,640 --a------ C:\WINDOWS\AegisP.cat

2008-06-03 02:07 . 2008-06-03 02:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel

2008-06-03 02:07 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll

2008-06-03 02:07 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys

2008-06-03 02:07 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll

2008-06-03 02:07 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-06-03 01:30 . 2008-06-03 01:30 <REP> d-------- C:\Program Files\SystemRequirementsLab

2008-06-03 01:22 . 2008-06-03 01:22 <REP> d-------- C:\Program Files\IZArc

2008-06-03 01:20 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-03 01:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-03 01:20 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-03 01:20 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-03 01:20 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-03 01:20 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-03 01:20 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-03 01:20 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-03 01:20 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-03 01:17 . 2008-06-03 01:17 <REP> d-------- C:\Documents and Settings\Julien\Application Data\DAEMON Tools

2008-06-03 01:17 . 2008-06-03 01:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-03 00:56 . 2008-06-03 00:56 <REP> d-------- C:\Intel

2008-06-03 00:55 . 2008-06-03 00:55 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-06-03 00:35 . 2008-06-20 12:42 <REP> d-------- C:\Program Files\ma-config.com

2008-06-03 00:35 . 2008-06-20 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com

2008-06-02 22:03 . 2008-06-03 01:21 <REP> d-------- C:\WINDOWS\system32\fr-fr

2008-06-02 22:03 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\system32\fr

2008-06-02 22:03 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\system32\bits

2008-06-02 22:03 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\l2schemas

2008-06-02 22:00 . 2008-06-02 22:03 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-06-02 22:00 . 2008-06-02 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

2008-06-02 21:45 . 2006-10-18 16:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-06-02 21:09 . 2008-04-14 04:33 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll

2008-06-02 21:08 . 2008-06-02 21:08 <REP> d-------- C:\Documents and Settings\Julien\Contacts

2008-06-02 21:08 . 2008-04-14 04:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll

2008-06-02 21:07 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

2008-06-02 20:56 . 2008-06-02 21:06 <REP> d-------- C:\Program Files\Windows Live

2008-06-02 20:56 . 2008-06-02 21:01 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-06-02 20:55 . 2008-06-02 20:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 15:14 --------- d-----w C:\Program Files\Google

2008-06-20 10:39 180 ----a-w C:\WINDOWS\system32\drivers\sthdae.log

2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 16:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-08 16:54 --------- d-----w C:\Program Files\Sony

2008-06-08 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-06-07 21:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-06-07 21:40 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared

2008-06-06 20:29 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-06-06 20:29 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-06-03 11:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sony Corporation

2008-06-02 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll

2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-06-25_21.05.27.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-25 19:00:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-26 10:11:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-26 10:11:32 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_1ec.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]

"nwiz"="nwiz.exe" [2007-12-05 07:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 07:41 8523776]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 04:34 172544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

--a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=

 

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]

S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-04-28 20:25]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]

S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-14 10:13]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 17:08:45

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

Temps d'accomplissement: 2008-06-26 17:09:55

ComboFix-quarantined-files.txt 2008-06-26 15:09:49

ComboFix2.txt 2008-06-25 19:05:43

ComboFix3.txt 2008-06-25 15:20:29

ComboFix4.txt 2008-06-25 12:01:34

ComboFix5.txt 2008-06-25 00:17:52

 

Pre-Run: 46,252,314,624 octets libres

Post-Run: 46,260,264,960 octets libres

 

272 --- E O F --- 2008-06-25 15:31:14

 

 

Un grand Merci pour vos réponses...

angelique Devil Member !

angelique

Posté(e)
Posté(e)

:P bien , le gros a été viré.

 

• desinstalle ComboFix en copiant collant la ligne ci dessous dans executer, et valide la:

 

ComboFix /u

 

supprime si restant c:\qoobox; c:\bug ; c:\combofix

 

• recoche antivir dans executer___ msconfig\demarrage ^^

 

et fait un scan avec , tu posteras le rapport.

 

tuto antivir:: http://www.malekal.com/tutorial_antivir.php

 

• et tu fignoles avec un bon scanner comme MBAM, et tu postes le rapport et un nouveau rapport antivir pour verif

 

tuto:: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

 

NB:: tu as un support usb H: , qui est infecté , autorun.inf a été viré mais y'a peut etre encore des fichiers style Adober.exe ou RavMonE.exe ou MS32DLL.DLL.VBS ou autorun.vbs ou UFO.exe ......

 

Ouvre le poste de travail

Clic sur le menu outils en haut à droite puis options des dossiers

Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

Coche dans la liste "Afficher les fichiers cachés"

Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"

Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

Ouvrez le poste de travail

Pour chaque disque dans le poste de travail : Fais un clic droit sur H: \ouvrir - et verifie la presence de ce style de fichiers suspects. Scan la avec antivir et MBAM

jude18 Power Member

jude18

Posté(e)
  • Auteur
Posté(e)

Merci Angélique, j'ai refais un scan Antivir: Dès que j'ai rebranché mon disque H mon portable à ralentit et tourne sur trois pattes...

 

Voici le rapport:

 

 

 

Avira AntiVir Personal

Report file date: jeudi 26 juin 2008 17:34

 

Scanning for 1360080 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: NOM-F002A4FFBF1

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 23:50:10

ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 23:50:11

ANTIVIR3.VDF : 7.0.5.7 28672 Bytes 25/06/2008 23:50:12

Engineversion : 8.1.0.59

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.44 278907 Bytes 25/06/2008 23:50:58

AESCN.DLL : 8.1.0.22 119157 Bytes 25/06/2008 23:50:54

AERDL.DLL : 8.1.0.20 418165 Bytes 25/06/2008 23:50:52

AEPACK.DLL : 8.1.1.6 364918 Bytes 25/06/2008 23:50:47

AEOFFICE.DLL : 8.1.0.20 192891 Bytes 25/06/2008 23:50:36

AEHEUR.DLL : 8.1.0.32 1274231 Bytes 25/06/2008 23:50:33

AEHELP.DLL : 8.1.0.15 115063 Bytes 25/06/2008 23:50:23

AEGEN.DLL : 8.1.0.29 307573 Bytes 25/06/2008 23:50:22

AEEMU.DLL : 8.1.0.6 430451 Bytes 25/06/2008 23:50:19

AECORE.DLL : 8.1.0.31 168310 Bytes 25/06/2008 23:50:15

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

 

Start of the scan: jeudi 26 juin 2008 17:34

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'msimn.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'ApntEx.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'Apoint.exe' - '1' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'nTuneService.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

42 processes with 42 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '20' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <VAIO>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <VAIO>

 

 

End of the scan: jeudi 26 juin 2008 18:27

Used time: 53:04 min

 

The scan has been done completely.

 

7120 Scanning directories

322032 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

322032 Files not concerned

7738 Archives were scanned

4 Warnings

0 Notes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...