Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

J'ai un spyware que je suis incapable d'enlever


renejr902

Messages recommandés

Malgré plusieurs tentatives je n'ai pas réussi à l'enlever. J'ai écrit mon texte en anglais pour le copier sur dautres forum aussi. Vous pouvez me répondre en francais. merci de votre aide:

 

i tried anti-malware, super antispyware, cclean, remove it pro, spybot, rogue remover, gmer, ad-aware... it cant remove it. and the worst thing is, all this apps cant find any trojan, virus, spyware. i cleaned everything. all of them are updated. i tried to clean my computer with each progam in normal boot and safe mode. i had a few rootkit, but i removed all of them. all files and registry entry, i read some info on google.

 

the problem is: When i power on my computer, windows startup normally, but when windows is starting, a explorer page open automatically with this web site: http://www.webthangs.com/count/rotate/click.php?id=1

and redirect to http://publishers.xy7... and redirect again to this: http://www.geniusinspiration.com/cab...y&keyword=CD51

note: its strange but sometime it only open explorer with google.ca instead. but most of time it open with webhangs.... and sometime webhangs cant load.

 

i closed the web site and can navaigate again without problem, but EVERY 15 minutes, the explorer page open again automatically and the same web open one after another. for example: im playing a 3d game, my game exiting and im back with the explorer page every 15 minutes. i cant play much then 15 minutes without this problem.

 

i have windows xp sp3 professional original and i use avg 8.0 free edition.

i cant format my hard disk, so i must remove that problem or live with it.

i have more than 80 hours installation time in this computer. i will not reinstall all that again

 

i will post : attach.txt dds.txt ark.txt

 

thanks for help

 

THIS IS MY DDS.txt:

 

 

DDS (Version 1.1.0) - NTFSx86

Run by Rene at 13:43:07,57 on 2008-12-20

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3327.2816 [GMT -5:00]

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\checksum.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\diskkeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Rene\Desktop\dds.com

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mWinlogon: System=c:\windows\system32\svch?st.exe,

mWinlogon: SfcDisable=-99 (0xffffff9d)

TB: {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - c:\program files\systran\4_0\premium\IEPlugIn.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui

mRun: [nwiz] nwiz.exe /install

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [CTHelper] CTHELPER.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRunOnce: [CheckSum] c:\windows\system32\cks.bat

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

 

============= SERVICES / DRIVERS ===============

 

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-8-20 39472]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-7-31 150568]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 97928]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-14 26824]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]

R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-14 231704]

R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-8-2 4448]

R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-8-2 3328]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-6-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-6-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-6-27 566296]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864]

R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys []

S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys []

S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys []

S1 83eba970;83eba970;c:\windows\system32\drivers\83eba970.sys [2008-12-14 0]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-6-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-6-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-6-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-6-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-6-27 566296]

S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

 

============== File Associations ===============

 

regfile=regedit.exe "%1" %*

scrfile="%1" %*

 

=============== Created Last 30 ================

 

2008-12-20 01:05 120,056 -------- c:\windows\system32\pxcpyi64.exe

2008-12-20 01:05 118,520 -------- c:\windows\system32\pxinsi64.exe

2008-12-19 22:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2008-12-19 22:56 <DIR> --d----- c:\program files\SUPERAntiSpyware

2008-12-19 22:56 <DIR> --d----- c:\docume~1\rene\applic~1\SUPERAntiSpyware.com

2008-12-19 22:50 <DIR> --d----- c:\program files\FileASSASSIN

2008-12-19 22:48 <DIR> --d----- c:\program files\RogueRemover FREE

2008-12-19 22:00 <DIR> --d----- c:\program files\InCode Solutions

2008-12-15 01:39 171,136 a--shr-- C:\grldr

2008-12-14 23:47 <DIR> --d----- c:\program files\Lavasoft

2008-12-14 22:28 <DIR> --d-h--- C:\$AVG8.VAULT$

2008-12-14 22:21 10,520 a------- c:\windows\system32\avgrsstx.dll

2008-12-14 22:21 97,928 a------- c:\windows\system32\drivers\avgldx86.sys

2008-12-14 22:21 <DIR> --d----- c:\windows\system32\drivers\Avg

2008-12-14 22:09 49,152 a------- c:\windows\system32\svch?st.exe

2008-12-14 22:06 223,128 a------- c:\windows\system32\drivers\dtscsi.sys

2008-12-14 22:06 <DIR> --d----- c:\program files\DAEMON Tools

2008-12-14 22:03 717,296 a------- c:\windows\system32\drivers\sptd.sys

2008-12-14 20:59 30,528 a------- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx

2008-12-14 20:59 11,564 a------- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx

2008-12-14 20:59 4,958,588 a------- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK

2008-12-14 20:58 <DIR> --d----- c:\program files\Creative

2008-12-14 20:34 <DIR> --d----- c:\windows\system32\dllcache

2008-12-14 20:33 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2008-12-14 20:33 749 a---hr-- c:\windows\WindowsShell.Manifest

2008-12-14 20:33 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2008-12-14 20:33 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2008-12-14 20:33 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2008-12-14 20:33 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2008-12-14 20:20 198,941 a------- c:\windows\system32\nvapps.nvb

2008-12-14 20:20 <DIR> --d----- c:\windows\NV9201656.TMP

2008-12-14 20:17 13,312 a------- c:\windows\system32\irclass.dll

2008-12-14 20:17 24,661 a------- c:\windows\system32\spxcoins.dll

2008-12-14 20:17 16,535 a----r-- c:\windows\SETAA.tmp

2008-12-14 20:17 1,088,840 a----r-- c:\windows\SET9E.tmp

2008-12-14 20:17 1,296,669 a----r-- c:\windows\SET9B.tmp

2008-12-14 19:06 <DIR> --d----- c:\program files\DAEMON Tools Lite

2008-12-14 18:56 <DIR> --d----- c:\windows\Downloaded Installations

2008-12-14 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro

2008-12-14 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8

2008-12-14 18:13 51,056 a------- c:\windows\setupapi.old

2008-12-14 17:53 <DIR> --d----- c:\program files\Trend Micro

2008-12-14 17:09 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-12-14 17:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-14 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2008-12-14 17:04 <DIR> --d----- c:\docume~1\rene\applic~1\DAEMON Tools Pro

2008-12-14 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft

2008-12-14 04:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2008-12-14 04:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2008-12-14 04:51 <DIR> --d----- c:\program files\RegCleaner

2008-12-14 04:13 <DIR> --d----- c:\program files\CCleaner

2008-12-14 03:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2008-12-14 03:55 <DIR> --d----- c:\docume~1\rene\applic~1\DAEMON Tools Lite

2008-12-14 02:58 <DIR> --d----- c:\program files\VideoLAN

2008-12-14 02:52 16,320,472 a------- C:\vlc-0.9.8a-win32.exe

2008-12-14 02:33 0 a------- c:\windows\system32\drivers\83eba970.sys

2008-12-14 02:33 2 a------- C:\-931777760

2008-12-14 02:33 576,000 a------- c:\windows\uninstall.exe

2008-12-14 02:33 176 a------- c:\windows\system32\eowero.vbs

2008-12-14 02:33 151 a------- c:\windows\system32\cks.bat

2008-12-14 02:33 <DIR> --d----- c:\program files\Uninstall

2008-12-14 02:33 22,406 -------- c:\windows\system32\checksum.exe

2008-12-14 02:33 <DIR> --d----- c:\windows\HDTVPlayer v3.5

2008-12-14 02:22 176 a------- c:\windows\eower.vbs

2008-12-14 02:22 45 a------- c:\windows\sys.bat

2008-12-14 02:22 <DIR> --d----- c:\windows\Setup

2008-12-14 02:22 <DIR> --d----- c:\program files\Setup

2008-12-14 02:22 <DIR> --d----- c:\windows\HDTVXviD Codec

2008-12-12 23:54 <DIR> --d----- c:\windows\system32\LogFiles

2008-12-12 21:42 <DIR> --dsh--- c:\windows\UmVuZSBNb3Jpbg

2008-12-12 21:42 <DIR> --d----- c:\temp\REX81

2008-12-12 21:42 <DIR> --d----- c:\windows\system32\vc

2008-12-12 21:42 <DIR> --d----- c:\windows\system32\foi

2008-12-12 16:10 106,130 a------- c:\windows\runner.exe

2008-11-26 22:01 547,840 a------- c:\windows\system32\wiaaut.dll

2008-11-26 22:01 132,880 a------- c:\windows\system32\MSINET.OCX

2008-11-26 22:01 108,336 a------- c:\windows\system32\Mswinsck.ocx

2008-11-26 22:01 102,400 a------- c:\windows\system32\DinkITXPUIMenus.ocx

2008-11-26 22:01 65,536 a------- c:\windows\system32\EnhSliderOcx.ocx

2008-11-26 22:01 64,000 a------- c:\windows\system32\wiaaut.oca

2008-11-24 16:29 <DIR> --d----- c:\windows\system32\xlive

2008-11-24 16:23 <DIR> --d----- c:\docume~1\rene\applic~1\Microsoft Games

2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe

2008-11-21 16:47 4,816 a------- c:\windows\system32\divxsm.tlb

2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll

2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll

2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll

2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll

 

==================== Find3M ====================

 

2008-12-14 20:57 444,952 a------- c:\windows\system32\wrap_oal.dll

2008-12-14 20:57 109,080 a------- c:\windows\system32\OpenAL32.dll

2008-12-14 20:30 22,720 a------- c:\windows\system32\emptyregdb.dat

2008-11-24 17:19 107,888 a------- c:\windows\system32\CmdLineExt.dll

2008-11-21 16:47 129,784 -------- c:\windows\system32\pxafs.dll

2008-11-12 21:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf

2008-11-12 21:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf

2008-10-28 04:08 38,972,478 a------- c:\windows\pif\pif3.zip

2008-08-03 21:21 522 a------- c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk

2008-08-01 15:05 1,569 a------- c:\program files\uninstal.log

2006-06-24 01:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

2008-07-31 06:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat

 

ATTACH.TXT:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Version 1.0)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-12-14 20:34:41

System Uptime: 2008-12-20 11:25:45 (2 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | P5Q

Processor: Intel Pentium III Xeon processor | LGA 775 | 2999/376mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 230 GiB total, 42,502 GiB free.

D: is FIXED (NTFS) - 100 GiB total, 69,428 GiB free.

E: is FIXED (NTFS) - 135 GiB total, 47,692 GiB free.

G: is CDROM ()

H: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP14: 2008-12-19 23:41:02 - Installed SUPERAntiSpyware Free Edition

 

==== Installed Programs ======================

 

 

4x4 Evo2

7-Zip 4.57

ACE Mega CoDecS Pack

Ad-Aware

Adobe Reader 8.1.2

Age of Empires III

Antidote RX v2

Aquadelic GT 1.0.0.0

Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver

AutoUpdate

AVG Free 8.0

Bejeweled Deluxe 1.6z

Big City Adventure San Francisco

BSPlayer

Canon i470D

CCleaner (remove only)

Cool Edit Pro 2.1

Creative Audio Console

Croc 2

CyberLink PowerDVD8

Daytona USA

DEVIL MAY CRY 4

DiRT

Diskeeper 2007 Pro Premier

Divine Divinity

DivX Codec

DivX Player

Download Manager 2.3.6

Drome Racers

Dungeon Siege Demo

EA Network Play System

Electronic Arts Game Updater

Enclave

eRacer

Fable - The Lost Chapters

Far Cry

Far Cry (Patch 1.3)

Far Cry (Patch 1.31)

Far Cry (Patch 1.33)

ffdshow (remove only)

FileASSASSIN

Final Fantasy VII

Final Fantasy VII XP Patch

FlatOut

FlatOut2

Fraps

Gears of War

GRID

GTR 2 1.0.0.0

Heroes of Might and Magic® IV

HijackThis 2.0.2

IsoBuster 2.3

Java 6 Update 7

Jazz Jackrabbit 2

Lecteur Windows Media 11

LimeWire 4.18.3

Logitech Gaming Software

Malwarebytes' Anti-Malware

Malwarebytes' RogueRemover

Megaman X5

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft Application Compatibility Toolkit 5.0

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft RalliSport Challenge

Microsoft Silverlight

Microsoft Software Update for Web Folders (French) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Xbox 360 Accessories 1.0

mIRC

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Moto Racer

Moto Racer 2

MSN

MSXML 4.0 SP2 (KB941833)

MVP Baseball 2003

Need For Speed - Porsche Unleashed

Need for speed 4 high stakes

Need For Speed High Stakes

Need For Speed Hot Pursuit 2

Need For Speed II SE

Need For Speed III

Need for Speed Underground 2

Need for Speed Carbon

Need for Speed ProStreet

Need for Speed Undercover

Nero 8

neroxml

Neverwinter Nights 2

NVIDIA Drivers

NVIDIA PhysX v8.08.01

Oblivion

Ocean Express

Off Road

OpenAL

OutRun2006 Coast 2 Coast

Paragon Partition Manager 9.0 Professional

Paraworld US SP Demo

Petit Larousse 2004

PowerISO

Prince of Persia Les Sables du Temps

PSP Video 9 2.24

Pure

Puzzles Collection

Quake 4

QuickTime

R.C. Cars

Rally Trophy

RAYKIT

RemoveIT Pro v4 - SE

SEGA Rally

Setup

Shockwave

Sid Meier's Pirates!

SimCity 4

SolSuite

SONIC ADVENTURE DX-Director's Cut

Spybot - Search & Destroy

Star Wars JK II Jedi Outcast

Stunt GP

SUPERAntiSpyware Free Edition

Supercar Street Challenge

Systran Professional Premium 4.0

Test Drive Unlimited

Titan Quest

Tomb Raider: Anniversary 1.0

Topwords

TrackMania Sunrise 1.4.6

Ultima IX

Utilitaire de carte mémoire

VLC media player 0.9.8a

VoptXP v7.22

Vuze

Warcraft III

WebFldrs XP

Winamp

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

WinRAR archiver

Wipeout XL

 

==== Event Viewer Messages From Past Week ========

 

2008-12-14 03:07:11, error: PlugPlayManager [11] - The device Root\LEGACY_BEEP\0000 disappeared from the system without first being prepared for removal.

2008-12-14 02:35:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

2008-12-14 03:20:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the icf service to connect.

2008-12-14 03:20:21, error: Service Control Manager [7000] - The icf service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2008-12-14 03:26:55, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

2008-12-14 03:33:35, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2008-12-14 03:47:47, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2008-12-14 04:00:31, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

2008-12-14 16:33:25, error: sfsync02 [12] -

2008-12-14 17:29:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2008-12-14 17:31:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

2008-12-14 17:31:27, error: sptd [4] - Driver detected an internal error in its data structures for .

2008-12-14 18:01:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

2008-12-14 18:02:09, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

2008-12-14 18:02:09, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2008-12-14 18:02:09, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

2008-12-14 18:02:09, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

2008-12-14 18:02:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip

2008-12-14 18:13:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv61xx

2008-12-14 18:13:09, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x398dedcc00+1'. It has stopped monitoring the volume.

2008-12-14 19:53:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip

2008-12-14 20:24:47, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

2008-12-14 20:24:47, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

2008-12-14 20:33:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

2008-12-14 20:35:59, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.

2008-12-15 00:16:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu sptd Tcpip

2008-12-15 00:20:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

2008-12-15 12:00:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips hotcore3 intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SCDEmu Sparrow Tcpip

2008-12-19 23:40:27, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000022' while processing the file 'ati2axxx.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2008-12-19 23:44:25, error: Service Control Manager [7028] - The msqpdxserv.sys Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

2008-12-19 23:53:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip

2008-12-20 00:22:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hotcore3 Sparrow

2008-12-14 20:40:26, information: Windows File Protection [64032] - Windows File Protection is not active on this system.

 

==== End Of File ===========================

 

ARK.LOG:

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-20 15:22:10

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.14 ----

 

SSDT spqo.sys ZwCreateKey [0xBA6A80E0]

SSDT spqo.sys ZwEnumerateKey [0xBA6C6CA2]

SSDT spqo.sys ZwEnumerateValueKey [0xBA6C7030]

SSDT spqo.sys ZwOpenKey [0xBA6A80C0]

SSDT spqo.sys ZwQueryKey [0xBA6C7108]

SSDT spqo.sys ZwQueryValueKey [0xBA6C6F88]

SSDT spqo.sys ZwSetValueKey [0xBA6C719A]

 

INT 0x63 ? 8B387BF8

INT 0x63 ? 8B387BF8

INT 0x63 ? 8B387BF8

INT 0x63 ? 8B387BF8

INT 0x63 ? 8A49EBF8

INT 0x83 ? 8B38ABF8

INT 0x83 ? 8A49EBF8

INT 0x83 ? 8B38ABF8

INT 0x94 ? 8A49EBF8

INT 0xA4 ? 8A49EBF8

INT 0xA4 ? 8A49EBF8

INT 0xA4 ? 8A49EBF8

INT 0xA4 ? 8A49EBF8

INT 0xB4 ? 8A49EBF8

 

Code \SystemRoot\System32\Drivers\sybex38.SYS ZwDuplicateObject [0xBAC7095B]

Code \SystemRoot\System32\Drivers\sybex38.SYS ExAllocatePool

Code \SystemRoot\System32\Drivers\sybex38.SYS ExAllocatePoolWithTag

Code \SystemRoot\System32\Drivers\sybex38.SYS KeDelayExecutionThread

Code \SystemRoot\System32\Drivers\sybex38.SYS NtDuplicateObject

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 8B3851F8

Device \FileSystem\Fastfat \FatCdrom 88EEC1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B02A5D69-82A7-4E41-A7BD-C566F9F3B820} 890D31F8

Device \Driver\usbuhci \Device\USBPDO-0 8A4151F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3131F8

Device \Driver\dmio \Device\DmControl\DmConfig 8B3131F8

Device \Driver\dmio \Device\DmControl\DmPnP 8B3131F8

Device \Driver\dmio \Device\DmControl\DmInfo 8B3131F8

Device \Driver\usbuhci \Device\USBPDO-1 8A4151F8

Device \Driver\usbuhci \Device\USBPDO-2 8A4151F8

Device \Driver\usbehci \Device\USBPDO-3 8A47D1F8

Device \Driver\PCI_PNP4086 \Device\00000060 spqo.sys

Device \Driver\usbuhci \Device\USBPDO-4 8A4151F8

Device \Driver\usbuhci \Device\USBPDO-5 8A4151F8

Device \Driver\usbuhci \Device\USBPDO-6 8A4151F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 8B3881F8

Device \Driver\usbehci \Device\USBPDO-7 8A47D1F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 8B3881F8

Device \Driver\Cdrom \Device\CdRom0 8A3751F8

Device \Driver\Ftdisk \Device\HarddiskVolume3 8B3881F8

Device \Driver\Cdrom \Device\CdRom1 8A3751F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\NetBT \Device\NetBt_Wins_Export 890D31F8

Device \Driver\NetBT \Device\NetbiosSmb 890D31F8

Device \Driver\usbuhci \Device\USBFDO-0 8A4151F8

Device \Driver\usbuhci \Device\USBFDO-1 8A4151F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1C7500

Device \Driver\usbuhci \Device\USBFDO-2 8A4151F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1C7500

Device \Driver\usbehci \Device\USBFDO-3 8A47D1F8

Device \Driver\usbuhci \Device\USBFDO-4 8A4151F8

Device \Driver\Ftdisk \Device\FtControl 8B3881F8

Device \Driver\usbuhci \Device\USBFDO-5 8A4151F8

Device \Driver\usbuhci \Device\USBFDO-6 8A4151F8

Device \Driver\usbehci \Device\USBFDO-7 8A47D1F8

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A3341F8

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8B3861F8

Device \Driver\mv61xx \Device\Scsi\mv61xx1 8B3861F8

Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A3341F8

Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \FileSystem\Fastfat \Fat 88EEC1F8

 

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

Device \FileSystem\Cdfs \Cdfs 8A3C0500

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmhxtofxh.sys

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \systemroot\system32\drivers\msqpdxmhxtofxh.sys

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \systemroot\system32\msqpdxosvdnrsr.dll

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ...

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmhxtofxh.sys

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxserv \systemroot\system32\drivers\msqpdxmhxtofxh.sys

Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxl \systemroot\system32\msqpdxosvdnrsr.dll

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ...

 

---- Files - GMER 1.0.14 ----

 

File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\step_back[1].gif 225 bytes

File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\wrt[1].gif 836 bytes

File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\globalNavCorner[1].gif 89 bytes

File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\kb_default[1].htm 3011 bytes

File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\icon_treenode_neg[1].gif 63 bytes

File C:\Documents and Settings\Rene\My Documents\Azureus Downloads\PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\GoW\Gears of War\Wargame\CookedPC\COG\COG_Characters\COG_Grunt\COG_Grunt_Accessories\COG_Grunt_FragGrenade\COG_Grunt_FragGrenade.upk 411994 bytes

 

---- EOF - GMER 1.0.14 ----

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir,

 

Quel nom a ton malware?

 

C'est une très mauvaise chose que de poser le même problème sur plusieurs forums car tous n'ont pas la même façon de fonctionner. (voir ma signature).

De plus, certains outils peuvent interagir entre eux et finalement les helpers ne savent plus où il en sont car les rapports sont faussés.

 

Si tu souhaites être aidé ici; il faudra renoncer ailleurs et ne pas utiliser d'outils sans qu'on le demande expressément.

 

Si tu décides de continuer ici, on reprend de zéro:

 

Télécharge HijackThisV2 sur ton bureau.

  • Double-clique sur HJTInstall.exe et suis les instructions d'installation.
    --> Sous VISTA: faire un clic droit/exécuter en temps qu'administrateur
  • Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  • Lance le, valide le message d'avertissement, puis clique sur Do a system scan and save a logfile.
  • A la fin de l'analyse, le bloc-notes va s'ouvrir. Copie-colle tout son contenu ici à la suite.
  • Poste le rapport généré sur le forum.

 

 

+++

Lien vers le commentaire
Partager sur d’autres sites

ok merci pour l'info. Je vais essayer dêtre aider ici. de toute facon ma langue maternelle est le francais, cest plus facile.

En passant j'ai dit que cetait un malware, mais je sais pas si ca peut etre un spyware ou autre virus. tout ce que je sais cest qu'a tout les 15 minutes une page ouvre avec un adresse. voici l'adresse: http://www.webthangs.com/count/rotate/click.php?id=4. de plus la page ouvre aussi quand windows ouvre. Pourtant tous les programme d'anti spyware ne détecte aucun problemes. voir : superspyware, anti-malware, ad-aware... javais deja toutes effacé les infections avant-hier. de plus jai tout fait mes scans en mode sans echecs et en nomral boot pour etre plus sur.

 

VOICI LE LOG DEMANDÉ : ( merci de votre aide

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:45:05, on 2008-12-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\checksum.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\diskkeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [CheckSum] C:\WINDOWS\system32\cks.bat

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)

O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)

O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\diskkeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

 

--

End of file - 6668 bytes

Modifié par renejr902
Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

Cela n'est pas évident dans le log, on va donc procéder à un scan en ligne pour y voir un peu plus clair.

 

Assure toi que la console Java est bien la plus récente; pour le savoir rends-toi sur cette page et clique sur Vérifier la version de Java -> http://www.java.com/fr/download/installed.jsp -> Il te sera indiqué si tu dois installer la dernière version.

Si tu installes une nouvelle version Java, désinstalle toutes les plus anciennes via ajout/suppr de programmes.

 

TUTO: http://www.vista-xp.fr/forum/topic109.html

 

  • Fais un scan en ligne Kaspersky
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

@+tard.

Lien vers le commentaire
Partager sur d’autres sites

ok je refait le scan. Mais j'avais deja fait ce scan pour moi meme il y a deux-trois jours. javais choisit My computer. si je me souviens bien il avait rien trouvé. mais peut etre quew je me trompe. donc je vais le refaire selon tous vos crites et le tutorial.

 

MERCI DE VOTRE AIDE. je post le log aussitot fait

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir,

 

dans ce cas, on va d'abord procéder à une autre analyse; arrête le scan en ligne.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Désactive ton antivirus, firewall et antispyware le temps de l'analyse.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

poste également un nouveau log Hijackthis après celui de ComboFix stp.

 

@++

Lien vers le commentaire
Partager sur d’autres sites

VOICI LE RAPPORT KAPERSKY. il a trouvé des virus. javais seulement fait le test critical areas la derniere fois. Donc voici les résultats avec le full scan. J'attends ta reponse. ( en passant jai une dual partition. c: = win xp mais d: est vista 64 bit. E: est une partition ou je conserve des backup

merci:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, December 23, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, December 23, 2008 11:50:22

Records in database: 1504397

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

G:\

H:\

 

Scan statistics:

Files scanned: 338805

Threat name: 11

Infected objects: 20

Suspicious objects: 0

Duration of the scan: 03:44:30

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Rene\My Documents\eDonkey2000 Downloads\Gizmo Ultra.zip Infected: Backdoor.Win32.Raid.i 1

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

D:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQZJFCAO\apstpldr.dll[1].htm Infected: Trojan-Downloader.Win32.Agent.aubk 1

D:\Users\Rene\AppData\Local\Temp\FullBSCodecz.20402.exe Infected: Trojan-Downloader.Win32.FraudLoad.veji 1

D:\Users\Rene\AppData\Local\Temp\jah319313.exe Infected: Rootkit.Win32.TDSS.gen 1

D:\Users\Rene\AppData\Local\Temp\tmpB3F3.tmp Infected: Trojan.Win32.Agent.asxa 1

D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\Nero 8 Ultra Edition 8.3.2.1b + Working Serial + Crack\Nero-8.3.2.1_eng_trial_2.exe Infected: Trojan-Spy.Win32.BZub.ffd 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\nosound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\sound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2).zip Infected: Backdoor.Win32.Agent.ezx 2

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\nosound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\sound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\nosound\snezzi.exe Infected: Backdoor.Win32.Agent.kfa 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\sound\snezzi.exe Infected: Backdoor.Win32.Agent.kfa 1

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28.zip Infected: Backdoor.Win32.Agent.kfa 2

E:\Emulateurs\PLAYSTATION 2 (PS2-pcsx2 0.95 beta 377 --- LE MEILLEUR)\Pcsx2_0.9.4_Setup.exe Infected: Trojan.Win32.Agent.axxp 1

E:\MUSIC\MP3\calme\Rainbow Relaxation (Soft Music Series).wma Infected: Trojan-Downloader.WMA.GetCodec.a 1

 

The selected area was scanned.

Modifié par renejr902
Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

1)

 

flechedroitets2.pngOTMOVEIT 3

 

Télécharge systemsr4.pngOTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien:

 

OtMoveIt3

 

  • Double-clique sur OTMoveIt3.exe pour le lancer (l'extension .exe peut ne pas apparaître)
  • Copie l'entièreté du code ci-dessous (qui commence par First):
    First
    
    :Files
    
    C:\Documents and Settings\Rene\My Documents\eDonkey2000 Downloads\Gizmo Ultra.zip
    D:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQZJFCAO\apstpldr.dll[1].htm 
    D:\Users\Rene\AppData\Local\Temp\FullBSCodecz.20402.exe 
    D:\Users\Rene\AppData\Local\Temp\jah319313.exe 
    D:\Users\Rene\AppData\Local\Temp\tmpB3F3.tmp 
    D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar 
    D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\Nero 8 Ultra Edition 8.3.2.1b + Working Serial + Crack\Nero-8.3.2.1_eng_trial_2.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\nosound\snezzi.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\sound\snezzi.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2).zip 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\nosound\snezzi.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\sound\snezzi.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\nosound\snezzi.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\sound\snezzi.exe 
    E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28.zip 
    E:\Emulateurs\PLAYSTATION 2 (PS2-pcsx2 0.95 beta 377 --- LE MEILLEUR)\Pcsx2_0.9.4_Setup.exe
    E:\MUSIC\MP3\calme\Rainbow Relaxation (Soft Music Series).wma
    
    :Commands
    [emptytemp]


     

  • Colle ce code dans la partie jaune de OtMoveIt3 intitulée:
    "Paste Instructions for Items to be Moved" img-025804xb055.png
     
     
     
  • Clique sur le bouton Moveit! pour lancer le nettoyage: img-025919bxiq4.png
     
     
  • Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results img-030027q93ue.png
    --> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
  • Ferme OTMoveIt3 en cliquant sur Exit: img-030110c5gvf.png

Note : Si un fichier ou un dossier ne peut être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter.

 

2) Après le redémarrage, et post du rapport OT MoveIt:

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Désactive ton antivirus, firewall et antispyware le temps de l'analyse.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

@++

Lien vers le commentaire
Partager sur d’autres sites

voici le log de moveit

 

Error: Unable to interpret <First> in the current context!

========== FILES ==========

C:\Documents and Settings\Rene\My Documents\eDonkey2000 Downloads\Gizmo Ultra.zip moved successfully.

D:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQZJFCAO\apstpldr.dll[1].htm moved successfully.

D:\Users\Rene\AppData\Local\Temp\FullBSCodecz.20402.exe moved successfully.

D:\Users\Rene\AppData\Local\Temp\jah319313.exe moved successfully.

D:\Users\Rene\AppData\Local\Temp\tmpB3F3.tmp moved successfully.

D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar moved successfully.

D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\Nero 8 Ultra Edition 8.3.2.1b + Working Serial + Crack\Nero-8.3.2.1_eng_trial_2.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\nosound\snezzi.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\sound\snezzi.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2).zip moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\nosound\snezzi.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\sound\snezzi.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\nosound\snezzi.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\sound\snezzi.exe moved successfully.

E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28.zip moved successfully.

E:\Emulateurs\PLAYSTATION 2 (PS2-pcsx2 0.95 beta 377 --- LE MEILLEUR)\Pcsx2_0.9.4_Setup.exe moved successfully.

E:\MUSIC\MP3\calme\Rainbow Relaxation (Soft Music Series).wma moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\hsperfdata_Rene\5664 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\e4j24.tmp_dir31155\exe4jlib.jar scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\~DF37B3.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_170.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_260.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_211630

 

Files moved on Reboot...

File C:\DOCUME~1\Rene\LOCALS~1\Temp\hsperfdata_Rene\5664 not found!

C:\DOCUME~1\Rene\LOCALS~1\Temp\e4j24.tmp_dir31155\exe4jlib.jar moved successfully.

DllUnregisterServer procedure not found in C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll

C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.

C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.

DllUnregisterServer procedure not found in C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll

C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.

C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.

File C:\DOCUME~1\Rene\LOCALS~1\Temp\~DF37B3.tmp not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_170.dat moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_260.dat not found!

Lien vers le commentaire
Partager sur d’autres sites

ComboFix 08-12-26.03 - Rene 2008-12-26 21:29:42.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2848 [GMT -5:00]

Lancé depuis: c:\documents and settings\Rene\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Rene\Application Data\gadcom

c:\documents and settings\Rene\Application Data\gadcom\gadcom.exe

c:\documents and settings\Rene\Application Data\SpeedRunner

c:\documents and settings\Rene\Local Settings\Temporary Internet Files\fbk.sts

c:\program files\Mjcore

c:\windows\system32\bqacybre.dll

c:\windows\system32\dsafft.dll

c:\windows\system32\erbycaqb.ini

c:\windows\system32\jkkKbBTl.dll

c:\windows\system32\khxotrgl.dll

c:\windows\system32\kRCdLRqr.ini

c:\windows\system32\kRCdLRqr.ini2

c:\windows\system32\ljJDWmLf.dll

c:\windows\system32\rqRLdCRk.dll

c:\windows\system32\urqNDSJc.dll

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://childhe.com

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-26 21:37 . 2008-12-26 21:37 54,156 --ah----- c:\windows\QTFont.qfn

2008-12-26 21:37 . 2008-12-26 21:37 1,409 --a------ c:\windows\QTFont.for

2008-12-26 21:16 . 2008-12-26 21:16 <DIR> d-------- C:\_OTMoveIt

2008-12-26 18:36 . 2008-12-26 21:00 <DIR> d-------- c:\program files\M3 GAME Manager

2008-12-26 14:34 . 2008-12-26 14:37 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate

2008-12-26 13:30 . 2008-12-26 13:30 <DIR> d-------- c:\program files\Webtools

2008-12-26 13:25 . 2008-12-26 13:25 45,056 --a------ c:\windows\system32\rqRLeeFU.dll

2008-12-23 13:25 . 2008-12-23 13:25 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-23 00:26 . 2008-12-23 00:26 <DIR> d-------- C:\VundoFix Backups

2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settingsbkup.sfm

2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settings.sfm

2008-12-21 01:47 . 2008-12-26 21:37 4,958,588 --a------ c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK

2008-12-21 01:24 . 2008-12-21 01:24 <DIR> d-------- C:\registry

2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\windows\system32\xircom

2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\program files\microsoft frontpage

2008-12-20 15:38 . 2008-12-20 15:38 <DIR> d-------- c:\documents and settings\Rene\DoctorWeb

2008-12-20 14:09 . 2008-12-20 14:10 <DIR> d-------- C:\RkUnhooker

2008-12-20 13:46 . 2008-12-21 00:22 250 --a------ c:\windows\gmer.ini

2008-12-20 01:06 . 2008-12-26 15:43 <DIR> d-------- c:\documents and settings\Rene\Application Data\DivX

2008-12-20 01:05 . 2008-11-21 16:47 120,056 --a------ c:\windows\system32\pxcpyi64.exe

2008-12-20 01:05 . 2008-11-21 16:47 118,520 --a------ c:\windows\system32\pxinsi64.exe

2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\Rene\Application Data\SUPERAntiSpyware.com

2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-19 22:50 . 2008-12-19 22:50 <DIR> d-------- c:\program files\FileASSASSIN

2008-12-19 22:48 . 2008-12-19 22:49 <DIR> d-------- c:\program files\RogueRemover FREE

2008-12-19 22:00 . 2008-12-19 22:00 <DIR> d-------- c:\program files\InCode Solutions

2008-12-15 01:39 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr

2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\program files\Lavasoft

2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-12-14 22:28 . 2008-12-26 13:47 <DIR> d--h----- C:\$AVG8.VAULT$

2008-12-14 22:21 . 2008-12-26 13:16 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-12-14 22:21 . 2008-12-14 22:21 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-12-14 22:21 . 2008-12-14 22:21 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-12-14 22:09 . 2008-04-13 23:42 49,152 --a------ c:\windows\system32\svchost.exe

2008-12-14 22:06 . 2008-12-14 22:06 <DIR> d-------- c:\program files\DAEMON Tools

2008-12-14 22:06 . 2008-12-14 22:06 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys

2008-12-14 22:03 . 2008-12-14 22:03 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-12-14 20:59 . 2008-12-26 21:35 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx

2008-12-14 20:59 . 2008-12-26 21:35 11,564 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx

2008-12-14 20:58 . 2008-12-14 20:58 <DIR> d-------- c:\program files\Creative

2008-12-14 20:34 . 2008-12-14 20:34 <DIR> d-------- c:\windows\system32\dllcache

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\WindowsShell.Manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 488 -rah----- c:\windows\system32\logonui.exe.manifest

2008-12-14 20:20 . 2008-12-14 20:20 <DIR> d-------- c:\windows\NV9201656.TMP

2008-12-14 20:20 . 2008-08-02 11:20 198,941 --a------ c:\windows\system32\nvapps.nvb

2008-12-14 20:17 . 2008-04-14 01:40 1,296,669 -ra------ c:\windows\SET9B.tmp

2008-12-14 20:17 . 2008-04-14 01:34 1,088,840 -ra------ c:\windows\SET9E.tmp

2008-12-14 20:17 . 2001-08-23 07:00 24,661 --a------ c:\windows\system32\spxcoins.dll

2008-12-14 20:17 . 2008-04-14 01:34 16,535 -ra------ c:\windows\SETAA.tmp

2008-12-14 20:17 . 2001-08-23 07:00 13,312 --a------ c:\windows\system32\irclass.dll

2008-12-14 19:06 . 2008-12-14 21:40 <DIR> d-------- c:\program files\DAEMON Tools Lite

2008-12-14 18:56 . 2008-12-14 18:56 <DIR> d-------- c:\windows\Downloaded Installations

2008-12-14 18:50 . 2008-12-14 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2008-12-14 18:24 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-12-14 18:13 . 2008-12-14 19:45 51,056 --a------ c:\windows\setupapi.old

2008-12-14 18:01 . 2008-12-14 18:01 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN\Application Data\Malwarebytes

2008-12-14 18:01 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN

2008-12-14 17:53 . 2008-12-14 17:53 <DIR> d-------- c:\program files\Trend Micro

2008-12-14 17:29 . 2008-12-14 17:29 <DIR> d-------- c:\documents and settings\Administrator

2008-12-14 17:09 . 2008-12-14 17:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-14 17:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-14 17:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-14 17:04 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Pro

2008-12-14 16:03 . 2008-12-14 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft

2008-12-14 04:53 . 2008-12-14 14:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-14 04:53 . 2008-12-23 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-14 04:51 . 2008-12-14 20:55 <DIR> d-------- c:\program files\RegCleaner

2008-12-14 04:13 . 2008-12-14 04:13 <DIR> d-------- c:\program files\CCleaner

2008-12-14 03:55 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Lite

2008-12-14 03:55 . 2008-12-14 03:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2008-12-14 02:59 . 2008-12-14 02:59 <DIR> d-------- c:\documents and settings\Rene\Application Data\vlc

2008-12-14 02:58 . 2008-12-14 02:58 <DIR> d-------- c:\program files\VideoLAN

2008-12-14 02:52 . 2008-12-14 02:53 16,320,472 --a------ C:\vlc-0.9.8a-win32.exe

2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\windows\HDTVPlayer v3.5

2008-12-14 02:33 . 2008-12-14 02:37 <DIR> d-------- c:\program files\Uninstall

2008-12-14 02:33 . 2008-12-14 02:33 576,000 --a------ c:\windows\uninstall.exe

2008-12-14 02:33 . 2008-12-10 18:18 22,406 --a------ c:\windows\system32\checksum.exe

2008-12-14 02:33 . 2008-12-12 15:10 176 --a------ c:\windows\system32\eowero.vbs

2008-12-14 02:33 . 2008-12-12 15:09 151 --a------ c:\windows\system32\cks.bat

2008-12-14 02:33 . 2008-12-14 02:37 2 --a------ C:\-931777760

2008-12-14 02:33 . 2008-12-14 17:02 0 --a------ c:\windows\system32\drivers\83eba970.sys

2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\Setup

2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\HDTVXviD Codec

2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\program files\Setup

2008-12-14 02:22 . 2008-12-09 03:10 176 --a------ c:\windows\eower.vbs

2008-12-14 02:22 . 2008-12-09 03:18 45 --a------ c:\windows\sys.bat

2008-12-13 16:49 . 2008-12-13 16:49 <DIR> d-------- c:\documents and settings\Rene\Application Data\Leadertech

2008-12-12 23:54 . 2008-12-12 23:54 <DIR> d-------- c:\windows\system32\LogFiles

2008-12-12 21:42 . 2008-12-14 16:14 <DIR> d--hs---- c:\windows\UmVuZSBNb3Jpbg

2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\windows\system32\foi

2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\temp\REX81

2008-12-12 16:10 . 2008-12-12 16:10 106,130 --a------ c:\windows\runner.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-27 02:17 --------- d-----w c:\documents and settings\Rene\Application Data\Azureus

2008-12-26 23:02 --------- d-----w c:\documents and settings\Rene\Application Data\LimeWire

2008-12-26 18:34 --------- d-----w c:\program files\Vuze

2008-12-23 18:25 --------- d-----w c:\program files\Java

2008-12-20 06:05 --------- d-----w c:\program files\DivX

2008-12-20 03:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-15 04:14 --------- d-----w c:\documents and settings\Rene\Application Data\Microsoft Games

2008-12-15 01:58 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-15 01:57 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2008-12-15 01:57 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2008-12-15 01:33 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-15 01:32 --------- d-----w c:\program files\Microsoft Silverlight

2008-12-14 22:04 --------- d-----w c:\documents and settings\Rene\Application Data\DAEMON Tools

2008-12-14 19:05 --------- d-----w c:\program files\ASUS

2008-12-13 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2008-11-24 22:19 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-11-24 21:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-24 20:42 --------- d-----w c:\program files\7-Zip

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-21 21:47 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf

2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf

2008-11-13 02:14 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories

2008-10-28 09:08 38,972,478 ----a-w c:\windows\PIF\pif3.zip

2008-08-04 02:21 522 ----a-w c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk

2008-08-01 20:05 1,569 ----a-w c:\program files\uninstal.log

2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe

2008-07-31 11:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008073120080801\index.dat

.

 

------- Sigcheck -------

 

2008-07-23 13:59 361600 e88631e21a9caca06104802f9e915115 c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-12-20_15.47.57.87 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-20 02:35:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-26 19:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-12-20 02:35:49 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-12-26 19:00:31 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-12-20 02:35:49 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-26 19:00:31 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-15 01:51:30 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-12-27 02:37:06 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe

+ 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\java.exe

- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2008-12-23 18:25:21 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-12-20 19:53:32 59,908 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-27 02:23:06 59,908 ----a-w c:\windows\system32\perfc009.dat

- 2008-12-20 19:53:32 396,770 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-27 02:23:06 396,770 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-27 02:37:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_730.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2006-10-17 277352]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336]

"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-08-03 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]

"nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"CheckSum"="c:\windows\system32\cks.bat" [2008-12-12 151]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=dsafft.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless PCI_CardBus utility V1.01.exe.lnk

backup=c:\windows\pss\Wireless PCI_CardBus utility V1.01.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater]

-ra------ 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

--a------ 2008-05-19 14:24 91432 c:\program files\CyberLink\Shared files\brs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]

--a------ 2002-12-20 13:26 716800 c:\program files\Canon\BJCard\BJLaunch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJPD HID Control]

--a------ 2003-01-21 15:35 45056 c:\program files\Canon\BJPV\TVMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]

--a------ 2007-09-23 21:55 533944 c:\program files\Druide\Antidote\Gestionnaire Antidote.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003]

--a------ 2003-07-04 12:08 122880 c:\program files\Larousse\Petit Larousse 2004\bin\HIPL2002Popup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

--a------ 2007-03-05 16:57 1103480 c:\program files\Download Manager\DLM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

--------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-07-07 02:34 167936 c:\program files\poweriso\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-08-03 19:32 98304 c:\windows\system32\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-12-04 13:50 1809648 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-03-27 01:35 36352 c:\program files\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\jeux\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\jeux\\dirt\\DiRT.exe"=

"c:\\jeux\\need3\\nfs3.exe"=

"c:\\jeux\\outrun 2006\\OR2006C2C.EXE"=

"c:\\jeux\\trackmania sunrise\\TmSunrise.exe"=

"c:\\jeux\\TEST DRIVE UNLIMITED\\TestDriveUnlimited.exe"=

"c:\\jeux\\neverwinter 2\\nwn2main.exe"=

"c:\\jeux\\neverwinter 2\\nwn2main_amdxp.exe"=

"c:\\jeux\\neverwinter 2\\nwupdate.exe"=

"c:\\jeux\\neverwinter 2\\nwn2server.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\jeux\\grid toca racer\\Grid\\GRID.exe"=

"c:\\jeux\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

 

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-08-20 39472]

R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-07-31 150568]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704]

R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-08-02 4448]

R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-08-02 3328]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-07-31 36864]

R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048]

S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys []

S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys []

S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys []

S1 83eba970;83eba970;c:\windows\system32\drivers\83eba970.sys [2008-12-14 0]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-27 c:\windows\Tasks\wakpqlji.job

- c:\windows\system32\rundll32.exe [2008-04-13 23:42]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{0148d3cd-a4f4-462d-b417-3ecb2cb7554c} - c:\windows\system32\dsafft.dll

BHO-{A01CF18F-7D58-4FA5-980B-D58AD154C6EC} - c:\windows\system32\rqRLdCRk.dll

HKCU-Run-prunnet - c:\windows\system32\prunnet.exe

HKLM-Run-prunnet - c:\windows\system32\prunnet.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-26 21:37:28

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(788)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Canon\BJCard\Bjmcmng.exe

c:\program files\diskkeeper\DkService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\checksum.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2008-12-26 21:39:35 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-27 02:39:33

ComboFix2.txt 2008-12-20 20:48:13

 

Avant-CF: 42 828 718 080 bytes free

Après-CF: 42,791,043,072 bytes free

 

367

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...