Virus myalbum2007

Salut,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

->Fiche complète<-

Salut voila mon rapport

MSN_Fix 1.331

C:\Documents and Settings\Robin\Bureau\MSNFix\MSNFix
Fix exécuté le 05/07/2007 - 15:34:15,00 By Robin
mode normal

************************ Recherche les fichiers présents

... C:\PROGRA~1\winpop\uninstall.exe
... C:\PROGRA~1\winpop\winpop.exe
... C:\WINDOWS\services.dll
... C:\WINDOWS\wr.txt
... C:\WINDOWS\system32\sysprinters.dll

************************ Recherche les dossiers présents

... C:\PROGRA~1\InetGet2\
... C:\PROGRA~1\WinPop\




************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\winpop\uninstall.exe
/!\ ... C:\PROGRA~1\winpop\winpop.exe
/!\ ... C:\WINDOWS\services.dll
.. OK ... C:\WINDOWS\wr.txt
/!\ ... C:\WINDOWS\system32\sysprinters.dll


************************ Suppression des dossiers

.. OK ... C:\PROGRA~1\InetGet2\
/!\ ... C:\PROGRA~1\WinPop\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\winpop\winpop.exe
.. OK ... C:\WINDOWS\services.dll
.. OK ... C:\WINDOWS\system32\sysprinters.dll


************************ Suppression des dossiers

.. OK ... C:\PROGRA~1\WinPop\




************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\logon.scr] 579C78106CB5E1E215A354EF6995B447


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05072007_15370942.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Reposte un rapport Hijackthis.

Salut le voila

Logfile of HijackThis v1.99.1
Scan saved at 20:21:34, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\DOCUME~1\Robin\MESDOC~1\SSTEM~1\nslookup.exe
C:\Documents and Settings\Robin\Application Data\WinTouch\WinTouch.exe
C:\WINDOWS\?dobe\r?ndll.exe
C:\Documents and Settings\Robin\Application Data\Microsoft\Windows\lnfdy.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Robin\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {344E4E8A-8D3B-809F-4F10-FF8DCB55D2BE} - C:\WINDOWS\system32\peemcat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [qservices] C:\WINDOWS\qservice.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Erw] "C:\DOCUME~1\Robin\MESDOC~1\SSTEM~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Robin\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Dmrsfvt] C:\WINDOWS\?dobe\r?ndll.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Robin\Application Data\Microsoft\Windows\lnfdy.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Salut le voila

"Robin" - 2007-07-06 9:32:24 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Robin\MESDOC~1.\sstem~1
C:\DOCUME~1\Robin\MESDOC~1.\sstem~1\nslookup.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\r?ndll.exe
C:\WINDOWS\retadpu420.exe
C:\WINDOWS\services.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\peemcat.dll
C:\WINDOWS\system32\wtsicomsv.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NM
-------\core
-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 09:36 255,568 ---hs---- C:\WINDOWS\services.dll
2007-07-06 09:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 17:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-05 15:42 <REP> d-------- C:\Program Files\Windows Live
2007-07-05 15:42 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-05 15:40 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-05 15:38 137,002 --a------ C:\WINDOWS\k_urlmon.dll
2007-07-05 12:28 <REP> d-------- C:\Program Files\Real
2007-07-05 12:28 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-07-05 12:28 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-07-05 12:28 <REP> d-------- C:\DOCUME~1\Robin\APPLIC~1\Real
2007-07-04 10:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CDTEST
2007-07-03 16:42 22,016 --a------ C:\WINDOWS\b138.exe
2007-07-03 16:18 <REP> d-------- C:\Program Files\MC2
2007-07-03 15:21 10,318 --a------ C:\DOCUME~1\Robin\indtyz.exe
2007-07-03 15:17 10,830 --a------ C:\DOCUME~1\Robin\yozwga.exe
2007-07-03 15:17 10,318 --a------ C:\DOCUME~1\Robin\brtbya.exe
2007-07-03 15:09 10,830 --a------ C:\DOCUME~1\Robin\hwotyh.exe
2007-07-03 15:09 10,318 --a------ C:\DOCUME~1\Robin\auputi.exe
2007-07-03 14:58 <REP> d-------- C:\DOCUME~1\Robin\APPLIC~1\WinTouch
2007-07-03 14:49 10,830 --a------ C:\DOCUME~1\Robin\vainit.exe
2007-07-03 14:49 10,318 --a------ C:\DOCUME~1\Robin\oflcfs.exe
2007-07-03 14:41 10,318 --a------ C:\DOCUME~1\Robin\xjpnuv.exe
2007-07-03 14:36 10,830 --a------ C:\DOCUME~1\Robin\pqbyrz.exe
2007-07-03 14:34 1,085,518 --a------ C:\DOCUME~1\Robin\abutwu.exe
2007-07-03 12:26 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-07-03 11:08 <REP> d-------- C:\Program Files\Pando Networks
2007-07-03 10:33 124,756 --a------ C:\DOCUME~1\Robin\cllxfe.exe
2007-07-03 10:20 124,756 --a------ C:\DOCUME~1\Robin\xyqkau.exe
2007-07-02 20:44 124,756 --a------ C:\DOCUME~1\Robin\mttbwm.exe
2007-07-02 20:44 10,830 --a------ C:\DOCUME~1\Robin\ziplnn.exe
2007-07-02 20:28 10,830 --a------ C:\DOCUME~1\Robin\nvhsfb.exe
2007-07-02 20:28 1,085,518 --a------ C:\DOCUME~1\Robin\adswtw.exe
2007-07-02 20:24 10,830 --a------ C:\DOCUME~1\Robin\meimoz.exe
2007-07-02 20:23 1,085,518 --a------ C:\DOCUME~1\Robin\rusinc.exe
2007-07-02 20:18 10,830 --a------ C:\DOCUME~1\Robin\kyucyh.exe
2007-07-02 20:18 1,085,518 --a------ C:\DOCUME~1\Robin\niwhri.exe
2007-07-02 20:13 124,756 --a------ C:\DOCUME~1\Robin\setztu.exe
2007-07-02 20:13 10,830 --a------ C:\DOCUME~1\Robin\jhcbyz.exe
2007-07-02 20:12 10,830 --a------ C:\DOCUME~1\Robin\kyhdcw.exe
2007-07-02 20:11 124,756 --a------ C:\DOCUME~1\Robin\urghgf.exe
2007-07-02 20:07 10,830 --a------ C:\DOCUME~1\Robin\ajszxa.exe
2007-07-02 20:05 215,560 --a------ C:\DOCUME~1\Robin\ukixgc.exe
2007-07-02 20:01 10,830 --a------ C:\DOCUME~1\Robin\xwaifk.exe
2007-07-02 14:50 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia Shared
2007-07-02 14:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-07-02 11:52 124,756 --a------ C:\DOCUME~1\Robin\mnspft.exe
2007-07-02 11:52 10,830 --a------ C:\DOCUME~1\Robin\zfamzy.exe
2007-07-02 11:47 1,085,518 --a------ C:\DOCUME~1\Robin\cvdsac.exe
2007-07-02 11:39 119,000 --a------ C:\DOCUME~1\Robin\kvaubx.exe
2007-07-02 11:37 124,756 --a------ C:\DOCUME~1\Robin\idorpl.exe
2007-07-02 11:37 10,830 --a------ C:\DOCUME~1\Robin\zfybui.exe
2007-07-02 11:31 10,830 --a------ C:\DOCUME~1\Robin\nuihfm.exe
2007-07-02 11:28 1,085,518 --a------ C:\DOCUME~1\Robin\tuczpg.exe
2007-07-02 11:24 124,756 --a------ C:\DOCUME~1\Robin\swrmdo.exe
2007-07-02 11:24 10,830 --a------ C:\DOCUME~1\Robin\tsozak.exe
2007-07-02 11:18 124,756 --a------ C:\DOCUME~1\Robin\jkspft.exe
2007-07-02 11:18 10,830 --a------ C:\DOCUME~1\Robin\hdymmu.exe
2007-07-02 11:05 1,085,518 --a------ C:\DOCUME~1\Robin\exxcaj.exe
2007-07-02 10:53 124,756 --a------ C:\DOCUME~1\Robin\alsdsp.exe
2007-07-02 10:49 124,756 --a------ C:\DOCUME~1\Robin\fvmasx.exe
2007-07-01 18:31 124,756 --a------ C:\DOCUME~1\Robin\oayrud.exe
2007-07-01 18:29 124,756 --a------ C:\DOCUME~1\Robin\cchjxh.exe
2007-07-01 18:27 1,085,518 --a------ C:\DOCUME~1\Robin\ajhzof.exe
2007-07-01 18:15 1,085,518 --a------ C:\DOCUME~1\Robin\mkzwil.exe
2007-07-01 18:05 1,085,518 --a------ C:\DOCUME~1\Robin\juufkz.exe
2007-07-01 18:03 124,756 --a------ C:\DOCUME~1\Robin\ndqnmf.exe
2007-07-01 17:39 124,756 --a------ C:\DOCUME~1\Robin\yytvgn.exe
2007-07-01 17:18 10,830 --a------ C:\DOCUME~1\Robin\iyhkcp.exe
2007-07-01 16:42 10,830 --a------ C:\DOCUME~1\Robin\sxnzgn.exe
2007-07-01 16:27 10,830 --a------ C:\DOCUME~1\Robin\xchevu.exe
2007-07-01 16:03 124,756 --a------ C:\DOCUME~1\Robin\tiswru.exe
2007-07-01 15:54 1,085,518 --a------ C:\DOCUME~1\Robin\slqbwm.exe
2007-07-01 15:27 10,830 --a------ C:\DOCUME~1\Robin\jvscti.exe
2007-07-01 15:14 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2007-07-01 15:06 <REP> d-------- C:\WINDOWS\system32\wins32
2007-07-01 14:54 136,247 --a------ C:\DOCUME~1\Robin\rmtcav.exe
2007-07-01 14:48 136,247 --a------ C:\DOCUME~1\Robin\iaunca.exe
2007-07-01 14:45 136,247 --a------ C:\DOCUME~1\Robin\wvdtor.exe
2007-07-01 14:36 10,830 --a------ C:\DOCUME~1\Robin\ktztdj.exe
2007-07-01 14:35 <REP> d-------- C:\Program Files\aMSN
2007-07-01 14:35 <REP> d-------- C:\DOCUME~1\Robin\amsn
2007-07-01 14:33 10,830 --a------ C:\DOCUME~1\Robin\afzvfc.exe
2007-07-01 14:32 77,618 --a------ C:\WINDOWS\system32\agnt_mps.exe
2007-07-01 14:32 76,594 --a------ C:\WINDOWS\system32\agnt_msn.exe
2007-07-01 14:32 7,168 --a------ C:\WINDOWS\system32\HookMpi.dll
2007-07-01 14:32 6,656 --a------ C:\WINDOWS\msehk.dll
2007-07-01 14:32 20,480 --a------ C:\WINDOWS\kurlmon.dll
2007-07-01 14:32 16 --a------ C:\WINDOWS\system32\drivers\ksdevice.sys
2007-07-01 14:32 16 --a------ C:\WINDOWS\system32\drivers\KeenSense.sys
2007-07-01 14:31 285,783 ---hs---- C:\WINDOWS\qservice.exe
2007-07-01 14:24 10,830 --a------ C:\DOCUME~1\Robin\wrpcmk.exe
2007-07-01 14:21 124,756 --a------ C:\DOCUME~1\Robin\jsmaek.exe
2007-07-01 14:19 <REP> d-------- C:\Program Files\WinPcap
2007-07-01 14:19 <REP> d-------- C:\Program Files\MsnSniffer2
2007-07-01 14:16 10,830 --a------ C:\DOCUME~1\Robin\kapcwc.exe
2007-07-01 14:09 124,756 --a------ C:\DOCUME~1\Robin\jsmulw.exe
2007-07-01 14:08 124,756 --a------ C:\DOCUME~1\Robin\sezknz.exe
2007-07-01 14:08 <REP> d-------- C:\install
2007-06-29 16:41 <REP> d-------- C:\Program Files\iTunes


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 07:36:18 61,440 ----a-w C:\WINDOWS\system32\bszip.dll
2007-06-21 05:46:40 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-21 05:46:40 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-17 11:08:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 11:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 11:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-04-19 11:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 11:26:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-04-19 11:26:00 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-04-19 11:26:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-04-19 11:26:00 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-04-19 11:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 11:26:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 11:26:00 2,973,696 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-04-19 11:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 11:26:00 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-04-19 11:26:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-04-19 11:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 11:26:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-04-19 11:26:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-04-19 11:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 11:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 11:26:00 118,784 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-04-19 11:26:00 1,732,608 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-04-19 11:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 11:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 11:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 11:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 11:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 11:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 11:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 15:53 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-11-15 21:31]
"Cmaudio"="cmicnfg.cpl" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-07-05 12:28]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"qservices"="C:\WINDOWS\qservice.exe" [2007-07-01 14:32]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-06-18 12:52]
"Erw"="C:\DOCUME~1\Robin\MESDOC~1\SSTEM~1\nslookup.exe" []
"WinTouch"="C:\Documents and Settings\Robin\Application Data\WinTouch\WinTouch.exe" [2007-07-03 14:58]
"Dmrsfvt"="C:\WINDOWS\?dobe\r?ndll.exe" []
"SfKg6w"="C:\Documents and Settings\Robin\Application Data\Microsoft\Windows\lnfdy.exe" [2007-07-03 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 09:35:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\bszip.dll

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-06 9:36:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-06 09:36

--- E O F ---

Installe un antivirus comme Antivir, fais un scan complet puis le rapport.