Pleins de virus !

kilwaxoni

23 Janvier 2008 14:56:07

Bah voila ca y'est j'ai fait le con sur des sites de crack et resultat , vundo , drop agent et compagnie sur mon pc ...

j'ai avira, qui les detecte bien mais ne peut pas les suprimer, j'ai essayé vundo fix qui n'a pas marché puis combofix qui semblait avoir virer vundo mais il m'a fait un grand come back hier. Enfin bref le bordel !

Voila merci beaucoup si vous prenez le temps de m'aider !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:01, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Mon log Hijackthis :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Théo\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddayv.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\prai.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\foxgepvp.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kwari.xLoader - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10448 bytes

Bye !

Autres pages sur : pleins virus

| Etre averti des réponses
| Alerter

Répondre à kilwaxoni

XmichouX

23 Janvier 2008 17:00:33

Salut,

N'utilise pas des tools que tu ne connais pas sur ton pc

1. Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

2. Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

| Alerter

Répondre à XmichouX

kilwaxoni

23 Janvier 2008 17:13:33

OKay merci beaucoup ! la je doit y aller je te passe le rapport vers 8h30 !! encore merci !

| Alerter

Répondre à kilwaxoni

kilwaxoni

23 Janvier 2008 20:33:02

Aller avec un petit peu de retard :

Rapport SDFix , le combo arrive don't worry !

SDFix: Version 1.131

Run by *Vous allez pas savoir mon nom euuuh* on 23/01/2008 at 21:08

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

Folder C:\Program Files\Fichiers communs\Carlson - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 21:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,1c,96,ce,1a,83,35,44,a7,60,19,68,7a,95,20,86,34,1e,f2,05,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:95,79,a8,e3,47,33,e8,b7,25,74,f6,f3,0a,18,6f,30,a0,d7,e3,8c,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,1c,96,ce,1a,83,35,44,a7,60,19,68,7a,95,20,86,34,1e,f2,05,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:95,79,a8,e3,47,33,e8,b7,25,74,f6,f3,0a,18,6f,30,a0,d7,e3,8c,29,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 306

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Steam\\steamapps\\zonehl2\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\zonehl2\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr .exe"="C:\\Program Files\\MSN Messenger\\msnmsgr .exe:*:Enabled:Messenger"
"C:\\WINDOWS\\system32\\foxgepvp.exe"="C:\\WINDOWS\\system32\\fox"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 23 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 16 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Th‚o\Application Data\U3\temp\Launchpad Removal.exe"
Tue 10 Jul 2007 126,976 A..H. --- "C:\Documents and Settings\Th‚o\Mes documents\Local Settings\Temp\~9.tmp"
Sun 1 Jul 2007 126,976 A..H. --- "C:\Documents and Settings\Th‚o\Mes documents\Local Settings\Temp\~F4.tmp"

Finished!

Merci encore , j'ai suivit a la lettre tes indications !

| Alerter

Répondre à kilwaxoni

XmichouX

23 Janvier 2008 20:44:50

tu feras ceci en plus :

Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<<)
Dézippe-le sur ton bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

Si tu dois redémarrer l’ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci

| Alerter

Répondre à XmichouX

kilwaxoni

23 Janvier 2008 20:53:01

Re le rapport combo fix ! (que mon antivirus a bloqué comme un sinistre cretin qu'il est)

ComboFix 08-01-23.2 - *Vous ne saurez pas mon nom euh* 2008-01-23 21:37:59.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.658 [GMT 1:00]
Endroit: E:\*Vous ne saurez pas mon nom euh*\Firefox Downloads\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

<pre>

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 21:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:46 . 2008-01-23 18:34 <REP> d-------- C:\Program Files\Steam
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 13:47 . 2008-01-20 22:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 13:47 . 2008-01-20 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-15 19:51 . 2008-01-15 19:51 <REP> d-------- C:\VundoFix Backups
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-01-14 15:46 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:13 . 2008-01-23 18:34 377,344 --a------ C:\WINDOWS\CTRegRun.EXE
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-03 15:52 . 2008-01-03 15:52 286,720 --a------ C:\WINDOWS\system32\prxf.dll
2008-01-03 11:35 . 2008-01-03 11:35 712,704 --a------ C:\WINDOWS\system32\prph.dll
2008-01-02 22:49 . 2008-01-02 22:49 118,784 --a------ C:\WINDOWS\system32\prai.dll
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:56 . 2007-12-30 12:57 740 --a------ C:\temp.html
2007-12-29 20:17 . 2007-12-29 20:17 268 --ah----- C:\sqmdata19.sqm
2007-12-29 20:17 . 2007-12-29 20:17 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 15:31 . 2007-12-29 23:16 <REP> d-------- C:\Mes Sites Web
2007-12-28 15:21 . 2008-01-12 13:02 <REP> d-------- C:\Program Files\FlashGet
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-25 11:36 . 2007-12-25 11:36 <REP> d-------- C:\driver
2007-12-25 11:20 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\M-Audio
2007-12-24 16:05 . 2007-12-25 22:20 <REP> d-------- C:\Program Files\XMoto
2007-12-23 00:55 . 2007-12-23 00:55 268 --ah----- C:\sqmdata18.sqm
2007-12-23 00:55 . 2007-12-23 00:55 244 --ah----- C:\sqmnoopt18.sqm
2007-12-23 00:41 . 2004-12-30 01:21 917,504 --a------ C:\WINDOWS\system32\p2g1123837.bin
2007-12-23 00:31 . 2005-03-12 09:50 3,563,520 --a------ C:\WINDOWS\system32\WL300g_1.9.3.6_EN.trx
2007-12-23 00:31 . 2006-09-18 22:04 3,226,538 --a------ C:\WINDOWS\system32\WL600g_1028A

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:40 --------- d-----w C:\Program Files\MSN Messenger
2008-01-21 08:22 --------- d-----w C:\Program Files\iTunes
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-15 20:13 --------- d-----w C:\Program Files\GamesBar
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-30 17:40 --------- d-----w C:\Program Files\StuffPlug3
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-18 21:44 --------- d-----w C:\Program Files\Universal Content Launcher
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-09 13:02 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 20:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-06 20:03 --------- d-----w C:\Program Files\nerds.de
2007-12-06 20:03 --------- d-----w C:\Program Files\Fractalis Software
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-28 17:19 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-11-28 08:43 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 08:13 --------- d-----w C:\Program Files\Gamenext
2007-11-28 08:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-11-27 13:08 --------- d-----w C:\Program Files\7-Zip
2007-11-26 15:06 --------- d-----w C:\Program Files\Firaxis Games
.

<pre>

----a-w         5,724,184 2008-01-23 14:05:47  C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe

</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-15_21.22.08.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-28 08:53:15 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-01-20 19:44:24 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-11-28 08:53:16 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-01-20 19:44:25 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-11-28 08:53:16 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-01-20 19:44:25 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-01-20 19:44:12 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:13 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:16 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-28 08:53:17 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:17 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-26 15:06:00 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:18 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:18 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:20 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:20 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:21 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-20 19:44:26 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-28 08:53:17 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-01-20 19:44:26 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-11-28 08:53:18 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-01-20 19:44:27 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-11-28 08:53:18 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-01-20 19:44:27 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-11-28 08:53:18 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-01-20 19:44:28 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-11-28 08:53:14 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-01-20 19:44:23 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Debug\Framework\NETFXSBS10.exe
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_diasymreader.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_iehost.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 07:42:38 5,632 ----a-w C:\WINDOWS\Debug\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_mscordbi.dll
+ 2002-07-19 09:52:48 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_mscorrc.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_mscorsec.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_system.data.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 10:45:32 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Debug\Framework\sbs_wminet_utils.dll
+ 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Debug\Framework\sbscmp10.dll
+ 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Debug\Framework\v1.0.3705\mscormmc.dll
- 2008-01-15 20:03:05 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:37:21 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 20:03:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 20:03:05 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 20:37:22 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 20:03:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 20:03:07 6,602,752 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 20:37:25 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 20:03:07 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 20:37:25 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 14:54:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-23 20:07:10 7,139,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:07:10 176,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-23 14:54:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-23 20:07:00 7,139,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:07:00 176,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2007-08-02 10:25:00 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-01-23 14:46:51 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-01-15 22:03:15 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-01-16 19:23:12 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2008-01-16 19:23:15 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-01-16 19:23:14 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-01-16 19:23:14 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2008-01-16 19:23:14 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-01-16 19:23:12 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2007-12-12 20:26:13 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
+ 2008-01-20 21:33:26 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
+ 2008-01-15 22:03:02 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-01-20 18:54:23 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-20 18:54:23 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-20 18:54:23 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-20 18:54:23 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2008-01-15 09:10:07 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-01-23 14:24:37 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2004-09-29 11:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-12-01 14:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 18:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 16:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 13:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 16:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 06:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 10:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-09-29 05:56:38 28,248 ----a-r C:\WINDOWS\system32\AdobePDF.dll
+ 2003-10-17 11:44:08 89,088 ----a-r C:\WINDOWS\system32\atl71.dll
- 2007-12-21 16:54:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-22 13:20:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-21 16:54:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-22 13:20:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-21 16:54:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-22 13:20:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-12 15:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-03-15 15:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2005-07-22 18:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-05 17:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 15:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
- 2007-09-22 10:53:15 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2001-08-24 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2008-01-14 21:15:33 1,437,952 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-15 23:20:05 1,438,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-09-22 10:53:15 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
+ 2004-08-19 23:09:54 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2007-02-20 14:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
- 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 15:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 15:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-02-20 15:15:42 40,960 ----a-r C:\WINDOWS\system32\MFC71CHS.DLL
+ 2004-02-20 15:15:42 45,056 ----a-r C:\WINDOWS\system32\MFC71CHT.DLL
+ 2004-02-20 15:15:42 65,536 ----a-r C:\WINDOWS\system32\MFC71DEU.DLL
+ 2003-10-17 11:44:08 57,344 ----a-r C:\WINDOWS\system32\MFC71ENU.DLL
+ 2004-02-20 15:15:42 61,440 ----a-r C:\WINDOWS\system32\MFC71ESP.DLL
+ 2004-02-20 15:15:42 61,440 ----a-r C:\WINDOWS\system32\MFC71FRA.DLL
+ 2004-02-20 15:15:42 61,440 ----a-r C:\WINDOWS\system32\MFC71ITA.DLL
+ 2004-02-20 15:15:42 49,152 ----a-r C:\WINDOWS\system32\MFC71JPN.DLL
+ 2004-02-20 15:15:42 49,152 ----a-r C:\WINDOWS\system32\MFC71KOR.DLL
+ 2004-02-20 15:47:26 1,047,552 ----a-r C:\WINDOWS\system32\mfc71u.dll
+ 2007-03-12 13:02:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2007-11-18 11:15:22 71,504 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-19 08:02:30 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-18 11:15:22 86,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-19 08:02:30 84,468 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-18 11:15:22 461,178 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-19 08:02:30 457,488 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-18 11:15:22 536,006 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-19 08:02:30 532,354 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-01-19 10:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-01-19 11:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-05-10 22:13:07 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2007-05-10 22:13:22 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2007-05-10 22:13:07 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\AdReGP.dll
+ 2007-05-10 22:13:22 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.dll
- 2007-09-22 10:53:15 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
+ 2001-08-24 12:00:00 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
- 2007-04-09 15:09:44 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
+ 2007-04-03 04:31:38 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
- 2007-04-09 15:09:44 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
+ 2007-04-03 04:31:38 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
- 2007-04-09 15:09:44 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
+ 2007-04-03 04:31:38 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
+ 2006-02-03 07:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 11:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-07-19 23:54:28 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
+ 2006-02-03 07:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 06:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 08:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2006-03-31 11:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 08:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-04 17:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-05 17:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
+ 2006-12-01 21:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-06-05 14:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 14:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 14:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 14:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
+ 2006-12-01 23:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 23:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 23:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-06-05 14:28:32 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHS.dll
+ 2006-06-05 14:28:32 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHT.dll
+ 2006-06-05 14:28:32 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80DEU.dll
+ 2006-06-05 14:28:34 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ENU.dll
+ 2006-06-05 14:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ESP.dll
+ 2006-06-05 14:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80FRA.dll
+ 2006-06-05 14:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ITA.dll
+ 2006-06-05 14:28:32 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80JPN.dll
+ 2006-06-05 14:28:34 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80KOR.dll
+ 2006-12-01 23:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f5ebbb-c6b5-425e-86e9-83b4e105bbcd}]
C:\WINDOWS\system32\rlposstq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Steam"="c:\program files\steam\steam.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2008-01-23 18:34 377344]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-22 17:33 961024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResearch]
C:\WINDOWS\system32\prls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\prai.dll

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152c8ab0-a4ec-11dc-bcd3-00173118acba}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 21:47:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.

| Alerter

Répondre à kilwaxoni

kilwaxoni

23 Janvier 2008 20:54:39

Ps: je vais essayer Msnfix , mais j'avait deja eu un probleme avec un virus msn il ya 3/4 mois que j'avait reglé aisement

| Alerter

Répondre à kilwaxoni

XmichouX

23 Janvier 2008 20:54:55

Tu repasseras une fois Combofix après

| Alerter

Répondre à XmichouX

kilwaxoni

23 Janvier 2008 20:57:29

Bon bah msnfix comme je le pensait me dit qu'il n'y a aucune infection.

| Alerter

Répondre à kilwaxoni

kilwaxoni

23 Janvier 2008 20:57:44

J'attend les ordres

| Alerter

Répondre à kilwaxoni

XmichouX

23 Janvier 2008 21:06:49

Repasse Combofix, poste le rapport.

| Alerter

Répondre à XmichouX

kilwaxoni

23 Janvier 2008 21:10:18

Okay dacodac je te poste le rapport demain , encore merci pour ton aide !! Heureusement que les gens comme toi existent !

que ferions nous sinon ?

| Alerter

Répondre à kilwaxoni

XmichouX

23 Janvier 2008 21:34:21

Formatage

| Alerter

Répondre à XmichouX

kilwaxoni

24 Janvier 2008 11:27:45

effectivement ...

Aller le 2ieme rapport combo fix !

Apparement Avira ne fait plus ses bipbip au demarage, ca me semble bon !

A toi d'y voir clair !

Merci !

ComboFix 08-01-23.2 - *et nan* 2008-01-24 12:16:10.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.664 [GMT 1:00]
Endroit: E:\*pas cette fois*\Firefox Downloads\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

<pre>

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers créés 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 21:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:46 . 2008-01-23 18:34 <REP> d-------- C:\Program Files\Steam
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 13:47 . 2008-01-20 22:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 13:47 . 2008-01-20 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-15 19:51 . 2008-01-15 19:51 <REP> d-------- C:\VundoFix Backups
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-01-14 15:46 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:13 . 2008-01-23 18:34 377,344 --a------ C:\WINDOWS\CTRegRun.EXE
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-03 15:52 . 2008-01-03 15:52 286,720 --a------ C:\WINDOWS\system32\prxf.dll
2008-01-03 11:35 . 2008-01-03 11:35 712,704 --a------ C:\WINDOWS\system32\prph.dll
2008-01-02 22:49 . 2008-01-02 22:49 118,784 --a------ C:\WINDOWS\system32\prai.dll
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:56 . 2007-12-30 12:57 740 --a------ C:\temp.html
2007-12-29 20:17 . 2007-12-29 20:17 268 --ah----- C:\sqmdata19.sqm
2007-12-29 20:17 . 2007-12-29 20:17 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 15:31 . 2007-12-29 23:16 <REP> d-------- C:\Mes Sites Web
2007-12-28 15:21 . 2008-01-12 13:02 <REP> d-------- C:\Program Files\FlashGet
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-25 11:36 . 2007-12-25 11:36 <REP> d-------- C:\driver
2007-12-25 11:20 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\M-Audio
2007-12-24 16:05 . 2007-12-25 22:20 <REP> d-------- C:\Program Files\XMoto

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:40 --------- d-----w C:\Program Files\MSN Messenger
2008-01-21 08:22 --------- d-----w C:\Program Files\iTunes
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-15 20:13 --------- d-----w C:\Program Files\GamesBar
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-30 17:40 --------- d-----w C:\Program Files\StuffPlug3
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-26 16:30 679,936 ----a-w C:\WINDOWS\system32\D3DX81ab.dll
2007-12-26 16:30 1,970,176 ----a-w C:\WINDOWS\system32\d3dx9.dll
2007-12-18 21:44 --------- d-----w C:\Program Files\Universal Content Launcher
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-09 13:02 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 20:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-06 20:03 --------- d-----w C:\Program Files\nerds.de
2007-12-06 20:03 --------- d-----w C:\Program Files\Fractalis Software
2007-12-06 12:50 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-28 17:19 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-11-28 12:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-28 08:43 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 08:13 --------- d-----w C:\Program Files\Gamenext
2007-11-28 08:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-11-27 13:08 --------- d-----w C:\Program Files\7-Zip
2007-11-26 15:06 --------- d-----w C:\Program Files\Firaxis Games
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-03 12:29 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2007-11-02 18:00 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
2007-11-02 18:00 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.

<pre>

----a-w         5,724,184 2008-01-23 14:05:47  C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe

</pre>

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f5ebbb-c6b5-425e-86e9-83b4e105bbcd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2008-01-23 18:34 377344]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-22 17:33 961024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\Vincent\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-02-02 16:55:10 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResearch]
C:\WINDOWS\system32\prls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\prai.dll

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152c8ab0-a4ec-11dc-bcd3-00173118acba}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 12:22:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.

| Alerter

Répondre à kilwaxoni

XmichouX

24 Janvier 2008 12:54:50

Re,

Désinstalle GamesBar via ajout/suppr de programmes.

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prls.dll
C:\WINDOWS\system32\prxf.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prai.dll

Folder::
C:\Program Files\GamesBar
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResearch]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

| Alerter

Répondre à XmichouX

kilwaxoni

24 Janvier 2008 20:14:34

Bon combofix est en train de scanner , euh sinon pour les virus j'ai rien dit , ils y sont toujours ... c'est juste que javait desactivé Avira -_-"

Je te poste le scan dans 2 min !

Merci encore

| Alerter

Répondre à kilwaxoni

kilwaxoni

24 Janvier 2008 20:40:54

hey voila !!

ComboFix 08-01-23.2 - *HAHA* 2008-01-24 21:24:00.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 1:00]
Endroit: E:\*Et non !*\Firefox Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Théo\Bureau\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prls.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prxf.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prxf.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
---- Previous Run -------
.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

<pre>

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))))))))
.

2008-01-24 20:11 . 2008-01-24 20:11 41,984 --a------ C:\WINDOWS\CTRegRun .EXE
2008-01-23 21:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 13:47 . 2008-01-24 14:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 13:47 . 2008-01-20 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-01-14 15:46 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:13 . 2008-01-23 18:34 377,344 --a------ C:\WINDOWS\CTRegRun.EXE
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:56 . 2007-12-30 12:57 740 --a------ C:\temp.html
2007-12-29 20:17 . 2007-12-29 20:17 268 --ah----- C:\sqmdata19.sqm
2007-12-29 20:17 . 2007-12-29 20:17 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 15:31 . 2007-12-29 23:16 <REP> d-------- C:\Mes Sites Web
2007-12-28 15:21 . 2008-01-12 13:02 <REP> d-------- C:\Program Files\FlashGet
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-25 11:36 . 2007-12-25 11:36 <REP> d-------- C:\driver
2007-12-25 11:20 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\M-Audio
2007-12-24 16:05 . 2007-12-25 22:20 <REP> d-------- C:\Program Files\XMoto

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 19:12 --------- d-----w C:\Program Files\MSN Messenger
2008-01-21 08:22 --------- d-----w C:\Program Files\iTunes
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-30 17:40 --------- d-----w C:\Program Files\StuffPlug3
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-18 21:44 --------- d-----w C:\Program Files\Universal Content Launcher
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-09 13:02 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 20:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-06 20:03 --------- d-----w C:\Program Files\nerds.de
2007-12-06 20:03 --------- d-----w C:\Program Files\Fractalis Software
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-28 17:19 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-11-28 08:43 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 08:13 --------- d-----w C:\Program Files\Gamenext
2007-11-28 08:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-11-27 13:08 --------- d-----w C:\Program Files\7-Zip
2007-11-26 15:06 --------- d-----w C:\Program Files\Firaxis Games
.

<pre>

----a-w           620,152 2008-01-24 19:12:01  C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe

----a-w         5,724,184 2008-01-23 14:05:47  C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe

----a-w            41,984 2008-01-24 19:11:57  C:\WINDOWS\CTRegRun .EXE

</pre>

((((((((((((((((((((((((((((( snapshot_2008-01-23_21.49.46.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 20:37:21 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-24 20:23:34 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-24 20:23:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 20:37:22 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-24 20:23:34 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-24 20:23:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 20:37:25 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-24 20:23:35 7,122,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 20:37:25 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 20:23:35 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 20:23:35 4,575,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\NTUSER.DAT
+ 2008-01-24 20:23:35 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
- 2008-01-23 14:46:51 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-01-24 12:07:40 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2008-01-23 14:24:37 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-01-24 12:08:17 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Steam"="D:\Program Files\Steam.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2008-01-23 18:34 377344]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-22 17:33 961024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152c8ab0-a4ec-11dc-bcd3-00173118acba}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 21:35:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.

| Alerter

Répondre à kilwaxoni

XmichouX

25 Janvier 2008 18:52:18

Re,

Copie le texte se situant dans le cadre ci-dessous :

RenV::
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\CTRegRun .EXE

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

| Alerter

Répondre à XmichouX

kilwaxoni

25 Janvier 2008 21:31:50

Hey voila !

ComboFix 08-01-23.2 - *

* 2008-01-25 22:16:41.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.623 [GMT 1:00]
Endroit: E:\*^_^*\Firefox Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\*-_-*\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
---- Previous Run -------
.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\VundoFix Backups
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prxf.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

<pre>

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 11:48 . 2008-01-25 11:48 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-24 20:11 . 2008-01-25 20:45 41,984 --a------ C:\WINDOWS\CTRegRun .EXE
2008-01-23 21:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 13:47 . 2008-01-25 20:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 13:47 . 2008-01-24 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-01-14 15:46 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:13 . 2008-01-23 18:34 377,344 --a------ C:\WINDOWS\CTRegRun.EXE
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:56 . 2007-12-30 12:57 740 --a------ C:\temp.html
2007-12-29 20:17 . 2007-12-29 20:17 268 --ah----- C:\sqmdata19.sqm
2007-12-29 20:17 . 2007-12-29 20:17 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 15:31 . 2007-12-29 23:16 <REP> d-------- C:\Mes Sites Web
2007-12-28 15:21 . 2008-01-12 13:02 <REP> d-------- C:\Program Files\FlashGet
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-25 11:36 . 2007-12-25 11:36 <REP> d-------- C:\driver
2007-12-25 11:20 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\M-Audio

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 19:46 --------- d-----w C:\Program Files\iTunes
2008-01-25 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-01-25 10:54 --------- d-----w C:\Program Files\StuffPlug3
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-25 21:20 --------- d-----w C:\Program Files\XMoto
2007-12-18 21:44 --------- d-----w C:\Program Files\Universal Content Launcher
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-09 13:02 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 20:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-06 20:03 --------- d-----w C:\Program Files\nerds.de
2007-12-06 20:03 --------- d-----w C:\Program Files\Fractalis Software
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-28 17:19 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-11-28 08:43 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 08:13 --------- d-----w C:\Program Files\Gamenext
2007-11-28 08:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-11-27 13:08 --------- d-----w C:\Program Files\7-Zip
2007-11-26 15:06 --------- d-----w C:\Program Files\Firaxis Games
.

<pre>

----a-w           620,152 2008-01-25 19:45:29  C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe

----a-w         5,724,184 2008-01-23 14:05:47  C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe

----a-w            41,984 2008-01-25 19:45:22  C:\WINDOWS\CTRegRun .EXE

</pre>

((((((((((((((((((((((((((((( snapshot_2008-01-23_21.49.46.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 20:37:21 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 21:15:29 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 21:15:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 20:37:22 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 21:15:30 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 21:15:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 20:37:25 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 21:15:30 7,122,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 20:37:25 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 21:15:30 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 21:15:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\UsrClass.dat
+ 2008-01-25 21:15:30 4,734,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\NTUSER.DAT
+ 2008-01-25 21:15:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000009\UsrClass.dat
- 2008-01-23 14:46:51 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-01-24 12:07:40 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2008-01-20 21:33:26 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
+ 2008-01-24 20:49:57 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
- 2008-01-23 14:24:37 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-01-24 20:44:00 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Steam"="D:\Program Files\Steam.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2008-01-23 18:34 377344]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-22 17:33 961024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152c8ab0-a4ec-11dc-bcd3-00173118acba}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-25 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 22:25:43
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.

| Alerter

Répondre à kilwaxoni

XmichouX

26 Janvier 2008 21:25:39

Re,

Désolé pour le retard.

Sélectionne l’intégralité du cadre ci-dessous :

@echo off & cls
copy /y "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe" "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
copy /y "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
copy /y "C:\WINDOWS\CTRegRun .EXE" "C:\WINDOWS\CTRegRun.EXE"
exit

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus.

++++++++++

Supprime Combofix, retélécharge le, relance le et poste moi le rapport.

| Alerter

Répondre à XmichouX

kilwaxoni

27 Janvier 2008 18:51:09

Salut ! Merci de toujours porter un interet au sujet !

ComboFix 08-01-23.2 - *ololjor²* 2008-01-27 19:33:52.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.618 [GMT 1:00]
Endroit: E:\*kikoolol*\Firefox Downloads\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
---- Previous Run -------
.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\VundoFix Backups
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prxf.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

<pre>

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 11:48 . 2008-01-25 11:48 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-23 21:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 13:47 . 2008-01-25 20:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 13:47 . 2008-01-24 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-01-14 15:46 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:13 . 2008-01-23 18:34 377,344 --a------ C:\WINDOWS\CTRegRun.EXE
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:56 . 2007-12-30 12:57 740 --a------ C:\temp.html
2007-12-29 20:17 . 2007-12-29 20:17 268 --ah----- C:\sqmdata19.sqm
2007-12-29 20:17 . 2007-12-29 20:17 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 15:31 . 2007-12-29 23:16 <REP> d-------- C:\Mes Sites Web
2007-12-28 15:21 . 2008-01-12 13:02 <REP> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 18:40 --------- d-----w C:\Program Files\MSN Messenger
2008-01-25 19:46 --------- d-----w C:\Program Files\iTunes
2008-01-25 10:54 --------- d-----w C:\Program Files\StuffPlug3
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-25 21:20 --------- d-----w C:\Program Files\XMoto
2007-12-25 10:41 --------- d-----w C:\Program Files\M-Audio
2007-12-18 21:44 --------- d-----w C:\Program Files\Universal Content Launcher
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-09 13:02 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 20:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-06 20:03 --------- d-----w C:\Program Files\nerds.de
2007-12-06 20:03 --------- d-----w C:\Program Files\Fractalis Software
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-28 17:19 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-11-28 08:43 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 08:13 --------- d-----w C:\Program Files\Gamenext
2007-11-28 08:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-11-27 13:08 --------- d-----w C:\Program Files\7-Zip
.

((((((((((((((((((((((((((((( snapshot_2008-01-23_21.49.46.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 20:37:21 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 21:15:29 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 21:15:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 20:37:22 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 21:15:30 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 21:15:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 20:37:25 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 21:15:30 7,122,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 20:37:25 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 21:15:30 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 21:15:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\UsrClass.dat
+ 2008-01-25 21:15:30 4,734,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\NTUSER.DAT
+ 2008-01-25 21:15:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000009\UsrClass.dat
- 2008-01-23 14:46:51 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-01-24 12:07:40 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2008-01-20 21:33:26 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
+ 2008-01-24 20:49:57 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
- 2008-01-23 14:24:37 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-01-26 10:54:15 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
- 2008-01-15 23:20:05 1,438,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-27 18:24:54 1,447,232 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Steam"="D:\Program Files\Steam.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2008-01-23 18:34 377344]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-22 17:33 961024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152c8ab0-a4ec-11dc-bcd3-00173118acba}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-25 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 19:43:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
et voila !

| Alerter

Répondre à kilwaxoni

XmichouX

27 Janvier 2008 18:58:02

T'es sûr que tu me postes pas le même rapport à chaque fois ?

| Alerter

Répondre à XmichouX

kilwaxoni

28 Janvier 2008 13:55:56

euh nan je pense pas

la j'ai reinstallé combofix , et rescaner donc jpense pas que ca puisse etre le meme

| Alerter

Répondre à kilwaxoni

XmichouX

28 Janvier 2008 17:59:51

Je voudrais être sur quand même.
Supprime tous les rapports combofix présents dans c :\
Refais un scna et poste moi le rapport;

P.S: où en sont tes problèmes ?

| Alerter

Répondre à XmichouX

kilwaxoni

30 Janvier 2008 15:54:50

re, desolé je n'etais pas tres disponible ces derniers jours, et bien j'ai toujours des virus

je te poste le scan dans 10 min !

Merci encore !

| Alerter

Répondre à kilwaxoni

kilwaxoni

30 Janvier 2008 16:48:06

ComboFix 08-01-23.2 - *niark niark* 2008-01-30 16:57:27.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.623 [GMT 1:00]
Endroit: C:\Documents and Settings\*ololjor*\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
---- Previous Run -------
.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\VundoFix Backups
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prxf.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

<pre>

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> QooBox

C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox

C:\WINDOWS\CTRegRun .EXE ---> QooBox

C:\WINDOWS\system32\ctfmon .exe ---> QooBox

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
.

2008-01-29 20:03 . 2006-11-05 00:33 1,511,424 --a------ C:\SubSteamDOS.exe
2008-01-25 11:48 . 2008-01-25 11:48 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-23 21:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 13:47 . 2008-01-30 14:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 13:47 . 2008-01-24 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-01-14 15:46 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:13 . 2008-01-30 09:34 377,344 --a------ C:\WINDOWS\CTRegRun.EXE
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:56 . 2007-12-30 12:57 740 --a------ C:\temp.html
2007-12-29 20:17 . 2007-12-29 20:17 268 --ah----- C:\sqmdata19.sqm
2007-12-29 20:17 . 2007-12-29 20:17 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 15:31 . 2007-12-29 23:16 <REP> d-------- C:\Mes Sites Web
2007-12-28 15:21 . 2008-01-12 13:02 <REP> d-------- C:\Program Files\FlashGet
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-25 11:43 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-25 11:36 . 2007-12-25 11:36 <REP> d-------- C:\driver
2007-12-25 11:20 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\M-Audio
2007-12-24 16:05 . 2007-12-25 22:20 <REP> d-------- C:\Program Files\XMoto
2007-12-23 00:55 . 2007-12-23 00:55 268 --ah----- C:\sqmdata18.sqm
2007-12-23 00:55 . 2007-12-23 00:55 244 --ah----- C:\sqmnoopt18.sqm
2007-12-23 00:41 . 2004-12-30 01:21 917,504 --a------ C:\WINDOWS\system32\p2g1123837.bin
2007-12-23 00:31 . 2005-03-12 09:50 3,563,520 --a------ C:\WINDOWS\system32\WL300g_1.9.3.6_EN.trx
2007-12-23 00:31 . 2006-09-18 22:04 3,226,538 --a------ C:\WINDOWS\system32\WL600g_1028A
2007-12-22 19:23 . 2007-12-22 19:23 268 --ah----- C:\sqmdata17.sqm
2007-12-22 19:23 . 2007-12-22 19:23 244 --ah----- C:\sqmnoopt17.sqm
2007-12-21 22:50 . 2007-12-21 22:50 268 --ah----- C:\sqmdata16.sqm
2007-12-21 22:50 . 2007-12-21 22:50 244 --ah----- C:\sqmnoopt16.sqm
2007-12-21 17:56 . 2007-12-21 17:56 268 --ah----- C:\sqmdata15.sqm
2007-12-21 17:56 . 2007-12-21 17:56 244 --ah----- C:\sqmnoopt15.sqm
2007-12-18 22:12 . 2007-12-18 22:12 268 --ah----- C:\sqmdata14.sqm
2007-12-18 22:12 . 2007-12-18 22:12 244 --ah----- C:\sqmnoopt14.sqm
2007-12-17 22:07 . 2007-12-17 22:07 268 --ah----- C:\sqmdata13.sqm
2007-12-17 22:07 . 2007-12-17 22:07 244 --ah----- C:\sqmnoopt13.sqm
2007-12-14 18:02 . 2007-12-18 22:44 <REP> d-------- C:\Program Files\Universal Content Launcher
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-09 14:27 . 2008-01-25 11:54 <REP> d-------- C:\Program Files\StuffPlug3
2007-12-09 14:02 . 2007-12-09 14:02 <REP> d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 21:03 . 2007-12-06 21:03 <REP> d-------- C:\Program Files\nerds.de
2007-12-06 21:03 . 2007-12-06 21:03 <REP> d-------- C:\Program Files\Fractalis Software
2007-12-06 21:03 . 2007-12-06 21:03 <REP> d-------- C:\myinst
2007-12-06 21:03 . 2007-12-06 21:03 720,896 --a------ C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 16:03 --------- d-----w C:\Program Files\MSN Messenger
2008-01-29 18:50 --------- d-----w C:\Program Files\Apple Software Update
2008-01-25 19:46 --------- d-----w C:\Program Files\iTunes
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-28 17:19 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-11-28 08:43 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 08:13 --------- d-----w C:\Program Files\Gamenext
2007-11-28 08:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
.

((((((((((((((((((((((((((((( snapshot_2008-01-23_21.49.46.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 20:37:21 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 21:15:29 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 21:15:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 20:37:22 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 21:15:30 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 20:37:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 21:15:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 20:37:25 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 21:15:30 7,122,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 20:37:25 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 21:15:30 176,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 21:15:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\UsrClass.dat
+ 2008-01-25 21:15:30 4,734,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\NTUSER.DAT
+ 2008-01-25 21:15:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000009\UsrClass.dat
- 2008-01-23 14:46:51 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2008-01-24 12:07:40 27,648 ----a-r C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2008-01-20 21:33:26 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
+ 2008-01-24 20:49:57 102,400 ----a-r C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
- 2008-01-23 14:24:37 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-01-30 13:05:54 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
- 2008-01-15 23:20:05 1,438,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-27 18:24:54 1,447,232 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2008-01-30 09:34 377344]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-30 09:34 961024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-25 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 17:42:43
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.

| Alerter

Répondre à kilwaxoni

XmichouX

30 Janvier 2008 20:37:39

Re,

Renomme ces fichiers :
- C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
- C:\Program Files\MSN Messenger\msnmsgr .exe
- C:\WINDOWS\CTRegRun .EXE
- C:\WINDOWS\system32\ctfmon .exe

En enlevant les espaces.
Ex : - C:\WINDOWS\system32\ctfmon .exe devient
C:\WINDOWS\system32\ctfmon.exe

| Alerter

Répondre à XmichouX

kilwaxoni

31 Janvier 2008 12:00:54

aah c'est pour ca que j'ai des raccourcis qui disparaissent !!

ps : je suis toujours bel et bien infecté par drop agent et vundo

Merci encore !

| Alerter

Répondre à kilwaxoni

XmichouX

31 Janvier 2008 17:04:03

Des raccourcis qui disparaissent ?

Repasse Combofix, poste son nouveau rapport, vérifie bien que c'est le bon rapport avant de le poster

| Alerter

Répondre à XmichouX

kilwaxoni

31 Janvier 2008 18:47:02

bah euh pour les raccourcits je pense qu'on va faire abstraction de la chose car jcrois que ca va etre encore plus le bordel

Euh sinon bah les rapport je les prends dans c:\combofix\combofix.txt c'est pas la ? a chaque fois je verifie bien la date et lheure et ca corespond !

| Alerter

Répondre à kilwaxoni

XmichouX

31 Janvier 2008 19:38:29

ok

| Alerter

Répondre à XmichouX

kilwaxoni

1 Février 2008 16:55:04

Rebonjour ! bah j'ai desactivé une fonction de windows qui faisait un backup des dll ou je ne sait quoi et j'ai repassé combofix^^ le rapport :

ComboFix 08-02.01.6 -*^_^*2008-02-01 17:42:00.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.546 [GMT 1:00]
Endroit: E:\_*-_-*\Firefox Downloads\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\vcimnpoi.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
---- Previous Run -------
.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\VundoFix Backups
C:\WINDOWS\CTRegRun .EXE
C:\WINDOWS\system32\bfgqdnef.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.exe
C:\WINDOWS\system32\nmdtlodl.exe
C:\WINDOWS\system32\prai.dll
C:\WINDOWS\system32\prph.dll
C:\WINDOWS\system32\prxf.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

----- BITS: Possible sites infect‚s -----

hxxp://www.download.windowsupdate.com
hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
.

2008-02-01 17:21 . 2008-02-01 17:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 17:21 . 2008-02-01 17:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-31 20:27 . 2008-01-31 20:27 <REP> d-------- C:\Program Files\WinHTTrack
2008-01-30 19:18 . 2008-01-30 19:18 41,984 --a------ C:\WINDOWS\CTRegRun .EXE
2008-01-29 20:03 . 2006-11-05 00:33 1,511,424 --a------ C:\SubSteamDOS.exe
2008-01-25 11:48 . 2008-01-25 11:48 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-25 11:48 . 2008-01-25 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-23 21:08 . 2004-08-20 00:09 46,080 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 21:06 . 2008-01-23 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-23 17:27 . 2008-01-23 17:47 365 --a------ C:\WINDOWS\settings.cfg
2008-01-23 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 15:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 15:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:56 . 2008-01-22 21:58 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-22 21:55 . 2008-01-22 21:58 <REP> d-------- C:\Program Files\Windows Live
2008-01-22 21:54 . 2008-01-30 14:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-20 20:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Program Files\Lavasoft
2008-01-20 19:54 . 2008-01-20 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 17:06 . 2008-01-19 17:06 <REP> d-------- C:\Program Files\Datel
2008-01-19 17:00 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-01-19 15:59 . 2008-01-19 16:01 <REP> d-------- C:\Program Files\CDRWIN 6
2008-01-19 15:58 . 2008-01-20 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 15:32 . 2008-01-19 15:32 <REP> d-------- C:\Program Files\PSX-STATION
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-19 15:12 . 2008-01-19 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-18 18:36 . 2008-01-18 18:37 <REP> d-------- C:\Program Files\MyProduct
2008-01-17 16:56 . 2008-01-17 17:37 <REP> d-------- C:\Program Files\Install Creator Pro
2008-01-15 23:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-15 23:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-15 22:30 . 2008-01-15 22:30 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-14 20:20 . 2008-01-22 17:27 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-01-14 20:17 . 2008-01-14 20:27 <REP> d-------- C:\Program Files\burnatonce
2008-01-14 16:22 . 2008-01-17 16:55 <REP> d-------- C:\Program Files\Install Creator
2008-01-14 16:13 . 2008-01-14 16:13 <REP> d-------- C:\Program Files\Inno Setup 5
2008-01-14 16:10 . 2008-01-14 16:10 <REP> d-------- C:\Program Files\NSIS
2008-01-14 15:48 . 2008-01-14 15:48 <REP> d-------- C:\Program Files\HHD Software
2008-01-14 15:46 . 2008-02-01 14:45 <REP> d-------- C:\Program Files\Cheat Engine
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-01-13 21:14 . 2008-01-13 21:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-01-13 19:16 . 2008-01-13 19:21 <REP> d-------- C:\Program Files\VTFEdit
2008-01-13 19:16 . 2008-01-13 19:55 <REP> d-------- C:\Program Files\GCFScape
2008-01-11 17:33 . 2008-01-11 17:58 <REP> d-------- C:\Program Files\CDex_170b2
2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Fichiers communs\Creative Professional
2008-01-10 19:14 . 2008-01-10 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-10 19:14 . 2008-01-10 19:14 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-10 19:14 . 2008-01-10 19:14 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Steinberg
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative
2008-01-10 19:12 . 2003-08-18 11:33 1,706,800 --------- C:\WINDOWS\system32\gdiplus.dll
2008-01-10 19:09 . 2008-01-10 19:13 <REP> d-------- C:\Program Files\Creative Professional
2008-01-09 16:20 . 2008-01-09 16:47 <REP> d--h----- C:\Program Files\GLF22.tmp
2008-01-09 16:20 . 2005-11-29 10:43 86,016 --a------ C:\WINDOWS\system32\SLIPRT.DLL
2008-01-02 22:44 . 2008-01-02 22:46 1,278 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 16:35 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-01 16:19 --------- d-----w C:\Program Files\iTunes
2008-02-01 14:06 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-01 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-01 09:37 --------- d-----w C:\Documents and Settings\Vincent\Application Data\StarOffice8
2008-02-01 09:36 --------- d-----w C:\Program Files\MSN Messenger
2008-01-31 19:33 --------- d-----w C:\Program Files\FlashGet
2008-01-29 18:50 --------- d-----w C:\Program Files\Apple Software Update
2008-01-25 10:54 --------- d-----w C:\Program Files\StuffPlug3
2008-01-19 15:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-19 15:05 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-15 22:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-14 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-14 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 18:14 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-10 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 18:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-02 22:25 --------- d-----w C:\Program Files\VstPlugins
2007-12-30 17:28 --------- d-----w C:\Documents and Settings\Vincent\Application Data\DivX
2007-12-29 18:47 --------- d-----w C:\Documents and Settings\Vincent\Application Data\LimeWire
2007-12-28 16:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-25 21:20 --------- d-----w C:\Program Files\XMoto
2007-12-25 10:41 --------- d-----w C:\Program Files\M-Audio
2007-12-21 21:48 --------- d-----w C:\Documents and Settings\Vincent\Application Data\Apple Computer
2007-12-18 21:44 --------- d-----w C:\Program Files\Universal Content Launcher
2007-12-12 15:32 --------- d-----w C:\Program Files\DivX
2007-12-09 13:02 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-12-06 20:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-06 20:03 --------- d-----w C:\Program Files\nerds.de
2007-12-06 20:03 --------- d-----w C:\Program Files\Fractalis Software
2007-12-06 12:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
.

<pre>

----a-w           620,152 2008-01-30 18:18:10  C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe

----a-w            41,984 2008-01-30 18:18:08  C:\WINDOWS\CTRegRun .EXE

</pre>

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8022EC56-8A80-402E-9248-3A207A724FB9}]
C:\WINDOWS\system32\ddayv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Théo\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0d4441-9c14-11dc-bcc1-00173118acba}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - ERASERUTILREBOOTDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-01 16:33:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 17:50:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-01 17:53:36 - machine was rebooted [Th‚o]
ComboFix-quarantined-files.txt 2008-02-01 16:53:33
ComboFix2.txt 2008-01-15 20:22:21
.
2008-01-31 20:57:25 --- E O F ---

| Alerter

Répondre à kilwaxoni

XmichouX

2 Février 2008 10:28:50

Oh et puis fichtre, on va changer, ça m'énerve

Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

Télécharge DiagHelp.zip (de Malekal) sur ton bureau (Tuto)
Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.

Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/.
Tuto

| Alerter

Répondre à XmichouX

Tom's guide dans le monde