c'est chaud apparemment!!
ComboFix 08-01-16.1 - XP 2008-01-15 22:54:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1394 [GMT 1:00]
Running from: C:\Documents and Settings\XP\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\testdll.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\poof
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.
2008-01-15 22:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 22:40 . 2008-01-15 22:43 <REP> d-------- C:\Program Files\Navilog1
2008-01-15 21:07 . 2008-01-15 21:07 589,893 --a------ C:\upload_moi_XPSP2-AB29DB624.tar.gz
2008-01-15 00:49 . 2007-10-16 17:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-15 00:49 . 2007-10-16 17:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-15 00:49 . 2007-10-16 15:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-15 00:49 . 2007-10-16 17:16 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-15 00:49 . 2007-10-16 17:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-15 00:49 . 2007-10-16 15:24 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-15 00:49 . 2007-10-16 17:16 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-15 00:49 . 2008-01-15 00:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-01-15 00:20 . 2007-08-14 09:12 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys
2008-01-14 23:18 . 2008-01-14 23:18 <REP> d-------- C:\Program Files\Sophos
2008-01-13 23:53 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-13 23:47 . 2008-01-13 23:47 <REP> d-------- C:\Program Files\Avira GmbH
2008-01-13 22:33 . 2008-01-13 22:33 <REP> d-------- C:\Program Files\Teleport Pro
2008-01-13 12:42 . 2008-01-15 00:24 <REP> d-------- C:\Program Files\Error Repair Professional
2008-01-12 00:48 . 2008-01-12 00:48 <REP> d-------- C:\Program Files\MP3Producer
2008-01-12 00:48 . 2008-01-12 00:49 8 --a------ C:\WINDOWS\system32\ntP2.trk
2008-01-12 00:29 . 2008-01-12 00:53 <REP> d-------- C:\Program Files\FairStars Audio Converter
2008-01-12 00:18 . 2008-01-12 00:18 <REP> d-------- C:\Program Files\Xing
2008-01-12 00:18 . 1998-12-16 12:08 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-01-04 20:09 . 2007-10-12 02:55 1,279,000 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-04 20:09 . 2007-10-12 03:00 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-01-04 20:09 . 2007-10-12 03:00 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-04 20:09 . 2007-10-12 02:57 416,280 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-01-04 20:09 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-01-04 20:09 . 2007-10-12 02:11 59,500 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-04 20:09 . 2007-10-12 03:00 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-04 20:09 . 2007-10-12 02:18 21,138 --a------ C:\WINDOWS\system32\Repository.reg
2008-01-04 20:09 . 2007-10-12 02:55 13,848 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-01-04 20:08 . 2008-01-04 20:08 <REP> d-------- C:\Program Files\Logitech
2008-01-04 20:08 . 2008-01-04 20:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-31 19:37 . 2007-12-31 19:39 <REP> d-------- C:\Documents and Settings\XP\Application Data\VoipDiscount
2007-12-31 19:33 . 2007-12-31 19:33 <REP> d-------- C:\Program Files\VoipDiscount.com
2007-12-30 05:02 . 2007-12-30 05:02 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-16 21:59 5,173,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-16 21:58 70,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-16 21:58 257,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-16 21:58 25,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-14 23:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 22:43 2,920,960 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-01-14 22:43 2,747,392 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-01-13 16:49 --------- d-----w C:\Program Files\Winamp
2008-01-12 19:48 --------- d-----w C:\Documents and Settings\XP\Application Data\LimeWire
2008-01-11 00:58 2,830,848 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-01-11 00:58 2,668,032 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-01-04 19:10 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-01-04 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-02 17:30 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-01 12:04 2,580,992 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-12-28 14:06 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-28 14:06 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-25 01:53 3,186,176 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-11-23 09:07 2,478,080 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-11-23 00:32 --------- d-----w C:\Documents and Settings\XP\Application Data\Azureus
2007-11-23 00:31 --------- d-----w C:\Program Files\Nero
2007-11-23 00:31 --------- d-----w C:\Program Files\Fichiers communs\Nero
2007-11-23 00:31 --------- d-----w C:\Documents and Settings\XP\Application Data\Nero
2007-11-23 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-22 04:11 --------- d-----w C:\Program Files\DivX
2007-11-21 23:38 --------- d-----w C:\Program Files\Foxit Software
2007-11-21 19:50 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-11-21 02:15 --------- d-----w C:\Program Files\Electronic Arts
2007-11-19 22:08 --------- d-----w C:\Program Files\ALA
2007-11-17 01:35 2,738,176 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-11-17 01:35 2,322,944 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-11-16 00:54 --------- d-----w C:\Program Files\Kingdia Software
2007-11-12 00:54 2,842,112 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-12 00:54 2,277,376 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-11-05 00:50 696,832 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-11-05 00:50 2,276,352 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-02 00:52 2,807,296 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-10-27 15:12 2,936,832 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-10-27 15:12 2,125,312 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-27 11:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-18 17:08 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-18 15:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-17 17:00 971,264 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-17 17:00 1,656,320 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-17 11:55 86,528 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-10-17 11:55 1,519,616 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-10-17 11:08 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 10:24 248]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 15:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 00:07 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-17 00:07 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 15:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-09-11 15:54 16844800 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-05-02 03:15 75520 C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-18 16:18 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
--a------ 2006-12-14 15:18 7558720 C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 04:35]
R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-08-14 09:12]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 07:12]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 19:50]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\4.tmp []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1054a0c2-7c03-11dc-af6a-806d6172696f}]
\Shell\AutoRun\command - D:\.\Bin\Assetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f75733a-8406-11dc-bc6f-001bfcfbb00f}]
\Shell\Auto\command - exedtvwkm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exedtvwkm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78024cf7-8899-11dc-bc75-001bfcfbb00f}]
\Shell\AutoRun\command - I:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 23:00:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-16 23:01:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 22:01:20