rootkit ou pas...? Fermé

Question

Bonjour, 

Après une série de dysfonctionnements, j'ai tenté sur l'ordinateur familial zhpdiag qui m'a donné un rapport avec quelques lignes bleues, sans plus.
Pour voir s'il n'existait pas des processus cachés, j'ai lancé combofix qui trouve un rootkit  zéro qq chose avec infection de la pile TCP IP... Et puis il plante et on est obligé de l'éteindre. L'ordinateur est vieux, il met deux jours avant de redémarrer.
Du coup je tente un AVG Anti-Rootkit et il trouve quelque chose qu'il détruit.
En tête de mule, je réitère avec combofix et replantage. Heureusement la machine, bonne fille a redémarré après quelques toussotements.
Est-il possible de redémarrer sur le disk original Windows avec l'option réparer Windows et repartir sur des bases plus saines ?
Merci d'avance

Configuration: Windows XP / Firefox 22.0

Malekal_morte- · Answer

Salut,  

Télécharge et installe Malwarebyte MBAR : https://www.malekal.com/malwarebytes-anti-rootkit-mbar-beta/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.  
Enregistre le rapport sur http://pjjoint.malekal.com
Donne le lien pjjoint ici.

fredjouan · Answer

Merci de ton aide,
C'est sur ton site que je trouve plein d'infos sur les malwares. Je me permets de poster directement le compte rendu qui est court :
=====================================================
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.07.18.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Fred :: FRED-C5BA4BA3D3 [administrateur]

19/07/2013 15:45:52
mbam-log-2013-07-19 (15-45-52).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 272806
Temps écoulé: 8 minute(s), 44 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
=======================================================
Pour la suite, je viens de télécharger returnil qui a l'air adapté si tant est que tout le monde l'active...

Malekal_morte- · Answer

ca c'est un scan malwarebyte non mbar 
faire ce qui est écrit.

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

fredjouan · Answer

Pardon,
Rapport mbar "scan finished. no malware found"

fredjouan · Answer

Deux précisions,
- Les 3 cases étaient cochées Divers, Sectors et System
- Il n'est pas possible de récupérer  les détails du scan à la fin, d'ou le commentaire laconique : "scan finished. no malware found"

Malekal_morte- · Answer

internet marche sur le PC ?

Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start= 
Fais skip sur les détections. 
Poste le rapport ici.

fredjouan · Answer

Scan TDSSKiller : No threats found
oui le PC est connecté

fredjouan · Answer

Dans l'option change parameters, la case loaded modules n'était pas cochée

Malekal_morte- · Answer

alors c'est bon. 
 

Télécharge http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner ( d'Xplode ) sur ton bureau.  
Lance le, clique sur [Suppression] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).  
Une fois le scan fini, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt  


puis:


Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt 
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/    

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.    
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)    

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL    
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :    



netsvcs   
msconfig   
safebootminimal   
safebootnetwork   
activex   
drivers32   
%ALLUSERSPROFILE%\Application Data\*.   
%ALLUSERSPROFILE%\Application Data\*.exe /s   
%APPDATA%\*.   
%APPDATA%\*.exe /s   
%temp%\*.exe /s   
%SYSTEMDRIVE%\*.exe   
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles   
%systemroot%\Tasks\*.job /lockedfiles   
%systemroot%\system32\drivers\*.sys /lockedfiles   
%systemroot%\System32\config\*.sav   
/md5start   
explorer.exe   
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT   
nslookup https://www.google.fr/?gws_rd=ssl /c   
SAVEMBR:0   
hklm\software\clients\startmenuinternet|command /rs   
hklm\software\clients\startmenuinternet|command /64 /rs



* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Je répète : donne le lien du rapport pjjoint ici dans un nouveau message.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE

fredjouan · Answer

Voici le rapport ADWcleaner :
https://pjjoint.malekal.com/files.php?id=20130719_f8o15c7l10o6
A tout hazard, le rapport TDSSkiller
https://pjjoint.malekal.com/files.php?id=20130719_j8t7q10l15n12
Je continue

fredjouan · Answer

otl :
https://pjjoint.malekal.com/files.php?id=20130719_i15m8o10l614
extras :
https://pjjoint.malekal.com/files.php?id=20130719_m8m8v15g5s8

Malekal_morte- · Answer

Apparemment ce PC est régulièrement infecté.


Relance OTL. 
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:  

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zmpqoqku.sys -- (zmpqoqku) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\udtydiyp.sys -- (udtydiyp) 
 DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SystemRoot\System32\Drivers\sptd.sys -- (sptd) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sbuiskpm.sys -- (sbuiskpm) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\qqnlcslg.sys -- (qqnlcslg) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\qggrxpuw.sys -- (qggrxpuw) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\puvsrpjm.sys -- (puvsrpjm) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pdznmwcd.sys -- (pdznmwcd) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mvdhkmef.sys -- (mvdhkmef) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hubbgask.sys -- (hubbgask) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hscsoqsb.sys -- (hscsoqsb) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\glkbdoqo.sys -- (glkbdoqo) 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\gcbjiec.sys -- (dbde) 
 DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\afmptfzy.sys -- (afmptfzy) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atierecord.dll -- (zd1211u(zydas) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symproxysvc.dll -- (XDva004) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ca-messagequeuing.dll -- (winachsx) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdralw2k.dll -- (sonicwall_netextender) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wg3n.dll -- (smartlinkservice) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217mgmt.dll -- (ser2pl) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IBM_LLC2.dll -- (se44nd5) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (SE2Bmgmt) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccalib8.dll -- (SE2Bmdm) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32
gdbserv.dll -- (sbcssvc) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdbhk5.dll -- (pnmsrv) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpaction.dll -- (ngdbserv) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XDva004.dll -- (Ndismeetro) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\svv.dll -- (msdv) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\StkASSrv.dll -- (mpservice) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32vscc.dll -- (mcods) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ikfileflt.dll -- (iteatapi) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NvNdis.dll -- (iolo_srv) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (id2scaps) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Subsonic.dll -- (hsxhwazl) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32
avex15.dll -- (HSFHWALI) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwsecsvc.dll -- (HidBth) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7rsxp.dll -- (GTF32BUS) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSSQL.dll -- (dnwhodisp) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssqlserver.dll -- (DCamUSBSQTECH) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32isdptsk.dll -- (CX88ENC) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32	ifm.dll -- (BlueSoleilCS) 
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmware.dll -- (backupexecdevicemediaservice)
NetSvcs: dnwhodisp - %systemroot%\system32\MSSQL.dll File not found 
NetSvcs: ser2pl - %systemroot%\system32\s217mgmt.dll File not found 
NetSvcs: winachsx - %systemroot%\system32\ca-messagequeuing.dll File not found 
NetSvcs: defwatch - File not found 
NetSvcs: HidBth - %systemroot%\system32\wwsecsvc.dll File not found 
NetSvcs: mcods - %systemroot%\system32vscc.dll File not found 
NetSvcs: DCamUSBSQTECH - %systemroot%\system32\mssqlserver.dll File not found 
NetSvcs: CX88ENC - %systemroot%\system32isdptsk.dll File not found 
NetSvcs: sonicwall_netextender - %systemroot%\system32\cdralw2k.dll File not found 
NetSvcs: BlueSoleilCS - %systemroot%\system32	ifm.dll File not found 
NetSvcs: HSFHWALI - %systemroot%\system32
avex15.dll File not found 
NetSvcs: XDva004 - %systemroot%\system32\symproxysvc.dll File not found 
NetSvcs: zd1211u(zydas) - %systemroot%\system32\atierecord.dll File not found 
NetSvcs: iolo_srv - %systemroot%\system32\NvNdis.dll File not found 
NetSvcs: se44nd5 - %systemroot%\system32\IBM_LLC2.dll File not found 
NetSvcs: hpqcxs08 - File not found 
NetSvcs: syntp - File not found 
NetSvcs: smartlinkservice - %systemroot%\system32\wg3n.dll File not found 
NetSvcs: SE2Bmdm - %systemroot%\system32\ccalib8.dll File not found 
NetSvcs: id2scaps - %systemroot%\system32\dcomlaunch.dll File not found 
NetSvcs: backupexecdevicemediaservice - %systemroot%\system32\vmware.dll File not found 
NetSvcs: msdv - %systemroot%\system32\svv.dll File not found 
NetSvcs: sbcssvc - %systemroot%\system32
gdbserv.dll File not found 
NetSvcs: pnmsrv - %systemroot%\system32\sscdbhk5.dll File not found 
NetSvcs: mpservice - %systemroot%\system32\StkASSrv.dll File not found 
NetSvcs: iteatapi - %systemroot%\system32\ikfileflt.dll File not found 
NetSvcs: hsxhwazl - %systemroot%\system32\Subsonic.dll File not found 
NetSvcs: SE2Emdm - File not found 
NetSvcs: GTF32BUS - %systemroot%\system32\avg7rsxp.dll File not found 
NetSvcs: Ndismeetro - %systemroot%\system32\XDva004.dll File not found 
NetSvcs: ngdbserv - %systemroot%\system32\zpaction.dll File not found 
NetSvcs: SE2Bmgmt - %systemroot%\system32\w550bus.dll File not found
[2012/07/05 19:00:53 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Datasawwccocagnymi 
[2011/12/31 21:57:49 | 000,015,638 | ---- | C] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\34231533w4d1 
[2012/08/06 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lcapvcjxuquimcq
[2012/05/04 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sxtnmfbcdyitagx
[2012/07/09 18:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Wyez 
[2012/07/10 16:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Xiqoih 

* redemarre le pc sous windows et poste le rapport ici

fredjouan · Answer

Bonjour Malekal,
Ci-joint le rapport OTL :
=========================================================
========== OTL ==========
Service zmpqoqku stopped successfully!
Service zmpqoqku deleted successfully!
File C:\WINDOWS\system32\drivers\zmpqoqku.sys not found.
Service udtydiyp stopped successfully!
Service udtydiyp deleted successfully!
File C:\WINDOWS\system32\drivers\udtydiyp.sys not found.
Service sptd stopped successfully!
Service sptd deleted successfully!
File C:\WINDOWS\SystemRoot\System32\Drivers\sptd.sys not found.
Service sbuiskpm stopped successfully!
Service sbuiskpm deleted successfully!
File C:\WINDOWS\system32\drivers\sbuiskpm.sys not found.
Service qqnlcslg stopped successfully!
Service qqnlcslg deleted successfully!
File C:\WINDOWS\system32\drivers\qqnlcslg.sys not found.
Service qggrxpuw stopped successfully!
Service qggrxpuw deleted successfully!
File C:\WINDOWS\system32\drivers\qggrxpuw.sys not found.
Service puvsrpjm stopped successfully!
Service puvsrpjm deleted successfully!
File C:\WINDOWS\system32\drivers\puvsrpjm.sys not found.
Service pdznmwcd stopped successfully!
Service pdznmwcd deleted successfully!
File C:\WINDOWS\system32\drivers\pdznmwcd.sys not found.
Service mvdhkmef stopped successfully!
Service mvdhkmef deleted successfully!
File C:\WINDOWS\system32\drivers\mvdhkmef.sys not found.
Service hubbgask stopped successfully!
Service hubbgask deleted successfully!
File C:\WINDOWS\system32\drivers\hubbgask.sys not found.
Service hscsoqsb stopped successfully!
Service hscsoqsb deleted successfully!
File C:\WINDOWS\system32\drivers\hscsoqsb.sys not found.
Service glkbdoqo stopped successfully!
Service glkbdoqo deleted successfully!
File C:\WINDOWS\system32\drivers\glkbdoqo.sys not found.
Service dbde stopped successfully!
Service dbde deleted successfully!
File System32\drivers\gcbjiec.sys not found.
Service afmptfzy stopped successfully!
Service afmptfzy deleted successfully!
File C:\WINDOWS\system32\drivers\afmptfzy.sys not found.
Error: No service named zd1211u(zydas was found to stop!
Service\Driver key zd1211u(zydas not found.
File %systemroot%\system32\atierecord.dll not found.
Service XDva004 stopped successfully!
Service XDva004 deleted successfully!
File %systemroot%\system32\symproxysvc.dll not found.
Service winachsx stopped successfully!
Service winachsx deleted successfully!
File %systemroot%\system32\ca-messagequeuing.dll not found.
Service sonicwall_netextender stopped successfully!
Service sonicwall_netextender deleted successfully!
File %systemroot%\system32\cdralw2k.dll not found.
Service smartlinkservice stopped successfully!
Service smartlinkservice deleted successfully!
File %systemroot%\system32\wg3n.dll not found.
Service ser2pl stopped successfully!
Service ser2pl deleted successfully!
File %systemroot%\system32\s217mgmt.dll not found.
Service se44nd5 stopped successfully!
Service se44nd5 deleted successfully!
File %systemroot%\system32\IBM_LLC2.dll not found.
Service SE2Bmgmt stopped successfully!
Service SE2Bmgmt deleted successfully!
File %systemroot%\system32\w550bus.dll not found.
Service SE2Bmdm stopped successfully!
Service SE2Bmdm deleted successfully!
File %systemroot%\system32\ccalib8.dll not found.
Service sbcssvc stopped successfully!
Service sbcssvc deleted successfully!
File %systemroot%\system32
gdbserv.dll not found.
Service pnmsrv stopped successfully!
Service pnmsrv deleted successfully!
File %systemroot%\system32\sscdbhk5.dll not found.
Service ngdbserv stopped successfully!
Service ngdbserv deleted successfully!
File %systemroot%\system32\zpaction.dll not found.
Service Ndismeetro stopped successfully!
Service Ndismeetro deleted successfully!
File %systemroot%\system32\XDva004.dll not found.
Service msdv stopped successfully!
Service msdv deleted successfully!
File %systemroot%\system32\svv.dll not found.
Service mpservice stopped successfully!
Service mpservice deleted successfully!
File %systemroot%\system32\StkASSrv.dll not found.
Service mcods stopped successfully!
Service mcods deleted successfully!
File %systemroot%\system32vscc.dll not found.
Service iteatapi stopped successfully!
Service iteatapi deleted successfully!
File %systemroot%\system32\ikfileflt.dll not found.
Service iolo_srv stopped successfully!
Service iolo_srv deleted successfully!
File %systemroot%\system32\NvNdis.dll not found.
Service id2scaps stopped successfully!
Service id2scaps deleted successfully!
File %systemroot%\system32\dcomlaunch.dll not found.
Service hsxhwazl stopped successfully!
Service hsxhwazl deleted successfully!
File %systemroot%\system32\Subsonic.dll not found.
Service HSFHWALI stopped successfully!
Service HSFHWALI deleted successfully!
File %systemroot%\system32
avex15.dll not found.
Service HidBth stopped successfully!
Service HidBth deleted successfully!
File %systemroot%\system32\wwsecsvc.dll not found.
Service GTF32BUS stopped successfully!
Service GTF32BUS deleted successfully!
File %systemroot%\system32\avg7rsxp.dll not found.
Service dnwhodisp stopped successfully!
Service dnwhodisp deleted successfully!
File %systemroot%\system32\MSSQL.dll not found.
Service DCamUSBSQTECH stopped successfully!
Service DCamUSBSQTECH deleted successfully!
File %systemroot%\system32\mssqlserver.dll not found.
Service CX88ENC stopped successfully!
Service CX88ENC deleted successfully!
File %systemroot%\system32isdptsk.dll not found.
Service BlueSoleilCS stopped successfully!
Service BlueSoleilCS deleted successfully!
File %systemroot%\system32	ifm.dll not found.
Service backupexecdevicemediaservice stopped successfully!
Service backupexecdevicemediaservice deleted successfully!
File %systemroot%\system32\vmware.dll not found.
dnwhodisp removed from NetSvcs value successfully!
ser2pl removed from NetSvcs value successfully!
winachsx removed from NetSvcs value successfully!
defwatch removed from NetSvcs value successfully!
HidBth removed from NetSvcs value successfully!
mcods removed from NetSvcs value successfully!
DCamUSBSQTECH removed from NetSvcs value successfully!
CX88ENC removed from NetSvcs value successfully!
sonicwall_netextender removed from NetSvcs value successfully!
BlueSoleilCS removed from NetSvcs value successfully!
HSFHWALI removed from NetSvcs value successfully!
XDva004 removed from NetSvcs value successfully!
zd1211u(zydas) removed from NetSvcs value successfully!
Service zd1211u(zydas) stopped successfully!
Service zd1211u(zydas) deleted successfully!
iolo_srv removed from NetSvcs value successfully!
se44nd5 removed from NetSvcs value successfully!
hpqcxs08 removed from NetSvcs value successfully!
syntp removed from NetSvcs value successfully!
smartlinkservice removed from NetSvcs value successfully!
SE2Bmdm removed from NetSvcs value successfully!
id2scaps removed from NetSvcs value successfully!
backupexecdevicemediaservice removed from NetSvcs value successfully!
msdv removed from NetSvcs value successfully!
sbcssvc removed from NetSvcs value successfully!
pnmsrv removed from NetSvcs value successfully!
mpservice removed from NetSvcs value successfully!
iteatapi removed from NetSvcs value successfully!
hsxhwazl removed from NetSvcs value successfully!
SE2Emdm removed from NetSvcs value successfully!
GTF32BUS removed from NetSvcs value successfully!
Ndismeetro removed from NetSvcs value successfully!
ngdbserv removed from NetSvcs value successfully!
SE2Bmgmt removed from NetSvcs value successfully!
C:\Documents and Settings\All Users\Application Datasawwccocagnymi moved successfully.
C:\Documents and Settings\Fred\Local Settings\Application Data\34231533w4d1 moved successfully.
C:\Documents and Settings\All Users\Application Data\lcapvcjxuquimcq folder moved successfully.
C:\Documents and Settings\All Users\Application Data\sxtnmfbcdyitagx folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Wyez folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Xiqoih folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 07202013_114647
====================================================
Je redémarre le pc

fredjouan · Answer

À la fin de ton dernier message, tu me demandes de redémarrer le PC et de poster le rapport. Le PC a redémarré normalement mais je n'ai pas eu de rapport (autre que celui que je viens de poster).
Je dois relancer OTL ?

Rootkit ou pas...?

14 réponses

Discussions similaires