Virus connu mais..
Forum Sécurité - Virus : Virus connu mais..
Alors bonjour, je vais tenté de vous expliquer en détail mon problème auquel j'ai mal réagis au début.
Bon d'abord je suis sous Windows XP SP2
Mes antivirus et anti-spyware sont Avast Ad-Aware et AVG
Je pense que le problème viens du virus MSN : C'est pas toi ça login@hotmail.com
Ce dernier envoyait à tout mes contacts des message comme j'ai reçu, enfin bon soit, j'ai décidé de désinstaller MSN (tout les msn que j'ai trouvé, et j'ai enlevé Mozilla (car il affichait une page blanche). En faite je n'avais plus internet. J'ai donc fouillé avec mon portable sur internet pour voir ce qu'étais ce virus et j'ai télécharger MSNFix puis lancé mais il s'arrétait de lui même après la deuxième partie du scan sans explication. Logique j'avais désinstaller MSN. J'ai ensuite décidé de télécharger du portable tout les fichiers et programme utile pour moi et vous pour que vous m'aidiez dans cette tâche :
- Hijackthis
- Vundofix
- MSNFix
- Ad-Aware
- AVG
- Spybot search and destroy (mais il ne fonctionne pas).
Là je me suis rendu compte que des fichiers au nom bizarre .exe apparaissait et que Avast les reconnaissaient en tant que Cheval de Troie. Je les aient trouvés dans C
et CDocument and settings/propriétaire
Je les supprimes mais dés que mon ordi se relance, d'autre réaparraissent et ensuite se remultiplient à la longue. Autre chose, quand j'éteind mon pc jai une erreur .dwinn (je ne sais pas si ça à un rapport) et d'autr .exe trop rapide à lire. Maintenant je ne peut plus changer mon fond d'écran depuis que j'ai une erreur destokp...
Aussi les jeux que j'installent après le virus sont bourrés de bug tandis que ceux avant n'ont pas trop de problème.
Quand je lance mon pc, internet fonctionne pendant 3-4min, après il me met page introuvable, tandis que les téléchargements, eux, continuent comme si de rien n'était. Plus internet sur msn ou jeux vidéo multijoueur.
J'ai déjà lancé l'annalyse avec AVG, Avast et Ad-Aware mais ils supprimaient des virus ou cheval de troie mais ces derniers reviennent (je pense..). µ
Ah oui un dernier truc qui est peut-être une fausse manoeuvre de ma part, quand je lance le gestionnaire des tâches avec ctrl+alt+suppr il me dit que l'administrateur ne l'autorise pas...
Voilà, je suis à vos ordres 
Merci d'avance...(surtout j'essaye d'éviter le formatage car je suis nul dans ce domaine mais si il faut le faire, faudra que vous m'aidiez...)
Merci encore
Magster
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Ok voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:08, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Windows\xpupdate.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\bhij.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind64.exe
O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 7017064531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7017121109
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10964 bytes
Re,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
Le voici, à propos j'ai récupéré les fonctions du bureau (arrière plan) suite à ça et le ctrl+alt+suppr marche aussi.
Voici le rapport Combofix :
ComboFix 08-01-23.2 - Propri‚taire 2008-01-23 17:18:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1404 [GMT 1:00]
Endroit: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
ADS - svchost.exe: deleted 27648 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\Application Data\install.dat
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\m1ax1d12132116143v.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\Temp\441825183.exe
C:\WINDOWS\xpupdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 12:52 . 2008-01-23 12:52 58,368 --a------ C:\upaq.exe
2008-01-23 12:52 . 2008-01-23 12:52 10,752 --a------ C:\bhij.exe
2008-01-23 10:52 . 2008-01-23 10:52 21,504 --a------ C:\WINDOWS\system32\kernelwind64.exe
2008-01-23 10:52 . 2008-01-23 10:52 17,270 --a------ C:\WINDOWS\system32\n2ewma1xxsv234.exe
2008-01-23 00:24 . 2006-03-02 13:00 25,088 --a------ C:\WINDOWS\system32\userini.exe
2008-01-22 15:57 . 2008-01-22 15:57 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-22 15:47 . 2008-01-23 12:08 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
2008-01-22 15:42 . 2008-01-23 12:24 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
2007-12-27 14:16 . 2007-12-27 14:16 <REP> d-------- C:\Downloads
2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning
2007-12-23 19:42 . 2007-12-23 19:42 <REP> d-------- C:\Dev-Cpp
2007-12-23 19:30 . 2007-12-23 19:30 <REP> d-------- C:\Program Files\CodeBlocks
2007-12-23 17:27 . 2007-12-23 17:27 319 --a------ C:\WINDOWS\game.ini
2007-12-23 11:54 . 2007-12-27 14:16 <REP> d-------- C:\Program Files\FlashGet
2007-12-23 11:54 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 23:24 7,168 ----a-w C:\WINDOWS\system32\userinit.exe
2008-01-22 19:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-22 14:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 16:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 16:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
2007-12-10 19:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-10 19:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-22 15:57 61440]
"WintelUpdate"="C:\bhij.exe" [2008-01-23 12:52 10752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 09:16 579072]
"SystemSv121"="C:\WINDOWS\system32\n2ewma1xxsv234.exe" [2008-01-23 10:52 17270]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 09:16 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
@="Driver"
R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-23 12:08]
R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
\Shell\Shell00\Command - H:\Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-02 22:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 17:24:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\ntos.exe 84480 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
Re,
Réalise la procédure suivante :
http://www.libellules.ch/installer [...] ration.php
Répondre à Angeldark
c'est fait
Refais un scan Combofix
Répondre à Angeldark
ok voici le rapport :
ComboFix 08-01-23.2 - Propriétaire 2008-01-25 19:40:50.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.572 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Application Data\Install.dat
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.exe
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\WINDOWS\desktop.html
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\Temp\43139717.exe
C:\WINDOWS\Temp\69896416.exe
C:\WINDOWS\xpupdate.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Propri‚taire\Application Data\install.dat
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\m1ax1d12132116143v.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\Temp\441825183.exe
C:\WINDOWS\xpupdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv
-------\LEGACY_MSUPDATE
-------\LEGACY_SMTPDRV
-------\msupdate
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\14B.tmp
2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\14A.tmp
2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\149.tmp
2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\148.tmp
2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\147.tmp
2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\146.tmp
2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\144.tmp
2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\142.tmp
2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\141.tmp
2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\140.tmp
2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13F.tmp
2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13E.tmp
2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13D.tmp
2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13C.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\13A.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\139.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\138.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\137.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\136.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\135.tmp
2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\134.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\A.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\9.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\8.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\7.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\6.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\5.tmp
2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\133.tmp
2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BD.tmp
2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A6.tmp
2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\82.tmp
2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5D.tmp
2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3F.tmp
2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\4.tmp
2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\3.tmp
2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\26.tmp
2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\2.tmp
2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\1.tmp
2008-01-23 18:15 . 2008-01-23 18:15 13,312 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-01-23 12:52 . 2008-01-23 12:52 58,368 --a------ C:\upaq.exe
2008-01-23 12:52 . 2008-01-23 12:52 10,752 --a------ C:\bhij.exe
2008-01-23 10:52 . 2008-01-24 19:55 21,504 --a------ C:\WINDOWS\system32\kernelwind64.exe
2008-01-23 10:52 . 2008-01-23 10:52 17,270 --a------ C:\WINDOWS\system32\n2ewma1xxsv234.exe
2008-01-23 00:24 . 2006-03-02 13:00 25,088 --a------ C:\WINDOWS\system32\userini.exe
2008-01-22 15:57 . 2008-01-22 15:57 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-22 15:47 . 2008-01-25 19:47 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
2008-01-22 15:42 . 2008-01-23 12:24 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
2007-12-27 14:16 . 2008-01-25 03:40 <REP> d-------- C:\Downloads
2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 02:46 --------- d-----w C:\Program Files\FlashGet
2008-01-23 20:20 8,704 ----a-w C:\WINDOWS\system32\netdde.exe
2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\msdtc.exe
2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
2008-01-23 20:09 8,704 ----a-w C:\WINDOWS\system32\cisvc.exe.tmp
2008-01-22 23:24 7,168 ----a-w C:\WINDOWS\system32\userinit.exe
2008-01-22 19:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-22 14:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 16:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-23 18:30 --------- d-----w C:\Program Files\CodeBlocks
2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
2007-12-10 19:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-10 19:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_17.25.58.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-25 11:53:54 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-25 11:53:58 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-25 11:53:58 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-25 11:53:59 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-25 11:53:57 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-25 11:53:51 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-25 11:53:51 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-25 11:54:02 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-25 11:53:55 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-25 11:53:53 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-25 11:53:51 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-25 11:53:52 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-25 11:53:57 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-25 11:53:58 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-25 11:53:58 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-25 11:53:52 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-25 11:53:52 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-25 11:53:53 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-25 11:53:53 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-25 11:53:52 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-25 11:54:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-25 11:54:02 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-25 11:53:50 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-25 11:54:02 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-25 11:54:03 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-25 11:53:51 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-25 11:53:50 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-25 11:53:50 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-25 11:54:00 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-25 11:53:54 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-25 11:54:01 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-25 11:53:59 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-25 11:53:51 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-25 11:53:57 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-25 11:53:54 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-25 11:53:54 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-25 11:53:55 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-25 11:54:01 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-25 11:53:59 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-25 11:54:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-25 11:54:00 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-25 11:54:00 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-25 11:53:53 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-25 11:53:55 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-25 11:54:02 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-25 11:53:55 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-25 11:53:56 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-25 11:53:56 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-25 11:53:56 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-25 11:54:01 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-25 11:54:21 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\06cc3058545a634c9d2c4c379aa2748c\mscorlib.ni.dll
+ 2008-01-25 11:54:57 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\817d7b38894ec140b1a0123ab0a1c26d\System.Data.ni.dll
+ 2008-01-25 11:55:08 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\a1aae76a54124647970e53ed530705f0\System.Design.ni.dll
+ 2008-01-25 11:54:33 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\01b080fec24c5641852a6532969118e8\System.Drawing.Design.ni.dll
+ 2008-01-25 11:54:35 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0fde1263748e7b488bb8f735febbc2d9\System.Drawing.ni.dll
+ 2008-01-25 11:54:45 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\14814ac262390041bd7293609823601f\System.Windows.Forms.ni.dll
+ 2008-01-25 11:54:50 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fa9bff84ecf2104781221d3ac66bf4cf\System.Xml.ni.dll
+ 2008-01-25 11:54:32 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\8566829254632c42ace345aac952e238\System.ni.dll
- 2003-02-20 18:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 06:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-20 18:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 06:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 06:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2003-02-20 17:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2004-07-15 00:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2008-01-23 20:02:14 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2005-09-23 06:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 06:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 06:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 06:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 06:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 06:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 06:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 06:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 06:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 06:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 06:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 06:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 06:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 06:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 06:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 06:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 06:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 06:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 06:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 06:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 06:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 06:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 06:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 06:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 06:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 06:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 06:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 06:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 06:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 06:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 06:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 06:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 05:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 05:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 05:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 05:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 05:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 05:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 02:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 05:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 05:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 05:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 05:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 05:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 05:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 05:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 05:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 05:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 05:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 05:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 05:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 05:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 05:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 05:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 05:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 05:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 05:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 06:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 06:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 06:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 06:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 06:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 06:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 06:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 06:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 06:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 06:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 06:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 06:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 06:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 06:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 06:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 06:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 06:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 06:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 06:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 06:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 06:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 06:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 06:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 06:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 06:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 06:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 06:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 06:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 06:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 06:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 06:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 06:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 06:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 06:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 06:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 06:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 06:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 06:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 06:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 06:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 06:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 06:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 06:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 06:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 06:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 06:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 06:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 06:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 06:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 06:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 06:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 06:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 06:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 06:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 06:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 06:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 06:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 06:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 06:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 06:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 06:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 06:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 06:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 06:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 06:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 06:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 06:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 06:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 06:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 06:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2008-01-23 16:24:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-23 16:24:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-25 18:48:16 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-23 16:24:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-09-23 06:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2004-07-14 22:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2005-09-23 06:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2003-02-20 18:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2005-09-23 06:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
- 2008-01-12 23:03:54 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 11:55:10 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-12 23:03:54 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-25 11:55:10 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-12 23:03:54 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 11:55:10 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-12 23:03:54 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-25 11:55:10 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-25 18:48:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat
+ 2005-09-23 06:29:16 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 06:29:16 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 06:29:16 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2008-01-25 11:53:51 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-01-25 11:53:51 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-22 15:57 61440]
"WintelUpdate"="C:\bhij.exe" [2008-01-23 12:52 10752]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 09:16 579072]
"SystemSv121"="C:\WINDOWS\system32\n2ewma1xxsv234.exe" [2008-01-23 10:52 17270]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 09:16 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
@="Driver"
R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-25 19:47]
R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
\Shell\Shell00\Command - H:\Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 19:49:04
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\burito.ini 36608 bytes
C:\WINDOWS\system32\burito47b2-3635.sys 129792 bytes executable
C:\WINDOWS\system32\ntos.exe 84480 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 4
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\burito47b2-3635]
"ImagePath"="\??\C:\WINDOWS\system32\burito47b2-3635.sys"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Après le redémarrage, j'ai un autre problème, le processus explorer.exe ne se lance plus, donc je dois tout faire avec ctrl+alt+suprr. Donc impossible d'avoir un rapport combofix...
C:\Combofix.txt ?
Répondre à Angeldark
oui j'en ai un qui ressemble assé à ce que tu m'as donné, tu le veux ? J'ai aussi réussi à faire un scan Hijackthis?
Oui. D'aboord ce rapport
Répondre à Angeldark
le rapport Combofix :
ComboFix 08-01-23.2 - Propriétaire 2008-01-25 22:11:07.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1659 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE
C:\1.tmp
C:\133.tmp
C:\134.tmp
C:\135.tmp
C:\136.tmp
C:\137.tmp
C:\138.tmp
C:\139.tmp
C:\13A.tmp
C:\13C.tmp
C:\13D.tmp
C:\13E.tmp
C:\13F.tmp
C:\140.tmp
C:\141.tmp
C:\142.tmp
C:\144.tmp
C:\146.tmp
C:\147.tmp
C:\148.tmp
C:\149.tmp
C:\14A.tmp
C:\14B.tmp
C:\2.tmp
C:\26.tmp
C:\3.tmp
C:\3F.tmp
C:\4.tmp
C:\5.tmp
C:\5D.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\82.tmp
C:\9.tmp
C:\A.tmp
C:\A6.tmp
C:\BD.tmp
C:\bhij.exe
C:\upaq.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\WINDOWS\system32\userini.exe
.
Le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\ComboFix\nircmd.cfexe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 7017064531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7017121109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: aswUpdSv - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8798 bytes
Pas complet le Combofix.
Répondre à Angeldark
Bah désolé mais chaque fois que je relance le pc, le processus explorer.exe ne se lance pas et donc le combofix ne doit surement pas terminé son rapport...
j'ai trouvé la technique pour le lancer en executant un document ce qui ccrée une erreur et lance le bureau mais pas la fin de combofix...
Voilà en chipotant j'y suis arrivé :
ComboFix 08-01-23.2 - Propriétaire 2008-01-26 18:05:43.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1467 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE
C:\1.tmp
C:\133.tmp
C:\134.tmp
C:\135.tmp
C:\136.tmp
C:\137.tmp
C:\138.tmp
C:\139.tmp
C:\13A.tmp
C:\13C.tmp
C:\13D.tmp
C:\13E.tmp
C:\13F.tmp
C:\140.tmp
C:\141.tmp
C:\142.tmp
C:\144.tmp
C:\146.tmp
C:\147.tmp
C:\148.tmp
C:\149.tmp
C:\14A.tmp
C:\14B.tmp
C:\2.tmp
C:\26.tmp
C:\3.tmp
C:\3F.tmp
C:\4.tmp
C:\5.tmp
C:\5D.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\82.tmp
C:\9.tmp
C:\A.tmp
C:\A6.tmp
C:\BD.tmp
C:\bhij.exe
C:\upaq.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\WINDOWS\system32\userini.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\burito.ini
C:\WINDOWS\system32\burito47b2-3635.sys
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\ntos.exe
.
---- Previous Run -------
.
C:\1.tmp
C:\133.tmp
C:\134.tmp
C:\135.tmp
C:\136.tmp
C:\137.tmp
C:\138.tmp
C:\139.tmp
C:\13A.tmp
C:\13C.tmp
C:\13D.tmp
C:\13E.tmp
C:\13F.tmp
C:\140.tmp
C:\141.tmp
C:\142.tmp
C:\144.tmp
C:\146.tmp
C:\147.tmp
C:\148.tmp
C:\149.tmp
C:\14A.tmp
C:\14B.tmp
C:\2.tmp
C:\26.tmp
C:\3.tmp
C:\3F.tmp
C:\4.tmp
C:\5.tmp
C:\5D.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\82.tmp
C:\9.tmp
C:\A.tmp
C:\A6.tmp
C:\BD.tmp
C:\bhij.exe
C:\Documents and Settings\Propri‚taire\Application Data\Install.dat
C:\Documents and Settings\Propriétaire\Application Data\install.dat
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.exe
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\upaq.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\desktop.html
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\m1ax1d12132116143v.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\userini.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\Temp\43139717.exe
C:\WINDOWS\Temp\441825183.exe
C:\WINDOWS\Temp\69896416.exe
C:\WINDOWS\xpupdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv
-------\LEGACY_MSUPDATE
-------\LEGACY_SMTPDRV
-------\msupdate
-------\smtpdrv
-------\LEGACY_FFI
-------\LEGACY_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
-------\FFI
-------\Generic Host Process for Win-32 Service
-------\msupdate
-------\smtpdrv
-------\LEGACY_SMTPDRV
-------\smtpdrv
-------\LEGACY_SMTPDRV
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
.
2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BC.tmp
2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A5.tmp
2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\81.tmp
2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5C.tmp
2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3E.tmp
2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-01-22 15:47 . 2008-01-26 18:07 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
2007-12-27 14:16 . 2008-01-25 03:40 <REP> d-------- C:\Downloads
2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 02:46 --------- d-----w C:\Program Files\FlashGet
2008-01-22 19:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-23 18:30 --------- d-----w C:\Program Files\CodeBlocks
2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot_2008-01-25_19.50.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-25 19:00:43 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\a8f437a4f2dafe4b91b0ff90f647e08b\Accessibility.ni.dll
+ 2008-01-25 19:00:46 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bea24dea872e7b4ab0016e50576acd00\AspNetMMCExt.ni.dll
+ 2008-01-25 19:00:47 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c784e07c20902640b402fe13937c80c8\CustomMarshalers.ni.dll
+ 2008-01-25 19:00:47 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\5fab55607eeacf4e9e21f7b980ddae70\dfsvc.ni.exe
+ 2008-01-25 19:00:49 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c364c6004f8ea24585fa7dd2c285362d\Microsoft.Build.Engine.ni.dll
+ 2008-01-25 19:00:49 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b5307fa6252e5045853dd3a9e6037c98\Microsoft.Build.Framework.ni.dll
+ 2008-01-25 19:00:52 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d3d913c07aba7c499f378f346626cdb8\Microsoft.Build.Tasks.ni.dll
+ 2008-01-25 19:00:52 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\494189879e4fc2438fcfe3a6436d2dc9\Microsoft.Build.Utilities.ni.dll
+ 2008-01-25 19:00:54 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f20ef61c854d4fbcaa4b152303fc2a\Microsoft.VisualBasic.ni.dll
+ 2008-01-25 19:00:56 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\a0b8b0623e3f5645a2f85568856e28db\System.Configuration.ni.dll
+ 2008-01-25 19:00:57 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\588ec8194431354bb2c6bf9cf0eefb5f\System.Deployment.ni.dll
+ 2008-01-25 19:00:59 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4b6e520c714b2c4f9e8d6a78bf106449\System.DirectoryServices.Protocols.ni.dll
+ 2008-01-25 19:00:58 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8078000f25e30842b5c7cfb154b16152\System.DirectoryServices.ni.dll
+ 2008-01-25 19:01:00 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7f9520b3f2b4a54da5f8538e11109fc9\System.EnterpriseServices.ni.dll
+ 2008-01-25 19:01:00 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7f9520b3f2b4a54da5f8538e11109fc9\System.EnterpriseServices.Wrapper.dll
+ 2008-01-25 19:01:01 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\ed8677a52a2f9243ac461590d8bed761\System.Security.ni.dll
+ 2008-01-25 19:01:02 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\90945bb0199a854cb67f6d95ae66e496\System.Transactions.ni.dll
+ 2008-01-25 19:01:16 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\13fa232c263991408a3afb07d43b8b9d\System.Web.Mobile.ni.dll
+ 2008-01-25 19:01:17 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\323d64452beab6438ce9d0ec1aec3911\System.Web.RegularExpressions.ni.dll
+ 2008-01-25 19:01:19 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e34e395e16f5ab49b9b78f3e77859880\System.Web.Services.ni.dll
+ 2008-01-25 19:01:13 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f79d94aae104e9468afeee99118161c5\System.Web.ni.dll
- 2008-01-23 16:17:22 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 17:05:24 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 16:17:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 17:05:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 16:17:22 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 17:05:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 16:17:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 17:05:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 16:17:22 3,796,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 17:05:24 4,853,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 16:17:22 45,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 17:05:25 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-25 20:47:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 09:16 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 09:16 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
@="Driver"
R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-26 18:07]
R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
S2 burito47b2-3635;burito47b2-3635;C:\WINDOWS\system32\burito47b2-3635.sys []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
\Shell\Shell00\Command - H:\Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 18:10:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.exe [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
Reposte un rapport Hijackthis
Répondre à Angeldark
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~e5.0001
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 7017064531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7017121109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: aswUpdSv - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9339 bytes
Tu as combien d'antivirus ?
Répondre à Angeldark
J'en ai deux : AVG et Avast j'ai donné mes infos au tout début du topic au cas ou 
Oui je sais que t'a pas le temps de tout lire 
Désinstalle les deux pour mettre AntiVir
Répondre à Angeldark
ok chef, je fais une analyse complete ensuite je suppose ?
Oui
Répondre à Angeldark
Analyse faite, voici un rapport Hijackthis comme je suppose que tu le demanderas
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:32, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo Toolbar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} - C:\WINDOWS\system32\yatool.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 7017064531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7017121109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9259 bytes
Refais un scan Combofix.
Répondre à Angeldark
je viens de lancer combofix (sans rien seulement combofix) et maintenant j'ai à nouveau les mêmes problemes qu'avant, je suis sur le portable là, voici le rapport :
ComboFix 08-01-23.2 - Propriétaire 2008-01-29 21:25:50.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1188 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mt_32.dll
C:\WINDOWS\system32\winload.dll
.
---- Previous Run -------
.
C:\1.tmp
C:\133.tmp
C:\134.tmp
C:\135.tmp
C:\136.tmp
C:\137.tmp
C:\138.tmp
C:\139.tmp
C:\13A.tmp
C:\13C.tmp
C:\13D.tmp
C:\13E.tmp
C:\13F.tmp
C:\140.tmp
C:\141.tmp
C:\142.tmp
C:\144.tmp
C:\146.tmp
C:\147.tmp
C:\148.tmp
C:\149.tmp
C:\14A.tmp
C:\14B.tmp
C:\2.tmp
C:\26.tmp
C:\3.tmp
C:\3F.tmp
C:\4.tmp
C:\5.tmp
C:\5D.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\82.tmp
C:\9.tmp
C:\A.tmp
C:\A6.tmp
C:\BD.tmp
C:\bhij.exe
C:\Documents and Settings\Propri‚taire\Application Data\Install.dat
C:\Documents and Settings\Propriétaire\Application Data\install.dat
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.exe
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\upaq.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\desktop.html
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\m1ax1d12132116143v.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\userini.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\Temp\43139717.exe
C:\WINDOWS\Temp\441825183.exe
C:\WINDOWS\Temp\69896416.exe
C:\windows\xpupdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv
-------\LEGACY_MSUPDATE
-------\LEGACY_SMTPDRV
-------\msupdate
-------\smtpdrv
-------\LEGACY_FFI
-------\LEGACY_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
-------\FFI
-------\Generic Host Process for Win-32 Service
-------\msupdate
-------\smtpdrv
-------\LEGACY_SMTPDRV
-------\smtpdrv
-------\LEGACY_SMTPDRV
-------\smtpdrv
-------\LEGACY_MSUPDATE
-------\LEGACY_SMTPDRV
-------\msupdate
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:59 . 2008-01-28 19:59 9,216 --a------ C:\WINDOWS\system32\rcpdu.dll
2008-01-28 19:59 . 2008-01-28 19:59 8,192 --a------ C:\WINDOWS\system32\regapi32.dll
2008-01-28 19:59 . 2008-01-28 19:59 7,680 --a------ C:\WINDOWS\system32\gdid32.dll
2008-01-28 19:59 . 2008-01-28 19:58 6,144 --a------ C:\WINDOWS\system32\netd.dll
2008-01-28 19:59 . 2008-01-28 19:59 4,608 --a------ C:\WINDOWS\system32\credigui.dll
2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\kbdsdf.dll
2008-01-28 19:58 . 2008-01-28 19:58 <REP> d-------- C:\Program Files\Avira
2008-01-28 19:55 . 2008-01-28 19:55 7,168 --a------ C:\WINDOWS\system32\protect.dll
2008-01-28 19:55 . 2008-01-28 19:55 4,608 --a------ C:\WINDOWS\system32\psx.dll
2008-01-28 19:55 . 2008-01-28 19:55 4,096 --a------ C:\WINDOWS\system32\mscert.dll
2008-01-28 19:54 . 2008-01-28 19:54 9,216 --a------ C:\WINDOWS\system32\yatool.dll
2008-01-28 19:54 . 2008-01-28 19:54 8,192 --a------ C:\WINDOWS\system32\iphelp.dll
2008-01-28 19:54 . 2008-01-28 19:54 5,120 --a------ C:\WINDOWS\system32\rsh.dll
2008-01-27 22:19 . 2008-01-27 22:19 24,576 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BC.tmp
2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A5.tmp
2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\81.tmp
2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5C.tmp
2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3E.tmp
2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-01-22 15:47 . 2008-01-29 21:30 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-25 02:46 --------- d-----w C:\Program Files\FlashGet
2008-01-23 20:20 8,704 ----a-w C:\WINDOWS\system32\netdde.exe
2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\msdtc.exe
2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
2008-01-23 20:09 8,704 ----a-w C:\WINDOWS\system32\cisvc.exe.tmp
2008-01-22 14:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
2007-12-28 15:47 --------- d-----w C:\Program Files\Project64 1.6
2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 16:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-23 18:30 --------- d-----w C:\Program Files\CodeBlocks
2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
2007-12-10 19:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-10 19:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot_2008-01-26_18.11.38.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-29 20:31:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-25 18:48:16 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-29 20:31:35 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-29 20:31:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-28 17:30:06 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2008-01-22 23:24:00 7,168 ----a-w C:\WINDOWS\system32\userinit.exe
+ 2006-03-02 12:00:00 25,088 ----a-w C:\WINDOWS\system32\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
2008-01-28 19:54 9216 --a------ C:\WINDOWS\system32\yatool.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
@="Driver"
R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-29 21:30]
R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
S2 burito47b2-3635;burito47b2-3635;C:\WINDOWS\system32\burito47b2-3635.sys []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
\Shell\Shell00\Command - H:\Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 21:32:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\ntos.exe 502784 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
voilà combofix on dirait qui y a un problème avec la console
ComboFix 08-01-23.2 - Propriétaire 2008-01-30 15:13:40.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1547 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dsez1684.dat
C:\WINDOWS\system32\Drivers\Gdy30.sys
C:\WINDOWS\system32\drivers\Qgj50.sys
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\yatool.dll
.
---- Previous Run -------
.
C:\1.tmp
C:\133.tmp
C:\134.tmp
C:\135.tmp
C:\136.tmp
C:\137.tmp
C:\138.tmp
C:\139.tmp
C:\13A.tmp
C:\13C.tmp
C:\13D.tmp
C:\13E.tmp
C:\13F.tmp
C:\140.tmp
C:\141.tmp
C:\142.tmp
C:\144.tmp
C:\146.tmp
C:\147.tmp
C:\148.tmp
C:\149.tmp
C:\14A.tmp
C:\14B.tmp
C:\2.tmp
C:\26.tmp
C:\3.tmp
C:\3F.tmp
C:\4.tmp
C:\5.tmp
C:\5D.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\82.tmp
C:\9.tmp
C:\A.tmp
C:\A6.tmp
C:\BD.tmp
C:\bhij.exe
C:\Documents and Settings\Propri‚taire\Application Data\Install.dat
C:\Documents and Settings\Propriétaire\Application Data\install.dat
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.exe
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\upaq.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\desktop.html
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\m1ax1d12132116143v.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\mt_32.dll
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\userini.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winload.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\Temp\43139717.exe
C:\WINDOWS\Temp\441825183.exe
C:\WINDOWS\Temp\69896416.exe
C:\windows\xpupdate.exe
C:\WINDOWS\system32\wsnpoem
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv
-------\LEGACY_MSUPDATE
-------\LEGACY_SMTPDRV
-------\msupdate
-------\smtpdrv
-------\LEGACY_FFI
-------\LEGACY_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
-------\FFI
-------\Generic Host Process for Win-32 Service
-------\msupdate
-------\smtpdrv
-------\LEGACY_SMTPDRV
-------\smtpdrv
-------\LEGACY_SMTPDRV
-------\smtpdrv
-------\LEGACY_MSUPDATE
-------\LEGACY_SMTPDRV
-------\msupdate
-------\smtpdrv
-------\LEGACY_GDY30
-------\Gdy30
-------\Qgj50
-------\smtpdrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:59 . 2008-01-28 19:59 9,216 --a------ C:\WINDOWS\system32\rcpdu.dll
2008-01-28 19:59 . 2008-01-28 19:59 8,192 --a------ C:\WINDOWS\system32\regapi32.dll
2008-01-28 19:59 . 2008-01-28 19:59 7,680 --a------ C:\WINDOWS\system32\gdid32.dll
2008-01-28 19:59 . 2008-01-28 19:58 6,144 --a------ C:\WINDOWS\system32\netd.dll
2008-01-28 19:59 . 2008-01-28 19:59 4,608 --a------ C:\WINDOWS\system32\credigui.dll
2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\kbdsdf.dll
2008-01-28 19:58 . 2008-01-28 19:58 <REP> d-------- C:\Program Files\Avira
2008-01-28 19:55 . 2008-01-28 19:55 7,168 --a------ C:\WINDOWS\system32\protect.dll
2008-01-28 19:55 . 2008-01-28 19:55 4,608 --a------ C:\WINDOWS\system32\psx.dll
2008-01-28 19:55 . 2008-01-28 19:55 4,096 --a------ C:\WINDOWS\system32\mscert.dll
2008-01-28 19:54 . 2008-01-28 19:54 8,192 --a------ C:\WINDOWS\system32\iphelp.dll
2008-01-28 19:54 . 2008-01-28 19:54 5,120 --a------ C:\WINDOWS\system32\rsh.dll
2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BC.tmp
2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A5.tmp
2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\81.tmp
2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5C.tmp
2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3E.tmp
2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
2007-12-27 14:16 . 2008-01-25 03:40 <REP> d-------- C:\Downloads
2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning
2007-12-23 19:42 . 2007-12-23 19:42 <REP> d-------- C:\Dev-Cpp
2007-12-23 19:30 . 2007-12-23 19:30 <REP> d-------- C:\Program Files\CodeBlocks
2007-12-23 17:27 . 2007-12-23 17:27 319 --a------ C:\WINDOWS\game.ini
2007-12-23 11:54 . 2008-01-25 03:46 <REP> d-------- C:\Program Files\FlashGet
2007-12-23 11:54 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-20 18:34 . 2007-12-20 18:43 <REP> d-------- C:\UT2004
2007-12-20 13:57 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-20 13:25 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-20 13:25 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-18 15:46 . 2008-01-15 19:09 <REP> d-------- C:\Program Files\Star Downloader
2007-12-17 16:36 . 2007-12-21 02:02 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2007-12-16 22:50 . 2007-12-16 22:50 <REP> d-------- C:\Fraps
2007-12-16 22:15 . 2007-12-16 22:15 <REP> d-------- C:\Program Files\Unreal Tournament 3
2007-12-16 22:14 . 2007-12-16 22:14 <REP> d-------- C:\WINDOWS\system32\AGEIA
2007-12-16 22:14 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-16 22:14 . 2007-12-16 22:14 <REP> d-------- C:\Program Files\AGEIA Technologies
2007-12-16 17:17 . 2008-01-28 20:09 49 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 17:16 . 2008-01-04 20:40 <REP> d--h----- C:\WINDOWS\system\top secret
2007-12-16 16:42 . 2008-01-25 03:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-16 16:32 . 2007-10-30 19:05 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2007-12-16 16:29 . 2007-12-16 16:29 <REP> d-------- C:\Program Files\RivaTuner v2.06
2007-12-15 13:19 . 2007-12-15 13:19 <REP> d-------- C:\Program Files\MegauploadToolbar
2007-12-15 13:10 . 2007-12-15 13:10 <REP> d-------- C:\Program Files\CommentCaMarche
2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\VDCodecPack3.7
2007-12-15 12:50 . 2007-12-15 12:50 <REP> d-------- C:\Program Files\Veoh Networks
2007-12-15 12:49 . 2007-12-15 12:49 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-14 18:21 . 2007-12-14 18:21 <REP> d-------- C:\Program Files\Skype
2007-12-14 18:21 . 2007-12-14 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-12-10 22:38 . 2007-12-10 22:38 <REP> d-------- C:\Program Files\VideoLAN
2007-12-10 22:11 . 2007-12-23 17:13 <REP> d-------- C:\Program Files\Activision
2007-12-10 22:10 . 2007-12-10 22:10 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-10 20:52 . 2007-12-10 20:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-10 20:43 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-10 20:43 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-10 20:43 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-10 20:43 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-10 20:43 . 2007-12-10 20:43 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-10 20:43 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-10 20:43 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-10 20:43 . 2007-12-24 17:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-10 20:43 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-12-10 20:43 . 2007-12-24 17:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-10 20:33 . 2007-12-25 15:36 <REP> d-------- C:\Program Files\Electronic Arts
2007-12-10 19:18 . 2008-01-15 18:28 <REP> d-------- C:\Program Files\Windows Live
2007-12-10 19:18 . 2007-12-10 19:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-10 19:16 . 2007-12-10 19:16 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-10 19:10 . 2007-12-10 19:10 <REP> d-------- C:\WINDOWS\OvtCam
2007-12-10 19:05 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2007-12-10 19:05 . 2007-12-20 20:50 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2007-12-10 19:04 . 2007-12-10 19:04 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2007-12-10 19:03 . 2007-12-10 19:03 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2007-12-10 19:03 . 2007-12-10 19:05 <REP> d-------- C:\Program Files\AlienGUIse
2007-12-10 19:03 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot_2008-01-30_14.59.52.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-30 13:53:56 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-30 14:13:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-30 13:53:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-30 14:13:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-30 13:53:56 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-30 14:13:38 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-30 13:53:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-30 14:13:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-30 13:53:57 4,853,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-30 14:13:38 4,853,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-30 13:53:57 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-30 14:13:38 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
@="Driver"
R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
S2 burito47b2-3635;burito47b2-3635;C:\WINDOWS\system32\burito47b2-3635.sys []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
\Shell\Shell00\Command - H:\Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 15:16:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 7017064531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7017121109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8616 bytes
Re,
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur RasMan
Type de démarrage : "Désactiver"
Clique en bas sur "Arrêter"
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape RasMan puis valide.
----------
Répondre à Angeldark
c'est fait
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 7017064531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7017121109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8428 bytes
C'est mieux ?
Répondre à Angeldark
Bah ça à l'air d'allé mieux mais j'ai encore sur internet un : error lander (comme titre) et une page blanche...peut-être que le temps de chargement de la page est dépassé. Je vis en belgique et j'ai dépassé ma limite de dl par moi donc je suis en 56k...mais au cas ou si tu sais si c'est normal.. Merci en tout cas
Tu devrais désinstaller Internet Download Manager.
Répondre à Angeldark
Ok je vais le faire, et pour les fichiers .tmp dans mon c j'en fais quoi ?
Tu peux les supprimer si tu veux.
Répondre à Angeldark
Ok et j'ai toujours un problème avec internet et j'ai désinstallé IDM
Pense pas à un virus pour ça.
Répondre à Angeldark
Ca va, internet refonctionne. Je te dirais quoi si jamais j'ai à nouveau un pb
Merci encore
Mag'
Ok
Répondre à Angeldark
Il y a 248 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
