winlogon infecté ( ms antivirus 2008)
Forum Sécurité - Virus : winlogon infecté ( ms antivirus 2008)
Bonjour à tous
je viens pour vous faire part de mon problème et de me venir en aide!!
J'ai malencontreusement installé antivirus 2008... depuis, j'ai sans cesse des popups qui s'ouvrent.
En plus de cela je suis infecté par " trojan.win32.Monderb.gjo" au niveau de winlogon.exe il me semble(rapport de kaspersky) et impossible de le supprimer (dès que je clique avec Kaspersky, le pc s'éteint et affiche une fenetre bleue( avec ecrit fichier irrécupérable ou un truc dans le genre)
Merci de m'aider
Je vous mets le rapport de Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:35, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\hpnra.exe
E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\3M\PSNotes\psnotes.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\explorer.exe
E:\Documents and Settings\PC1\Mes documents\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] E:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KAVWks50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKLM\..\Run: [42a946a6] rundll32.exe "E:\WINDOWS\system32\ttghtwoe.dll",b
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\hnbbrxli.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logiciel notes Post-it®.lnk = E:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.com/partserv [...] sweb3d.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: wrtjuo.dll apfved.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - E:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6272 bytes
Pour avoir encore plus d'info, kaspersky trouve comme objet dangereux:
"winlogon.exe[pid:744]\tullkdwt.dll" est un cheval de troie Trojan.win32.Monderb.gjo
Lorsque je clique pour supprimer le fichier l'écran bleu apparait avec ecrit:
"Stop:000021A{erreur systeme irrécupérable} le processus systeme windows logon process s'est terminée de facon innatendue avec l'état 0x00000000 (0x00000000 0x00000000) le systeme à été arreté."
J'attend vos post.
Merci d'avance.
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Merci pour ton aide Angeldark
Je pense que le probleme est resolu... j'ai fait comme tu me dis avec combofix.
Ensuite j'ai lancé différents progz toute la journée pour analyser (spybot,Kaspersky...) plus de trace de winlogon infecté. Par contre Spybot a trouvé "virtumonde" comme trojan ( mais rien de mechant).
Est ce que je peux supprimer le dossier qoobox (qui doit contenir les fichiers mis en quaranaine de combofix) qui est sous mon c:?
Je te mets le rapport combo fix puis celui de hijackthis que j'ai fait juste à l'instant.
ComboFix 08-08-27.05 - PC1_2 2008-08-28 7:18:45.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1598 [GMT 2:00]
Endroit: E:\Documents and Settings\PC1_2\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\WINDOWS\cookies.ini
E:\WINDOWS\Downloaded Program Files.\cnsweb3d.inf
E:\WINDOWS\Downloaded Program Files.\cnsweb3d.ocx
E:\WINDOWS\system32\actskn43.ocx
E:\WINDOWS\system32\apfved.dll
E:\WINDOWS\system32\ayJjSvut.ini
E:\WINDOWS\system32\ayJjSvut.ini2
E:\WINDOWS\system32\BbHPWxbc.ini
E:\WINDOWS\system32\BbHPWxbc.ini2
E:\WINDOWS\system32\cbxWPHbB(2).dll
E:\WINDOWS\system32\eowthgtt.ini
E:\WINDOWS\system32\hqfbukth.dll
E:\WINDOWS\system32\ilxrbbnh.ini
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\qmvigwat.dll
E:\WINDOWS\system32\tUllKDwT.dll
E:\WINDOWS\system32\tuvSjJya.dll
E:\WINDOWS\system32\wrtjuo.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:46 . 2008-08-27 15:46 <REP> d-------- E:\WINDOWS\system32\Kaspersky Lab
2008-08-27 15:26 . 2008-08-27 15:26 <REP> d-------- E:\Program Files\AxBx
2008-08-27 15:02 . 2008-08-27 15:02 103,552 --a------ E:\WINDOWS\system32\hnbbrxli.dll
2008-08-27 14:13 . 2008-08-27 14:13 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SUPERAntiSpyware.com
2008-08-27 14:09 . 2008-08-27 14:37 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 13:22 . 2008-08-27 15:48 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SolidWorks
2008-08-27 13:08 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 13:05 . 2008-08-27 13:55 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage r‚seau
2008-08-27 13:05 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage d'impression
2008-08-27 13:05 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1_2\ModŠles
2008-08-27 13:05 . 2007-11-19 17:30 <REP> dr------- E:\Documents and Settings\PC1_2\Menu D‚marrer
2008-08-27 13:05 . 2008-08-27 13:08 <REP> dr------- E:\Documents and Settings\PC1_2\Favoris
2008-08-27 13:05 . 2008-08-28 07:17 <REP> d-------- E:\Documents and Settings\PC1_2\Bureau
2008-08-27 13:05 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 13:05 . 2008-08-27 15:07 <REP> d-------- E:\Documents and Settings\PC1_2
2008-08-27 12:47 . 2008-08-27 12:48 <REP> d-------- E:\Documents and Settings\PC1\Application Data\SolidWorks
2008-08-27 12:41 . 2008-08-27 12:41 <REP> d-------- E:\Documents and Settings\PC1\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 12:41 . 2004-08-05 12:00 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
2008-08-27 12:23 . 2008-08-27 12:23 <REP> d-------- E:\Program Files\12Ghosts
2008-08-27 11:53 . 2008-08-27 12:49 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage r‚seau
2008-08-27 11:53 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage d'impression
2008-08-27 11:53 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1\ModŠles
2008-08-27 11:53 . 2008-08-27 16:23 <REP> dr------- E:\Documents and Settings\PC1\Mes documents
2008-08-27 11:53 . 2007-11-19 17:30 <REP> dr------- E:\Documents and Settings\PC1\Menu D‚marrer
2008-08-27 11:53 . 2008-08-27 12:41 <REP> dr------- E:\Documents and Settings\PC1\Favoris
2008-08-27 11:53 . 2007-11-19 17:30 <REP> d-------- E:\Documents and Settings\PC1\Bureau
2008-08-27 11:53 . 2008-08-27 13:09 <REP> d-------- E:\Documents and Settings\PC1
2008-08-27 11:18 . 2008-08-27 11:18 <REP> d-------- E:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-08-27 11:17 . <REP> E:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 10:24 . 2008-08-27 10:24 <REP> d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-22 14:20 . 2008-08-22 14:20 <REP> d-------- E:\Program Files\N-Stealth
2008-08-22 14:20 . 2008-08-22 14:20 46 --a------ E:\WINDOWS\Stsetup.inf
2008-08-22 14:16 . 2008-08-22 14:16 <REP> d-------- E:\Program Files\SuperScan
2008-08-22 09:00 . 2008-08-22 09:07 <REP> d-------- E:\Program Files\IRAI
2008-08-22 07:25 . 2008-08-22 08:48 <REP> d-------- E:\WINDOWS\system32\RNBOSENT
2008-08-22 07:25 . 2003-06-03 16:42 76,288 --a------ E:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-08-22 07:25 . 2003-06-03 16:42 50,176 --a------ E:\WINDOWS\system32\SNTI386.DLL
2008-08-22 07:25 . 2003-06-03 16:42 26,120 --a------ E:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-08-22 07:25 . 2003-06-03 16:42 18,432 --a------ E:\WINDOWS\system32\RNBOVDD.DLL
2008-08-22 07:25 . 2003-06-03 16:42 9,949 --------- E:\WINDOWS\system32\SENTINEL.HLP
2008-08-21 13:29 . 2008-08-21 13:29 717,296 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2008-08-21 13:23 . 2008-08-21 13:23 <REP> d-------- E:\Program Files\Didactic
2008-08-21 11:45 . 2008-08-21 13:20 467 --a------ E:\WINDOWS\festo.ini
2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev3.sys
2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev2.sys
2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev1.sys
2008-08-21 11:42 . 1999-08-11 17:22 10,240 --a------ E:\WINDOWS\system32\Cbnvdd.dll
2008-08-21 07:23 . 2008-08-21 07:32 <REP> d-------- E:\Program Files\Moduflex System Configurator 3.1
2008-08-08 15:04 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
2008-08-08 15:04 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
2008-08-08 15:04 . 2007-07-30 19:18 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
2008-08-08 09:47 . 2008-08-08 09:47 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Azureus
2008-08-08 09:10 . 2008-08-08 09:10 <REP> d----c--- E:\WINDOWS\system32\DRVSTORE
2008-08-08 09:06 . 2008-08-08 09:09 <REP> d-------- E:\Program Files\Windows Live
2008-08-08 09:06 . 2008-08-08 09:09 <REP> d--hsc--- E:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-08 09:06 . 2008-08-08 09:07 <REP> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:08 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
2008-08-27 11:05 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
2008-08-27 10:41 --------- d-----w E:\Documents and Settings\PC1\Application Data\Dossier de téléchargement Share-to-Web
2008-08-27 09:17 --------- d-----w E:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-08-22 07:29 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-08-21 11:49 --------- d-----w E:\Program Files\Axemble
2008-08-12 14:04 --------- d-----w E:\Program Files\Java
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-03-19 07:15 7634944]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"HP Network Registry Agent"="E:\WINDOWS\system32\hpnra.exe" [2000-10-26 17:21 49152]
"RoxioDragToDisc"="E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ISUSPM Startup"="E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Share-to-Web Namespace Daemon"="E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"KAVWks50"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 20:18 98407]
"000000af"="E:\WINDOWS\system32\hnbbrxli.dll" [2008-08-27 15:02 103552]
"nwiz"="nwiz.exe" [2007-03-19 07:15 1622016 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-03-19 07:15 86016 E:\WINDOWS\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wrtjuo.dll apfved.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 a320raid;a320raid;E:\WINDOWS\system32\DRIVERS\a320raid.sys [2004-12-08 23:17]
R0 AFAmgt;AFAmgt;E:\WINDOWS\system32\drivers\AFAmgt.sys [2005-04-01 17:40]
R1 DLARTL_M;DLARTL_M;E:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R1 klmc;KLMC driver;E:\WINDOWS\system32\drivers\klmc.sys [2006-07-12 20:23]
R2 MarxDev1;MarxDev1;E:\WINDOWS\system32\drivers\MarxDev1.sys [1999-08-11 17:22]
R2 MarxDev2;MarxDev2;E:\WINDOWS\system32\drivers\MarxDev2.sys [1999-08-11 17:22]
R2 MarxDev3;MarxDev3;E:\WINDOWS\system32\drivers\MarxDev3.sys [1999-08-11 17:22]
R2 Viewpoint Manager Service;Viewpoint Manager Service;E:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
S2 RAIDStorAgent;Agent RAID Storage Manager;E:\Program Files\Dell\RAID Storage Manager\StorServ.exe [2005-07-06 16:55]
S3 12Ghosts 12-Z;12Ghosts 12-Z;E:\Program Files\12Ghosts\12kernel.sys [2008-07-24 09:32]
S3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-27 E:\WINDOWS\Tasks\sauvegarde.job
- E:\Documents and Settings\PC1\Mes documents\sauvegarde.bat [2007-11-20 16:33]
.
- - - - ORPHANS REMOVED - - - -
BHO-{3706818C-EE4A-4480-B4F9-D71094B13544} - E:\WINDOWS\system32\cbxWPHbB.dll
HKLM-Run-42a946a6 - E:\WINDOWS\system32\ttghtwoe.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
O17 -: HKLM\CCS\Interface\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
O16 -: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.com/partserver/viewer/cnsweb3d/cnsweb3d.cab
E:\WINDOWS\Downloaded Program Files\cnsweb3d.inf
E:\WINDOWS\Downloaded Program Files\cnsweb3d.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 07:28:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
E:\WINDOWS\system32\ilxrbbnh.ini
Scan termin‚ avec succŠs
Les fichiers cach‚s: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klswd.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\3M\PSNotes\psnotes.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-28 7:29:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 05:29:19
Pre-Run: 29,451,390,976 octets libres
Post-Run: 30,839,091,200 octets libres
188 --- E O F --- 2008-08-13 23:02:46
Voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:31, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RunDLL32.exe
E:\WINDOWS\system32\hpnra.exe
E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\3M\PSNotes\psnotes.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\PC1\Mes documents\Antivirus\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] E:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KAVWks50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\hnbbrxli.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logiciel notes Post-it®.lnk = E:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.com/partserv [...] sweb3d.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - E:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5356 bytes
J'espere qu'après tout celà mon pc est clean
J'attend ton avis
Encore merci
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Bonjour
Voici le rapport combofix suivi du rapport hijackthis
Pour revenir à ma question d'hier, puis-je supprimer le repertoire Qoobox qui est sous mon disque dur?
ComboFix 08-08-28.04 - PC1_2 2008-08-29 7:16:55.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1493 [GMT 2:00]
Endroit: E:\Documents and Settings\PC1_2\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\PC1_2\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
E:\WINDOWS\system32\hnbbrxli.dll
E:\WINDOWS\system32\ilxrbbnh.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\WINDOWS\cookies.ini
E:\WINDOWS\system32\hnbbrxli.dll
E:\WINDOWS\system32\ilxrbbnh.ini
E:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 07:02 . 2008-08-29 07:02 1,807 --a------ E:\WINDOWS\ST6UNST.001
2008-08-28 15:47 . 2008-08-28 15:47 <REP> d-------- E:\Program Files\Axemble
2008-08-28 14:48 . 2008-08-28 14:50 <REP> d-------- E:\Program Files\RegCleaner
2008-08-28 14:16 . 2008-08-28 14:16 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\ACD Systems
2008-08-28 11:48 . 2008-08-28 11:48 230 --a------ E:\WINDOWS\system32\spupdsvc.inf
2008-08-28 10:38 . 2008-08-28 14:14 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Azureus
2008-08-27 15:46 . 2008-08-27 15:46 <REP> d-------- E:\WINDOWS\system32\Kaspersky Lab
2008-08-27 14:13 . 2008-08-27 14:13 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SUPERAntiSpyware.com
2008-08-27 14:09 . 2008-08-28 14:35 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 13:22 . 2008-08-29 06:58 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SolidWorks
2008-08-27 13:08 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 13:05 . 2008-08-28 14:16 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage r‚seau
2008-08-27 13:05 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage d'impression
2008-08-27 13:05 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1_2\ModŠles
2008-08-27 13:05 . 2008-08-28 10:26 <REP> dr------- E:\Documents and Settings\PC1_2\Menu D‚marrer
2008-08-27 13:05 . 2008-08-27 13:08 <REP> dr------- E:\Documents and Settings\PC1_2\Favoris
2008-08-27 13:05 . 2008-08-29 07:18 <REP> d-------- E:\Documents and Settings\PC1_2\Bureau
2008-08-27 13:05 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 13:05 . 2008-08-29 07:19 <REP> d-------- E:\Documents and Settings\PC1_2
2008-08-27 12:41 . 2004-08-05 12:00 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
2008-08-27 12:23 . 2008-08-27 12:23 <REP> d-------- E:\Program Files\12Ghosts
2008-08-27 11:53 . 2008-08-27 12:49 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage r‚seau
2008-08-27 11:53 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage d'impression
2008-08-27 11:53 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1\ModŠles
2008-08-27 11:53 . 2008-08-29 07:00 <REP> dr------- E:\Documents and Settings\PC1\Mes documents
2008-08-27 11:53 . 2007-11-19 17:30 <REP> dr------- E:\Documents and Settings\PC1\Menu D‚marrer
2008-08-27 11:53 . 2008-08-27 12:41 <REP> dr------- E:\Documents and Settings\PC1\Favoris
2008-08-27 11:53 . 2007-11-19 17:30 <REP> d-------- E:\Documents and Settings\PC1\Bureau
2008-08-27 11:53 . 2008-08-27 13:09 <REP> d-------- E:\Documents and Settings\PC1
2008-08-27 11:18 . 2008-08-27 11:18 <REP> d-------- E:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-08-27 11:17 . <REP> E:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-08-27 10:24 . 2008-08-27 10:24 <REP> d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-22 14:20 . 2008-08-22 14:20 <REP> d-------- E:\Program Files\N-Stealth
2008-08-22 14:20 . 2008-08-22 14:20 46 --a------ E:\WINDOWS\Stsetup.inf
2008-08-22 14:16 . 2008-08-22 14:16 <REP> d-------- E:\Program Files\SuperScan
2008-08-22 09:00 . 2008-08-22 09:07 <REP> d-------- E:\Program Files\IRAI
2008-08-22 07:25 . 2008-08-22 08:48 <REP> d-------- E:\WINDOWS\system32\RNBOSENT
2008-08-22 07:25 . 2003-06-03 16:42 76,288 --a------ E:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-08-22 07:25 . 2003-06-03 16:42 50,176 --a------ E:\WINDOWS\system32\SNTI386.DLL
2008-08-22 07:25 . 2003-06-03 16:42 26,120 --a------ E:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-08-22 07:25 . 2003-06-03 16:42 18,432 --a------ E:\WINDOWS\system32\RNBOVDD.DLL
2008-08-22 07:25 . 2003-06-03 16:42 9,949 --------- E:\WINDOWS\system32\SENTINEL.HLP
2008-08-21 13:29 . 2008-08-21 13:29 717,296 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2008-08-21 13:23 . 2008-08-21 13:23 <REP> d-------- E:\Program Files\Didactic
2008-08-21 11:45 . 2008-08-21 13:20 467 --a------ E:\WINDOWS\festo.ini
2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev3.sys
2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev2.sys
2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev1.sys
2008-08-21 11:42 . 1999-08-11 17:22 10,240 --a------ E:\WINDOWS\system32\Cbnvdd.dll
2008-08-21 07:23 . 2008-08-21 07:32 <REP> d-------- E:\Program Files\Moduflex System Configurator 3.1
2008-08-08 15:04 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
2008-08-08 15:04 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
2008-08-08 15:04 . 2007-07-30 19:18 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
2008-08-08 09:47 . 2008-08-08 09:47 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Azureus
2008-08-08 09:10 . 2008-08-08 09:10 <REP> d----c--- E:\WINDOWS\system32\DRVSTORE
2008-08-08 09:06 . 2008-08-08 09:09 <REP> d-------- E:\Program Files\Windows Live
2008-08-08 09:06 . 2008-08-08 09:09 <REP> d--hsc--- E:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-08 09:06 . 2008-08-08 09:07 <REP> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 05:02 74,752 ----a-w E:\WINDOWS\ST6UNST.EXE
2008-08-29 05:02 258,048 ----a-w E:\WINDOWS\Setup1.exe
2008-08-28 13:47 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-08-27 11:08 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
2008-08-27 11:05 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
2008-08-27 09:17 --------- d-----w E:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-08-12 14:04 --------- d-----w E:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w E:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w E:\WINDOWS\system32\es(2).dll
2008-06-24 16:23 74,240 ----a-w E:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 267,776 ----a-w E:\WINDOWS\system32\iertutil(2).dll
2008-06-23 16:28 105,984 ----a-w E:\WINDOWS\system32\url(2).dll
2008-06-23 16:28 1,159,680 ----a-w E:\WINDOWS\system32\urlmon(2).dll
2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock(2).dll
2008-06-20 17:41 148,992 ----a-w E:\WINDOWS\system32\dnsapi(2).dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-28_ 7.29.01.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-13 17:39:20 71,680 ----a-w E:\WINDOWS\system32\admparse.dll
+ 2004-08-05 10:00:00 61,440 ----a-w E:\WINDOWS\system32\admparse.dll
- 2008-06-23 16:28:17 124,928 ----a-w E:\WINDOWS\system32\advpack.dll
+ 2004-08-05 10:00:00 101,888 ----a-w E:\WINDOWS\system32\advpack.dll
- 2006-09-23 12:12:56 1,022,976 ----a-w E:\WINDOWS\system32\browseui.dll
+ 2006-03-04 03:34:57 1,023,488 ----a-w E:\WINDOWS\system32\browseui.dll
- 1998-07-13 00:00:00 89,600 ----a-w E:\WINDOWS\system32\CmCtlFR.dll
+ 1998-07-12 23:00:00 89,600 ----a-w E:\WINDOWS\system32\CmCtlFR.dll
- 1998-07-13 00:00:00 32,768 ----a-w E:\WINDOWS\system32\CmDlgFR.dll
+ 1998-07-12 23:00:00 32,768 ----a-w E:\WINDOWS\system32\CmDlgFR.dll
- 2007-08-13 17:42:54 17,408 ----a-w E:\WINDOWS\system32\corpol.dll
+ 2004-08-05 10:00:00 35,328 ----a-w E:\WINDOWS\system32\corpol.dll
- 2007-08-13 17:39:20 71,680 -c--a-w E:\WINDOWS\system32\dllcache\admparse.dll
+ 2004-08-05 10:00:00 61,440 -c--a-w E:\WINDOWS\system32\dllcache\admparse.dll
- 2008-06-23 16:28:17 124,928 -c--a-w E:\WINDOWS\system32\dllcache\advpack.dll
+ 2004-08-05 10:00:00 101,888 -c--a-w E:\WINDOWS\system32\dllcache\advpack.dll
- 2006-09-23 12:12:56 1,022,976 -c--a-w E:\WINDOWS\system32\dllcache\browseui.dll
+ 2006-03-04 03:34:57 1,023,488 -c--a-w E:\WINDOWS\system32\dllcache\browseui.dll
- 2007-08-13 17:42:54 17,408 -c--a-w E:\WINDOWS\system32\dllcache\corpol.dll
+ 2004-08-05 10:00:00 35,328 -c--a-w E:\WINDOWS\system32\dllcache\corpol.dll
- 2007-08-13 17:54:10 33,792 -c--a-w E:\WINDOWS\system32\dllcache\custsat.dll
+ 2004-08-05 10:00:00 28,672 -c--a-w E:\WINDOWS\system32\dllcache\custsat.dll
- 2008-06-23 16:28:17 347,136 -c--a-w E:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2004-08-05 10:00:00 357,888 -c--a-w E:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:28:17 214,528 -c--a-w E:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2006-03-04 03:34:58 205,312 -c--a-w E:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:28:17 133,120 -c--a-w E:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-03-04 03:34:58 55,808 -c--a-w E:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 17:18:02 60,416 -c--a-w E:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2004-08-05 10:00:00 38,912 -c--a-w E:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-06-23 09:21:30 70,656 -c--a-w E:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2004-08-05 10:00:00 34,304 -c--a-w E:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:28:18 153,088 -c--a-w E:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2004-08-05 10:00:00 139,264 -c--a-w E:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:28:18 230,400 -c--a-w E:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2004-08-05 10:00:00 221,696 -c--a-w E:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w E:\WINDOWS\system32\dllcache\ieakui.dll
+ 2004-08-05 10:00:00 245,760 -c--a-w E:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:28:18 384,512 -c--a-w E:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2004-08-05 10:00:00 323,584 -c--a-w E:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 17:44:02 69,120 -c--a-w E:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-03-04 00:39:06 18,432 -c--a-w E:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-13 17:45:18 78,336 -c--a-w E:\WINDOWS\system32\dllcache\ieencode.dll
+ 2004-08-05 10:00:00 81,920 -c--a-w E:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-13 17:54:10 191,488 -c--a-w E:\WINDOWS\system32\dllcache\iepeers.dll
+ 2006-03-04 03:34:58 251,392 -c--a-w E:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-06-23 16:28:19 44,544 -c--a-w E:\WINDOWS\system32\dllcache\iernonce.dll
+ 2004-08-05 10:00:00 49,152 -c--a-w E:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 17:39:12 55,296 -c--a-w E:\WINDOWS\system32\dllcache\iesetup.dll
+ 2004-08-05 10:00:00 63,488 -c--a-w E:\WINDOWS\system32\dllcache\iesetup.dll
- 2008-06-23 09:21:49 625,664 -c--a-w E:\WINDOWS\system32\dllcache\iexplore.exe
+ 2004-08-05 10:00:00 93,184 -c--a-w E:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 17:36:06 36,352 -c--a-w E:\WINDOWS\system32\dllcache\imgutil.dll
+ 2004-08-05 10:00:00 35,840 -c--a-w E:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-13 17:39:02 92,672 -c--a-w E:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-03-04 03:34:58 96,768 -c--a-w E:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-13 17:38:04 491,520 -c--a-w E:\WINDOWS\system32\dllcache\jscript.dll
+ 2004-08-05 10:00:00 450,560 -c--a-w E:\WINDOWS\system32\dllcache\jscript.dll
- 2008-06-23 16:28:20 27,648 -c--a-w E:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2004-08-05 10:00:00 15,872 -c--a-w E:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 17:44:18 40,960 -c--a-w E:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2004-08-05 10:00:00 22,528 -c--a-w E:\WINDOWS\system32\dllcache\licmgr10.dll
- 2007-08-13 17:32:30 45,568 -c--a-w E:\WINDOWS\system32\dllcache\mshta.exe
+ 2004-08-05 10:00:00 29,184 -c--a-w E:\WINDOWS\system32\dllcache\mshta.exe
- 2008-06-24 08:28:24 3,592,192 -c--a-w E:\WINDOWS\system32\dllcache\mshtml.dll
+ 2006-03-23 17:35:42 3,074,560 -c--a-w E:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:28:22 477,696 -c--a-w E:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-03-04 03:35:00 448,512 -c--a-w E:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 17:01:12 48,128 -c--a-w E:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2004-08-05 10:00:00 57,344 -c--a-w E:\WINDOWS\system32\dllcache\mshtmler.dll
- 2007-08-13 17:54:10 156,160 -c--a-w E:\WINDOWS\system32\dllcache\msls31.dll
+ 2004-08-05 10:00:00 146,432 -c--a-w E:\WINDOWS\system32\dllcache\msls31.dll
- 2008-06-23 16:28:22 193,024 -c--a-w E:\WINDOWS\system32\dllcache\msrating.dll
+ 2006-03-04 03:35:00 146,432 -c--a-w E:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:28:22 671,232 -c--a-w E:\WINDOWS\system32\dllcache\mstime.dll
+ 2006-03-04 03:35:01 532,480 -c--a-w E:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:28:22 102,912 -c--a-w E:\WINDOWS\system32\dllcache\occache.dll
+ 2004-08-05 10:00:00 97,280 -c--a-w E:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:28:22 44,544 -c--a-w E:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-03-04 03:35:01 39,424 -c--a-w E:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-09-23 12:12:56 1,497,088 -c--a-w E:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-03-30 09:26:11 1,492,992 -c--a-w E:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-09-23 12:12:56 474,624 -c--a-w E:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-03-04 03:35:02 474,624 -c--a-w E:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-06-23 16:28:22 105,984 -c--a-w E:\WINDOWS\system32\dllcache\url.dll
+ 2004-08-05 10:00:00 37,888 -c--a-w E:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:28:23 1,159,680 -c--a-w E:\WINDOWS\system32\dllcache\urlmon.dll
+ 2006-03-18 11:09:53 615,424 -c--a-w E:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 17:54:10 413,696 -c--a-w E:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-05 10:00:00 417,792 -c--a-w E:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-12 23:30:52 765,952 -c--a-w E:\WINDOWS\system32\dllcache\vgx.dll
+ 2004-08-05 10:00:00 848,384 -c--a-w E:\WINDOWS\system32\dllcache\vgx.dll
- 2008-06-23 16:28:23 233,472 -c--a-w E:\WINDOWS\system32\dllcache\webcheck.dll
+ 2004-08-05 10:00:00 281,600 -c--a-w E:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:28:23 826,368 -c--a-w E:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-03-04 03:35:02 662,528 -c--a-w E:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-23 16:28:17 347,136 ----a-w E:\WINDOWS\system32\dxtmsft.dll
+ 2004-08-05 10:00:00 357,888 ----a-w E:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:28:17 214,528 ----a-w E:\WINDOWS\system32\dxtrans.dll
+ 2006-03-04 03:34:58 205,312 ----a-w E:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:28:17 133,120 ----a-w E:\WINDOWS\system32\extmgr.dll
+ 2006-03-04 03:34:58 55,808 ----a-w E:\WINDOWS\system32\extmgr.dll
- 1998-07-12 23:00:00 40,960 ----a-w E:\WINDOWS\system32\FLXGDFR.DLL
+ 1998-07-12 22:00:00 40,960 ----a-w E:\WINDOWS\system32\FLXGDFR.DLL
- 2008-06-23 09:21:30 70,656 ----a-w E:\WINDOWS\system32\ie4uinit.exe
+ 2004-08-05 10:00:00 34,304 ----a-w E:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:28:18 153,088 ----a-w E:\WINDOWS\system32\ieakeng.dll
+ 2004-08-05 10:00:00 139,264 ----a-w E:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:28:18 230,400 ----a-w E:\WINDOWS\system32\ieaksie.dll
+ 2004-08-05 10:00:00 221,696 ----a-w E:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w E:\WINDOWS\system32\ieakui.dll
+ 2004-08-05 10:00:00 245,760 ----a-w E:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:28:18 384,512 ----a-w E:\WINDOWS\system32\iedkcs32.dll
+ 2004-08-05 10:00:00 323,584 ----a-w E:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 17:45:18 78,336 ----a-w E:\WINDOWS\system32\ieencode.dll
+ 2004-08-05 10:00:00 81,920 ----a-w E:\WINDOWS\system32\ieencode.dll
- 2007-08-13 17:54:10 191,488 ----a-w E:\WINDOWS\system32\iepeers.dll
+ 2006-03-04 03:34:58 251,392 ----a-w E:\WINDOWS\system32\iepeers.dll
- 2008-06-23 16:28:19 44,544 ----a-w E:\WINDOWS\system32\iernonce.dll
+ 2004-08-05 10:00:00 49,152 ----a-w E:\WINDOWS\system32\iernonce.dll
- 2007-08-13 17:39:12 55,296 ----a-w E:\WINDOWS\system32\iesetup.dll
+ 2004-08-05 10:00:00 63,488 ----a-w E:\WINDOWS\system32\iesetup.dll
- 2007-08-13 17:36:06 36,352 ----a-w E:\WINDOWS\system32\imgutil.dll
+ 2004-08-05 10:00:00 35,840 ----a-w E:\WINDOWS\system32\imgutil.dll
- 2007-08-13 17:39:02 92,672 ----a-w E:\WINDOWS\system32\inseng.dll
+ 2006-03-04 03:34:58 96,768 ----a-w E:\WINDOWS\system32\inseng.dll
- 2007-08-13 17:38:04 491,520 ----a-w E:\WINDOWS\system32\jscript.dll
+ 2004-08-05 10:00:00 450,560 ----a-w E:\WINDOWS\system32\jscript.dll
- 2008-06-23 16:28:20 27,648 ----a-w E:\WINDOWS\system32\jsproxy.dll
+ 2004-08-05 10:00:00 15,872 ----a-w E:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 17:44:18 40,960 ----a-w E:\WINDOWS\system32\licmgr10.dll
+ 2004-08-05 10:00:00 22,528 ----a-w E:\WINDOWS\system32\licmgr10.dll
- 1998-07-12 23:00:00 59,904 ----a-w E:\WINDOWS\system32\MSCC2FR.DLL
+ 1998-07-12 22:00:00 59,904 ----a-w E:\WINDOWS\system32\MSCC2FR.DLL
- 2007-08-13 17:32:30 45,568 ----a-w E:\WINDOWS\system32\mshta.exe
+ 2004-08-05 10:00:00 29,184 ----a-w E:\WINDOWS\system32\mshta.exe
- 2008-06-24 08:28:24 3,592,192 ----a-w E:\WINDOWS\system32\mshtml.dll
+ 2006-03-23 17:35:42 3,074,560 ----a-w E:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:28:22 477,696 ----a-w E:\WINDOWS\system32\mshtmled.dll
+ 2006-03-04 03:35:00 448,512 ----a-w E:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 17:01:12 48,128 ----a-w E:\WINDOWS\system32\mshtmler.dll
+ 2004-08-05 10:00:00 57,344 ----a-w E:\WINDOWS\system32\mshtmler.dll
- 2007-08-13 17:54:10 156,160 ----a-w E:\WINDOWS\system32\msls31.dll
+ 2004-08-05 10:00:00 146,432 ----a-w E:\WINDOWS\system32\msls31.dll
- 2008-06-23 16:28:22 193,024 ----a-w E:\WINDOWS\system32\msrating.dll
+ 2006-03-04 03:35:00 146,432 ----a-w E:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:28:22 671,232 ----a-w E:\WINDOWS\system32\mstime.dll
+ 2006-03-04 03:35:01 532,480 ----a-w E:\WINDOWS\system32\mstime.dll
- 2008-06-23 16:28:22 102,912 ----a-w E:\WINDOWS\system32\occache.dll
+ 2004-08-05 10:00:00 97,280 ----a-w E:\WINDOWS\system32\occache.dll
- 2008-06-23 16:28:22 44,544 ----a-w E:\WINDOWS\system32\pngfilt.dll
+ 2006-03-04 03:35:01 39,424 ----a-w E:\WINDOWS\system32\pngfilt.dll
- 2006-09-23 12:12:56 1,497,088 ----a-w E:\WINDOWS\system32\shdocvw.dll
+ 2006-03-30 09:26:11 1,492,992 ----a-w E:\WINDOWS\system32\shdocvw.dll
- 2006-09-23 12:12:56 474,624 ----a-w E:\WINDOWS\system32\shlwapi.dll
+ 2006-03-04 03:35:02 474,624 ----a-w E:\WINDOWS\system32\shlwapi.dll
- 1998-07-12 23:00:00 21,504 ----a-w E:\WINDOWS\system32\TABCTFR.DLL
+ 1998-07-12 22:00:00 21,504 ----a-w E:\WINDOWS\system32\TABCTFR.DLL
- 2008-06-23 16:28:22 105,984 ----a-w E:\WINDOWS\system32\url.dll
+ 2004-08-05 10:00:00 37,888 ----a-w E:\WINDOWS\system32\url.dll
- 2008-06-23 16:28:23 1,159,680 ----a-w E:\WINDOWS\system32\urlmon.dll
+ 2006-03-18 11:09:53 615,424 ----a-w E:\WINDOWS\system32\urlmon.dll
- 2007-08-13 17:54:10 413,696 ----a-w E:\WINDOWS\system32\vbscript.dll
+ 2004-08-05 10:00:00 417,792 ----a-w E:\WINDOWS\system32\vbscript.dll
- 2008-06-23 16:28:23 233,472 ----a-w E:\WINDOWS\system32\webcheck.dll
+ 2004-08-05 10:00:00 281,600 ----a-w E:\WINDOWS\system32\webcheck.dll
- 2008-06-23 16:28:23 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
+ 2006-03-04 03:35:02 662,528 ----a-w E:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-03-19 07:15 7634944]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"HP Network Registry Agent"="E:\WINDOWS\system32\hpnra.exe" [2000-10-26 17:21 49152]
"RoxioDragToDisc"="E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ISUSPM Startup"="E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Share-to-Web Namespace Daemon"="E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"KAVWks50"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 20:18 98407]
"nwiz"="nwiz.exe" [2007-03-19 07:15 1622016 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-03-19 07:15 86016 E:\WINDOWS\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wrtjuo.dll apfved.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 a320raid;a320raid;E:\WINDOWS\system32\DRIVERS\a320raid.sys [2004-12-08 23:17]
R0 AFAmgt;AFAmgt;E:\WINDOWS\system32\drivers\AFAmgt.sys [2005-04-01 17:40]
R1 DLARTL_M;DLARTL_M;E:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R1 klmc;KLMC driver;E:\WINDOWS\system32\drivers\klmc.sys [2006-07-12 20:23]
R2 MarxDev1;MarxDev1;E:\WINDOWS\system32\drivers\MarxDev1.sys [1999-08-11 17:22]
R2 MarxDev2;MarxDev2;E:\WINDOWS\system32\drivers\MarxDev2.sys [1999-08-11 17:22]
R2 MarxDev3;MarxDev3;E:\WINDOWS\system32\drivers\MarxDev3.sys [1999-08-11 17:22]
R2 Viewpoint Manager Service;Viewpoint Manager Service;E:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
S2 RAIDStorAgent;Agent RAID Storage Manager;E:\Program Files\Dell\RAID Storage Manager\StorServ.exe [2005-07-06 16:55]
S3 12Ghosts 12-Z;12Ghosts 12-Z;E:\Program Files\12Ghosts\12kernel.sys [2008-07-24 09:32]
S3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-28 E:\WINDOWS\Tasks\sauvegarde.job
- E:\Documents and Settings\PC1\Mes documents\sauvegarde.bat [2007-11-20 16:33]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 07:21:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klswd.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\3M\PSNotes\psnotes.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 7:23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 05:23:29
ComboFix2.txt 2008-08-28 05:29:24
Pre-Run: 40,881,147,904 octets libres
Post-Run: 40,532,643,840 octets libres
348 --- E O F --- 2008-08-28 23:01:59
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27:37, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\WINDOWS\system32\hpnra.exe
E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\3M\PSNotes\psnotes.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Outlook Express\msimn.exe
D:\Program Files\SolidWorks 2007\sldworks.exe
E:\DOCUME~1\PC1_2\LOCALS~1\Temp\SolidWorksLicTemp.0001
E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\PC1\Mes documents\Antivirus\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] E:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KAVWks50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logiciel notes Post-it®.lnk = E:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.com/partserv [...] sweb3d.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: wrtjuo.dll apfved.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - E:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5923 bytes
Tu as ces fichiers E:\WINDOWS\system32\apfved.dll & E:\WINDOWS\system32\wrtjuo.dll ?
Répondre à Angeldark
Bonjour
Non je n'ai aucuns de ces deux fichiers.
J'ai supprimé le repertoire Qoobox car après analyse avec kaspersky, il a trouvé des trojans ( je pense que c'est normal car sa soit etre le dossier où les fichiers sont en quarantaine)
J'attend ta réponse
Encore merci
Tu as accès aux fichiers cachés ?
Tu as raison pour Qoobox.
Répondre à Angeldark
Bonjour. La solution est simple pour supprimer MS ANTIVIRUS. Je l'ai expérimenté ce matin car me suis fais avoir. Il suffit de faire rechercher puis taper MSA.EXE ou MSASETUP et de les supprimer . Ensuite les enlever de la corbeille car il revient en courant sinon. Voila ce que j'ai fais et ça fonctiionne.
Il y a 1533 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
