valetreb

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 14 juin 2008
Dernière visite
le 30 juin 2008

Autres informations

Mes langues
Français uniquement

valetreb's Achievements

Junior Member (3/12)

Réputation sur la communauté

besoin d'aide pour analyse hijackthis et combofix

valetreb a posté un sujet dans Analyses et éradication malwares

bonjour je viens vers vous en ultime recours... j'ai mal configuré mon nouveau PC il y a un mois et j'ai installé Antivir...apparemment bien trop tard... Ainsi, dès son installation, il detecte des virus à répétition (vundo.gen,monder...) et je suis obligé de le désactiver pour travailler.. Problèmes habituels: pubs incessantes, ralentissement, plantages, fichiers système manquant... En lisant divers forums, j'ai essayé les procédures indiquées mais sans succès...(vundofix inefficace, hijackthis, combofix incompréhensible...) Je suis dans une impasse et j'ai peur d'aggraver la situation. c'est desespérant quand on y comprend rien... merci d'avance pour votre aide. laurent voici le dernier rapport hijackthis si quelqu'un y comprends quelque chose...le chinois parait limpide à côté... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:29:26, on 16/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SEC\MT4.0\MagicTune.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Color Calibration.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: MagicTune4.0.lnk = ? O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} (DemoShield DemoX Class) - http://isbat.fr/fr/demo_logiciel_git/des/demox.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: awtuRIxy - awtuRIxy.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- End of file - 8176 bytes -------------------------------------------------------------------------------------------------------------------------------------- et enfin le rapport combofix qui est encore plus opaque: ComboFix 08-06-12.2 - utilisateur 2008-06-16 23:31:33.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2701 [GMT 2:00] Endroit: C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))))))) . 2008-06-16 21:44 . 2008-06-16 21:44 <REP> d-------- C:\VundoFix Backups 2008-06-16 20:04 . 2008-06-16 20:04 <REP> d-------- C:\Program Files\Trend Micro 2008-06-14 11:14 . 2008-06-14 11:14 <REP> d-------- C:\Program Files\Avira 2008-06-14 11:14 . 2008-06-14 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-14 09:00 . 2006-09-05 12:28 38,480 --------- C:\WINDOWS\system32\IJRMF.exe 2008-06-14 08:54 . 2008-06-14 08:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MemeoCommon 2008-06-14 08:53 . 2008-06-14 08:53 <REP> d-------- C:\Program Files\Fichiers communs\eSellerate 2008-06-14 08:53 . 2008-06-14 08:53 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\WD 2008-06-13 15:04 . 2008-06-14 09:14 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-06-13 14:34 . 2008-06-13 14:34 48 --a------ C:\WINDOWS\wpd99.drv 2008-06-13 14:33 . 2008-06-13 14:33 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\pdf995 2008-06-13 14:33 . 2008-06-13 14:33 28 --a------ C:\WINDOWS\pdf995.ini 2008-06-12 10:05 . 2008-06-12 10:05 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2008-06-12 10:05 . 2008-06-12 10:05 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2008-06-11 09:30 . 2008-06-09 17:59 278,528 --a------ C:\WINDOWS\system32\opnkJbXR.dll_old 2008-06-11 09:30 . 2008-06-09 23:58 278,528 --a------ C:\WINDOWS\system32\cbXOEwTM.dll_old 2008-06-11 09:30 . 2008-06-10 08:36 278,528 --a------ C:\WINDOWS\system32\awtutrQk.dll_old 2008-06-11 09:15 . 2008-06-11 09:15 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-06-11 08:42 . 2008-04-14 17:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 08:42 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-10 00:14 . 2008-06-16 23:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-10 00:14 . 2008-06-10 00:14 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\iTunes 2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\iPod 2008-06-09 22:56 . 2008-06-09 22:58 <REP> d-------- C:\Program Files\QuickTime 2008-06-09 22:56 . 2008-06-09 23:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-09 22:54 . 2008-06-09 22:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2008-06-09 22:50 . 2008-06-09 22:50 <REP> d-------- C:\Program Files\Apple Software Update 2008-06-09 22:50 . 2008-06-09 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-09 22:48 . 2008-06-12 21:25 <REP> d-------- C:\Program Files\Spyware Doctor 2008-06-09 22:48 . 2008-06-09 22:48 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\PC Tools 2008-06-09 22:48 . 2008-06-16 20:04 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-09 22:48 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-09 22:48 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-09 22:48 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-09 22:48 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-09 22:44 . 2008-06-13 15:00 <REP> d-------- C:\Program Files\Norton Security Scan 2008-06-09 22:30 . 2008-06-09 22:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-09 22:30 . 2008-06-09 22:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-09 22:21 . 2008-06-16 23:44 5,326,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-09 22:21 . 2008-06-16 23:34 63,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-09 22:16 . 2008-06-09 22:16 <REP> d-------- C:\Program Files\Zone Labs 2008-06-09 22:16 . 2008-06-09 22:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-09 22:15 . 2008-06-16 23:22 <REP> d-------- C:\WINDOWS\Internet Logs 2008-06-09 22:15 . 2008-06-16 23:35 358,382 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-06-09 17:54 . 2008-06-09 17:54 <REP> d-------- C:\Program Files\Guitar Pro 5 2008-06-08 21:23 . 2008-06-08 21:23 <REP> d-------- C:\Program Files\VideoLAN 2008-06-08 21:23 . 2008-06-08 21:23 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\vlc 2008-06-07 19:53 . 2008-06-11 09:04 620 --a------ C:\WINDOWS\wininit.ini 2008-06-07 19:45 . 2008-06-07 19:45 <REP> d-------- C:\Program Files\Xvid 2008-06-07 19:45 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-06-07 19:45 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-06-07 19:45 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-06-07 19:35 . 2008-06-07 19:35 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\DivX 2008-06-07 19:34 . 2008-06-07 19:34 <REP> d-------- C:\Program Files\DivX 2008-06-07 19:17 . 2008-06-09 23:01 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Apple Computer 2008-06-07 18:48 . 2008-06-07 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-06-07 18:40 . 2008-06-07 18:40 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-06-07 18:40 . 2008-06-07 18:40 <REP> d-------- C:\c45978effe93c6d5fc0ac8a085 2008-06-07 18:39 . 2008-06-07 18:40 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-06-07 18:33 . 2008-06-07 18:33 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Talkback 2008-06-07 18:32 . 2008-06-07 18:32 <REP> d-------- C:\Program Files\Real 2008-06-07 18:32 . 2008-06-08 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Real 2008-06-07 18:32 . 2008-06-07 18:32 3,948 --a------ C:\WINDOWS\mozver.dat 2008-06-07 18:32 . 2008-06-07 18:32 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-06 09:27 . 2008-06-07 18:39 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-06-05 12:09 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-06-05 12:08 . 2008-06-06 09:15 <REP> d-------- C:\Program Files\Hewlett-Packard 2008-06-05 12:08 . 2008-06-05 12:08 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2008-06-05 12:08 . 2008-06-05 12:08 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Dossier de t‚l‚chargement Share-to-Web 2008-06-05 12:08 . 2008-06-05 12:08 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Dossier de t‚l‚chargement Share-to-Web 2008-06-04 23:03 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-06-04 23:03 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-06-04 23:01 . 2008-06-04 23:01 <REP> d-------- C:\Program Files\Fichiers communs\CANON 2008-06-04 23:01 . 2008-06-04 23:01 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-06-04 23:00 . 2008-06-04 23:00 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2008-06-04 23:00 . 2008-06-04 23:00 <REP> d--h----- C:\Program Files\CanonBJ 2008-06-04 23:00 . 2006-10-05 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM7U.DLL 2008-06-04 22:58 . 2008-06-04 23:05 <REP> d-------- C:\Program Files\Canon 2008-06-04 20:25 . 2008-06-04 20:25 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Panasonic 2008-06-04 20:22 . 2008-06-04 20:22 <REP> d-------- C:\Program Files\Panasonic 2008-06-03 18:33 . 2008-06-04 11:21 <REP> d-------- C:\Program Files\Another World 2008-06-03 14:14 . 2008-06-03 14:14 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe 2008-06-02 22:21 . 2008-06-02 22:21 <REP> d-------- C:\Program Files\WD 2008-06-02 22:21 . 2008-06-03 08:28 <REP> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo 2008-06-02 22:21 . 2008-06-02 22:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-06-02 22:15 . 2008-06-02 22:15 <REP> d-------- C:\Program Files\Western Digital Technologies 2008-06-02 22:15 . 2008-06-02 22:15 <REP> d-------- C:\Program Files\Western Digital 2008-06-02 10:20 . 2008-06-02 10:20 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Cctp 2008-06-02 10:16 . 2008-06-02 10:16 <REP> d-------- C:\Program Files\CD-Rom ETI 2008-06-02 10:11 . 2008-06-02 10:11 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Logitech 2008-06-02 10:11 . 2008-06-02 10:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-06-02 10:09 . 2008-06-02 10:09 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-06-02 10:08 . 2008-06-02 10:08 <REP> d-------- C:\Program Files\Logitech 2008-06-02 10:08 . 2008-06-02 10:08 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd 2008-06-02 10:08 . 2008-06-02 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-06-02 10:08 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-06-02 10:08 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-06-02 10:08 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-06-02 10:08 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-06-02 10:08 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll 2008-06-02 10:08 . 2008-06-02 10:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-02 10:08 . 2008-06-02 10:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-06-01 19:00 . 2008-06-01 19:00 <REP> d-------- C:\Program Files\WMV9_VCM 2008-06-01 18:23 . 2008-06-01 18:29 <REP> d-------- C:\Program Files\uTorrent 2008-06-01 18:23 . 2008-06-16 23:44 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\uTorrent 2008-05-31 22:47 . 2004-09-28 18:05 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll 2008-05-31 22:47 . 2004-10-01 18:37 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll 2008-05-31 22:47 . 2005-10-21 07:25 13,396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys 2008-05-31 20:17 . 2008-05-31 22:46 <REP> d-------- C:\Program Files\SEC 2008-05-31 17:09 . 2008-05-31 17:09 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Ubisoft 2008-05-31 17:07 . 2008-05-31 17:07 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\AdobeUM 2008-05-31 17:05 . 2008-05-31 17:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-05-31 16:56 . 2008-05-31 16:56 <REP> d-------- C:\Program Files\Ubisoft 2008-05-31 16:36 . 2008-05-31 16:36 <REP> d-------- C:\Program Files\Trefle Rouge 2008-05-31 16:27 . 2008-05-31 16:27 <REP> d-------- C:\Program Files\AnswerWorks 4.0 2008-05-31 16:26 . 2008-05-31 16:27 <REP> d-------- C:\Program Files\AutoCAD 2006 2008-05-31 16:14 . 2008-05-31 16:27 <REP> d-------- C:\Program Files\Fichiers communs\Autodesk Shared 2008-05-31 16:14 . 2008-05-31 16:14 <REP> d-------- C:\Program Files\Autodesk 2008-05-31 15:13 . 2008-05-31 15:58 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Autodesk 2008-05-31 15:13 . 2008-05-31 16:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-05-31 12:18 . 2008-06-14 09:14 <REP> d-------- C:\Program Files\Google 2008-05-31 10:59 . 2008-05-31 10:59 <REP> d-------- C:\Program Files\SereneScreen 2008-05-31 10:59 . 2006-02-16 12:32 2,932,736 --a------ C:\WINDOWS\system32\MA2_6.scr 2008-05-31 08:22 . 2008-05-31 08:22 98,304 --a------ C:\WINDOWS\system32\pdfmona.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-14 06:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-07 16:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-06-07 16:32 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-06-05 10:08 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Dossier de téléchargement Share-to-Web 2008-06-05 10:08 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Dossier de téléchargement Share-to-Web 2008-06-02 20:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-27 09:39 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-05-27 09:39 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo 2008-05-27 09:38 --------- d-----w C:\Program Files\Realtek 2008-05-27 09:38 --------- d-----w C:\Program Files\Marvell 2008-05-27 09:38 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\TMP 2008-05-27 09:38 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\InstallShield 2008-05-27 09:36 --------- d-----w C:\Program Files\Analog Devices 2008-05-27 09:35 --------- d-----w C:\Program Files\Intel 2008-05-27 09:12 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-27 09:11 --------- d-----w C:\Program Files\Services en ligne 2008-05-22 22:22 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-05-22 22:22 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll 2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-13 17:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 17:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 17:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 17:03 81,920 ----a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 16:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 09:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll 2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll 2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-16_21.27.28.48 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-16 19:20:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-16 21:35:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-09 22:42 68856] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-01 18:23 219952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] "WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 04:50 438272] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ] "WD Button Manager"="WDBtnMgr.exe" [2008-06-03 14:14 364544 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuRIxy] awtuRIxy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-06-09 22:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-06-01 18:23 219952 C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [2008-01-30 04:52] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-12 14:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-13 13:37:30 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 23:44:46 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SEC\MT4.0\MagicTune.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-16 23:49:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-16 21:49:41 ComboFix2.txt 2008-06-16 19:27:38 Pre-Run: 668,896,034,816 octets libres Post-Run: 668,896,968,704 octets libres 333 --- E O F --- 2008-06-11 07:17:05 merci
- le 16 juin 2008
- 1 réponse

Connexion

valetreb

Compteur de contenus

Inscription

Dernière visite

Autres informations

valetreb's Achievements

Junior Member (3/12)

Réputation sur la communauté

besoin d'aide pour analyse hijackthis et combofix

Zebulon

Outils en ligne

Naviguer