Se connecter / S'enregistrer
Votre question

winlogon infecté ( ms antivirus 2008)

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Août 2008 16:33:23

Bonjour à tous

je viens pour vous faire part de mon problème et de me venir en aide!!

J'ai malencontreusement installé antivirus 2008... depuis, j'ai sans cesse des popups qui s'ouvrent.
En plus de cela je suis infecté par " trojan.win32.Monderb.gjo" au niveau de winlogon.exe il me semble(rapport de kaspersky) et impossible de le supprimer (dès que je clique avec Kaspersky, le pc s'éteint et affiche une fenetre bleue( avec ecrit fichier irrécupérable ou un truc dans le genre)

Merci de m'aider

Je vous mets le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:35, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\hpnra.exe
E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\3M\PSNotes\psnotes.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\explorer.exe
E:\Documents and Settings\PC1\Mes documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] E:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KAVWks50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKLM\..\Run: [42a946a6] rundll32.exe "E:\WINDOWS\system32\ttghtwoe.dll",b
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\hnbbrxli.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logiciel notes Post-it®.lnk = E:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.com/partserver/viewer/cnsweb3d/cn...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
O20 - AppInit_DLLs: wrtjuo.dll apfved.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - E:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6272 bytes

Autres pages sur : winlogon infecte antivirus 2008

27 Août 2008 17:08:37

Pour avoir encore plus d'info, kaspersky trouve comme objet dangereux:
"winlogon.exe[pid:744]\tullkdwt.dll" est un cheval de troie Trojan.win32.Monderb.gjo

Lorsque je clique pour supprimer le fichier l'écran bleu apparait avec ecrit:
"Stop:000021A{erreur systeme irrécupérable} le processus systeme windows logon process s'est terminée de facon innatendue avec l'état 0x00000000 (0x00000000 0x00000000) le systeme à été arreté."

J'attend vos post.

Merci d'avance.
a b 8 Sécurité
27 Août 2008 18:46:38

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    28 Août 2008 15:45:28

    Merci pour ton aide Angeldark

    Je pense que le probleme est resolu... j'ai fait comme tu me dis avec combofix.
    Ensuite j'ai lancé différents progz toute la journée pour analyser (spybot,Kaspersky...) plus de trace de winlogon infecté. Par contre Spybot a trouvé "virtumonde" comme trojan ( mais rien de mechant).
    Est ce que je peux supprimer le dossier qoobox (qui doit contenir les fichiers mis en quaranaine de combofix) qui est sous mon c:?

    Je te mets le rapport combo fix puis celui de hijackthis que j'ai fait juste à l'instant.

    ComboFix 08-08-27.05 - PC1_2 2008-08-28 7:18:45.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1598 [GMT 2:00]
    Endroit: E:\Documents and Settings\PC1_2\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    E:\WINDOWS\cookies.ini
    E:\WINDOWS\Downloaded Program Files.\cnsweb3d.inf
    E:\WINDOWS\Downloaded Program Files.\cnsweb3d.ocx
    E:\WINDOWS\system32\actskn43.ocx
    E:\WINDOWS\system32\apfved.dll
    E:\WINDOWS\system32\ayJjSvut.ini
    E:\WINDOWS\system32\ayJjSvut.ini2
    E:\WINDOWS\system32\BbHPWxbc.ini
    E:\WINDOWS\system32\BbHPWxbc.ini2
    E:\WINDOWS\system32\cbxWPHbB(2).dll
    E:\WINDOWS\system32\eowthgtt.ini
    E:\WINDOWS\system32\hqfbukth.dll
    E:\WINDOWS\system32\ilxrbbnh.ini
    E:\WINDOWS\system32\mcrh.tmp
    E:\WINDOWS\system32\qmvigwat.dll
    E:\WINDOWS\system32\tUllKDwT.dll
    E:\WINDOWS\system32\tuvSjJya.dll
    E:\WINDOWS\system32\wrtjuo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-27 15:46 . 2008-08-27 15:46 <REP> d-------- E:\WINDOWS\system32\Kaspersky Lab
    2008-08-27 15:26 . 2008-08-27 15:26 <REP> d-------- E:\Program Files\AxBx
    2008-08-27 15:02 . 2008-08-27 15:02 103,552 --a------ E:\WINDOWS\system32\hnbbrxli.dll
    2008-08-27 14:13 . 2008-08-27 14:13 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SUPERAntiSpyware.com
    2008-08-27 14:09 . 2008-08-27 14:37 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-27 13:22 . 2008-08-27 15:48 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SolidWorks
    2008-08-27 13:08 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 13:05 . 2008-08-27 13:55 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage r‚seau
    2008-08-27 13:05 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage d'impression
    2008-08-27 13:05 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1_2\ModŠles
    2008-08-27 13:05 . 2007-11-19 17:30 <REP> dr------- E:\Documents and Settings\PC1_2\Menu D‚marrer
    2008-08-27 13:05 . 2008-08-27 13:08 <REP> dr------- E:\Documents and Settings\PC1_2\Favoris
    2008-08-27 13:05 . 2008-08-28 07:17 <REP> d-------- E:\Documents and Settings\PC1_2\Bureau
    2008-08-27 13:05 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 13:05 . 2008-08-27 15:07 <REP> d-------- E:\Documents and Settings\PC1_2
    2008-08-27 12:47 . 2008-08-27 12:48 <REP> d-------- E:\Documents and Settings\PC1\Application Data\SolidWorks
    2008-08-27 12:41 . 2008-08-27 12:41 <REP> d-------- E:\Documents and Settings\PC1\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 12:41 . 2004-08-05 12:00 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
    2008-08-27 12:23 . 2008-08-27 12:23 <REP> d-------- E:\Program Files\12Ghosts
    2008-08-27 11:53 . 2008-08-27 12:49 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage r‚seau
    2008-08-27 11:53 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage d'impression
    2008-08-27 11:53 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1\ModŠles
    2008-08-27 11:53 . 2008-08-27 16:23 <REP> dr------- E:\Documents and Settings\PC1\Mes documents
    2008-08-27 11:53 . 2007-11-19 17:30 <REP> dr------- E:\Documents and Settings\PC1\Menu D‚marrer
    2008-08-27 11:53 . 2008-08-27 12:41 <REP> dr------- E:\Documents and Settings\PC1\Favoris
    2008-08-27 11:53 . 2007-11-19 17:30 <REP> d-------- E:\Documents and Settings\PC1\Bureau
    2008-08-27 11:53 . 2008-08-27 13:09 <REP> d-------- E:\Documents and Settings\PC1
    2008-08-27 11:18 . 2008-08-27 11:18 <REP> d-------- E:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
    2008-08-27 11:17 . <REP> E:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 10:24 . 2008-08-27 10:24 <REP> d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-08-22 14:20 . 2008-08-22 14:20 <REP> d-------- E:\Program Files\N-Stealth
    2008-08-22 14:20 . 2008-08-22 14:20 46 --a------ E:\WINDOWS\Stsetup.inf
    2008-08-22 14:16 . 2008-08-22 14:16 <REP> d-------- E:\Program Files\SuperScan
    2008-08-22 09:00 . 2008-08-22 09:07 <REP> d-------- E:\Program Files\IRAI
    2008-08-22 07:25 . 2008-08-22 08:48 <REP> d-------- E:\WINDOWS\system32\RNBOSENT
    2008-08-22 07:25 . 2003-06-03 16:42 76,288 --a------ E:\WINDOWS\system32\drivers\SENTINEL.SYS
    2008-08-22 07:25 . 2003-06-03 16:42 50,176 --a------ E:\WINDOWS\system32\SNTI386.DLL
    2008-08-22 07:25 . 2003-06-03 16:42 26,120 --a------ E:\WINDOWS\system32\drivers\SNTNLUSB.SYS
    2008-08-22 07:25 . 2003-06-03 16:42 18,432 --a------ E:\WINDOWS\system32\RNBOVDD.DLL
    2008-08-22 07:25 . 2003-06-03 16:42 9,949 --------- E:\WINDOWS\system32\SENTINEL.HLP
    2008-08-21 13:29 . 2008-08-21 13:29 717,296 --a------ E:\WINDOWS\system32\drivers\sptd.sys
    2008-08-21 13:23 . 2008-08-21 13:23 <REP> d-------- E:\Program Files\Didactic
    2008-08-21 11:45 . 2008-08-21 13:20 467 --a------ E:\WINDOWS\festo.ini
    2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev3.sys
    2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev2.sys
    2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev1.sys
    2008-08-21 11:42 . 1999-08-11 17:22 10,240 --a------ E:\WINDOWS\system32\Cbnvdd.dll
    2008-08-21 07:23 . 2008-08-21 07:32 <REP> d-------- E:\Program Files\Moduflex System Configurator 3.1
    2008-08-08 15:04 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
    2008-08-08 15:04 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
    2008-08-08 15:04 . 2007-07-30 19:18 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
    2008-08-08 09:47 . 2008-08-08 09:47 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-08 09:10 . 2008-08-08 09:10 <REP> d----c--- E:\WINDOWS\system32\DRVSTORE
    2008-08-08 09:06 . 2008-08-08 09:09 <REP> d-------- E:\Program Files\Windows Live
    2008-08-08 09:06 . 2008-08-08 09:09 <REP> d--hsc--- E:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-08 09:06 . 2008-08-08 09:07 <REP> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-27 11:08 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-27 11:05 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-27 10:41 --------- d-----w E:\Documents and Settings\PC1\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-27 09:17 --------- d-----w E:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-22 07:29 --------- d--h--w E:\Program Files\InstallShield Installation Information
    2008-08-21 11:49 --------- d-----w E:\Program Files\Axemble
    2008-08-12 14:04 --------- d-----w E:\Program Files\Java
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-03-19 07:15 7634944]
    "Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
    "HP Network Registry Agent"="E:\WINDOWS\system32\hpnra.exe" [2000-10-26 17:21 49152]
    "RoxioDragToDisc"="E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
    "ISUSPM Startup"="E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "Share-to-Web Namespace Daemon"="E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
    "KAVWks50"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 20:18 98407]
    "000000af"="E:\WINDOWS\system32\hnbbrxli.dll" [2008-08-27 15:02 103552]
    "nwiz"="nwiz.exe" [2007-03-19 07:15 1622016 E:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2007-03-19 07:15 86016 E:\WINDOWS\system32\nvmctray.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wrtjuo.dll apfved.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "E:\\Program Files\\Messenger\\msmsgs.exe"=
    "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 a320raid;a320raid;E:\WINDOWS\system32\DRIVERS\a320raid.sys [2004-12-08 23:17]
    R0 AFAmgt;AFAmgt;E:\WINDOWS\system32\drivers\AFAmgt.sys [2005-04-01 17:40]
    R1 DLARTL_M;DLARTL_M;E:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
    R1 klmc;KLMC driver;E:\WINDOWS\system32\drivers\klmc.sys [2006-07-12 20:23]
    R2 MarxDev1;MarxDev1;E:\WINDOWS\system32\drivers\MarxDev1.sys [1999-08-11 17:22]
    R2 MarxDev2;MarxDev2;E:\WINDOWS\system32\drivers\MarxDev2.sys [1999-08-11 17:22]
    R2 MarxDev3;MarxDev3;E:\WINDOWS\system32\drivers\MarxDev3.sys [1999-08-11 17:22]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;E:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
    S2 RAIDStorAgent;Agent RAID Storage Manager;E:\Program Files\Dell\RAID Storage Manager\StorServ.exe [2005-07-06 16:55]
    S3 12Ghosts 12-Z;12Ghosts 12-Z;E:\Program Files\12Ghosts\12kernel.sys [2008-07-24 09:32]
    S3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-27 E:\WINDOWS\Tasks\sauvegarde.job
    - E:\Documents and Settings\PC1\Mes documents\sauvegarde.bat [2007-11-20 16:33]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{3706818C-EE4A-4480-B4F9-D71094B13544} - E:\WINDOWS\system32\cbxWPHbB.dll
    HKLM-Run-42a946a6 - E:\WINDOWS\system32\ttghtwoe.dll


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://google.fr/
    O17 -: HKLM\CCS\Interface\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4

    O16 -: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.com/partserver/viewer/cnsweb3d/cnsweb3d....
    E:\WINDOWS\Downloaded Program Files\cnsweb3d.inf
    E:\WINDOWS\Downloaded Program Files\cnsweb3d.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-28 07:28:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    E:\WINDOWS\system32\ilxrbbnh.ini

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klswd.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    E:\WINDOWS\system32\wscntfy.exe
    E:\WINDOWS\system32\rundll32.exe
    E:\WINDOWS\system32\rundll32.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\Program Files\3M\PSNotes\psnotes.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-28 7:29:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-28 05:29:19

    Pre-Run: 29,451,390,976 octets libres
    Post-Run: 30,839,091,200 octets libres

    188 --- E O F --- 2008-08-13 23:02:46


    Voici le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:43:31, on 28/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Viewpoint\Common\ViewpointService.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\RunDLL32.exe
    E:\WINDOWS\system32\hpnra.exe
    E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\WINDOWS\system32\rundll32.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\Program Files\3M\PSNotes\psnotes.exe
    E:\WINDOWS\System32\svchost.exe
    E:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Documents and Settings\PC1\Mes documents\Antivirus\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Network Registry Agent] E:\WINDOWS\system32\hpnra.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KAVWks50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
    O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\hnbbrxli.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Logiciel notes Post-it®.lnk = E:\Program Files\3M\PSNotes\psnotes.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.com/partserver/viewer/cnsweb3d/cn...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - E:\Program Files\Dell\RAID Storage Manager\StorServ.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5356 bytes


    J'espere qu'après tout celà mon pc est clean

    J'attend ton avis

    Encore merci
    a b 8 Sécurité
    28 Août 2008 20:51:21

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    E:\WINDOWS\system32\hnbbrxli.dll
    E:\WINDOWS\system32\ilxrbbnh.ini

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "000000af"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    29 Août 2008 07:30:08

    Bonjour

    Voici le rapport combofix suivi du rapport hijackthis

    Pour revenir à ma question d'hier, puis-je supprimer le repertoire Qoobox qui est sous mon disque dur?

    ComboFix 08-08-28.04 - PC1_2 2008-08-29 7:16:55.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1493 [GMT 2:00]
    Endroit: E:\Documents and Settings\PC1_2\Bureau\ComboFix.exe
    Command switches used :: E:\Documents and Settings\PC1_2\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    E:\WINDOWS\system32\hnbbrxli.dll
    E:\WINDOWS\system32\ilxrbbnh.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    E:\WINDOWS\cookies.ini
    E:\WINDOWS\system32\hnbbrxli.dll
    E:\WINDOWS\system32\ilxrbbnh.ini
    E:\WINDOWS\system32\mcrh.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-29 07:02 . 2008-08-29 07:02 1,807 --a------ E:\WINDOWS\ST6UNST.001
    2008-08-28 15:47 . 2008-08-28 15:47 <REP> d-------- E:\Program Files\Axemble
    2008-08-28 14:48 . 2008-08-28 14:50 <REP> d-------- E:\Program Files\RegCleaner
    2008-08-28 14:16 . 2008-08-28 14:16 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\ACD Systems
    2008-08-28 11:48 . 2008-08-28 11:48 230 --a------ E:\WINDOWS\system32\spupdsvc.inf
    2008-08-28 10:38 . 2008-08-28 14:14 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Azureus
    2008-08-27 15:46 . 2008-08-27 15:46 <REP> d-------- E:\WINDOWS\system32\Kaspersky Lab
    2008-08-27 14:13 . 2008-08-27 14:13 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SUPERAntiSpyware.com
    2008-08-27 14:09 . 2008-08-28 14:35 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-27 13:22 . 2008-08-29 06:58 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\SolidWorks
    2008-08-27 13:08 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 13:05 . 2008-08-28 14:16 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage r‚seau
    2008-08-27 13:05 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1_2\Voisinage d'impression
    2008-08-27 13:05 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1_2\ModŠles
    2008-08-27 13:05 . 2008-08-28 10:26 <REP> dr------- E:\Documents and Settings\PC1_2\Menu D‚marrer
    2008-08-27 13:05 . 2008-08-27 13:08 <REP> dr------- E:\Documents and Settings\PC1_2\Favoris
    2008-08-27 13:05 . 2008-08-29 07:18 <REP> d-------- E:\Documents and Settings\PC1_2\Bureau
    2008-08-27 13:05 . 2008-08-27 13:08 <REP> d-------- E:\Documents and Settings\PC1_2\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 13:05 . 2008-08-29 07:19 <REP> d-------- E:\Documents and Settings\PC1_2
    2008-08-27 12:41 . 2004-08-05 12:00 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
    2008-08-27 12:23 . 2008-08-27 12:23 <REP> d-------- E:\Program Files\12Ghosts
    2008-08-27 11:53 . 2008-08-27 12:49 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage r‚seau
    2008-08-27 11:53 . 2007-11-19 17:30 <REP> d--h----- E:\Documents and Settings\PC1\Voisinage d'impression
    2008-08-27 11:53 . 2007-11-19 16:38 <REP> d--h----- E:\Documents and Settings\PC1\ModŠles
    2008-08-27 11:53 . 2008-08-29 07:00 <REP> dr------- E:\Documents and Settings\PC1\Mes documents
    2008-08-27 11:53 . 2007-11-19 17:30 <REP> dr------- E:\Documents and Settings\PC1\Menu D‚marrer
    2008-08-27 11:53 . 2008-08-27 12:41 <REP> dr------- E:\Documents and Settings\PC1\Favoris
    2008-08-27 11:53 . 2007-11-19 17:30 <REP> d-------- E:\Documents and Settings\PC1\Bureau
    2008-08-27 11:53 . 2008-08-27 13:09 <REP> d-------- E:\Documents and Settings\PC1
    2008-08-27 11:18 . 2008-08-27 11:18 <REP> d-------- E:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
    2008-08-27 11:17 . <REP> E:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-08-27 10:24 . 2008-08-27 10:24 <REP> d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-08-22 14:20 . 2008-08-22 14:20 <REP> d-------- E:\Program Files\N-Stealth
    2008-08-22 14:20 . 2008-08-22 14:20 46 --a------ E:\WINDOWS\Stsetup.inf
    2008-08-22 14:16 . 2008-08-22 14:16 <REP> d-------- E:\Program Files\SuperScan
    2008-08-22 09:00 . 2008-08-22 09:07 <REP> d-------- E:\Program Files\IRAI
    2008-08-22 07:25 . 2008-08-22 08:48 <REP> d-------- E:\WINDOWS\system32\RNBOSENT
    2008-08-22 07:25 . 2003-06-03 16:42 76,288 --a------ E:\WINDOWS\system32\drivers\SENTINEL.SYS
    2008-08-22 07:25 . 2003-06-03 16:42 50,176 --a------ E:\WINDOWS\system32\SNTI386.DLL
    2008-08-22 07:25 . 2003-06-03 16:42 26,120 --a------ E:\WINDOWS\system32\drivers\SNTNLUSB.SYS
    2008-08-22 07:25 . 2003-06-03 16:42 18,432 --a------ E:\WINDOWS\system32\RNBOVDD.DLL
    2008-08-22 07:25 . 2003-06-03 16:42 9,949 --------- E:\WINDOWS\system32\SENTINEL.HLP
    2008-08-21 13:29 . 2008-08-21 13:29 717,296 --a------ E:\WINDOWS\system32\drivers\sptd.sys
    2008-08-21 13:23 . 2008-08-21 13:23 <REP> d-------- E:\Program Files\Didactic
    2008-08-21 11:45 . 2008-08-21 13:20 467 --a------ E:\WINDOWS\festo.ini
    2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev3.sys
    2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev2.sys
    2008-08-21 11:42 . 1999-08-11 17:22 11,296 --a------ E:\WINDOWS\system32\drivers\marxdev1.sys
    2008-08-21 11:42 . 1999-08-11 17:22 10,240 --a------ E:\WINDOWS\system32\Cbnvdd.dll
    2008-08-21 07:23 . 2008-08-21 07:32 <REP> d-------- E:\Program Files\Moduflex System Configurator 3.1
    2008-08-08 15:04 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
    2008-08-08 15:04 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
    2008-08-08 15:04 . 2007-07-30 19:18 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
    2008-08-08 09:47 . 2008-08-08 09:47 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-08 09:10 . 2008-08-08 09:10 <REP> d----c--- E:\WINDOWS\system32\DRVSTORE
    2008-08-08 09:06 . 2008-08-08 09:09 <REP> d-------- E:\Program Files\Windows Live
    2008-08-08 09:06 . 2008-08-08 09:09 <REP> d--hsc--- E:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-08 09:06 . 2008-08-08 09:07 <REP> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-29 05:02 74,752 ----a-w E:\WINDOWS\ST6UNST.EXE
    2008-08-29 05:02 258,048 ----a-w E:\WINDOWS\Setup1.exe
    2008-08-28 13:47 --------- d--h--w E:\Program Files\InstallShield Installation Information
    2008-08-27 11:08 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-27 11:05 --------- d-----w E:\Documents and Settings\PC1_2\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-27 09:17 --------- d-----w E:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
    2008-08-12 14:04 --------- d-----w E:\Program Files\Java
    2008-07-07 20:31 253,952 ----a-w E:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w E:\WINDOWS\system32\es(2).dll
    2008-06-24 16:23 74,240 ----a-w E:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 267,776 ----a-w E:\WINDOWS\system32\iertutil(2).dll
    2008-06-23 16:28 105,984 ----a-w E:\WINDOWS\system32\url(2).dll
    2008-06-23 16:28 1,159,680 ----a-w E:\WINDOWS\system32\urlmon(2).dll
    2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock(2).dll
    2008-06-20 17:41 148,992 ----a-w E:\WINDOWS\system32\dnsapi(2).dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-28_ 7.29.01.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-08-13 17:39:20 71,680 ----a-w E:\WINDOWS\system32\admparse.dll
    + 2004-08-05 10:00:00 61,440 ----a-w E:\WINDOWS\system32\admparse.dll
    - 2008-06-23 16:28:17 124,928 ----a-w E:\WINDOWS\system32\advpack.dll
    + 2004-08-05 10:00:00 101,888 ----a-w E:\WINDOWS\system32\advpack.dll
    - 2006-09-23 12:12:56 1,022,976 ----a-w E:\WINDOWS\system32\browseui.dll
    + 2006-03-04 03:34:57 1,023,488 ----a-w E:\WINDOWS\system32\browseui.dll
    - 1998-07-13 00:00:00 89,600 ----a-w E:\WINDOWS\system32\CmCtlFR.dll
    + 1998-07-12 23:00:00 89,600 ----a-w E:\WINDOWS\system32\CmCtlFR.dll
    - 1998-07-13 00:00:00 32,768 ----a-w E:\WINDOWS\system32\CmDlgFR.dll
    + 1998-07-12 23:00:00 32,768 ----a-w E:\WINDOWS\system32\CmDlgFR.dll
    - 2007-08-13 17:42:54 17,408 ----a-w E:\WINDOWS\system32\corpol.dll
    + 2004-08-05 10:00:00 35,328 ----a-w E:\WINDOWS\system32\corpol.dll
    - 2007-08-13 17:39:20 71,680 -c--a-w E:\WINDOWS\system32\dllcache\admparse.dll
    + 2004-08-05 10:00:00 61,440 -c--a-w E:\WINDOWS\system32\dllcache\admparse.dll
    - 2008-06-23 16:28:17 124,928 -c--a-w E:\WINDOWS\system32\dllcache\advpack.dll
    + 2004-08-05 10:00:00 101,888 -c--a-w E:\WINDOWS\system32\dllcache\advpack.dll
    - 2006-09-23 12:12:56 1,022,976 -c--a-w E:\WINDOWS\system32\dllcache\browseui.dll
    + 2006-03-04 03:34:57 1,023,488 -c--a-w E:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-08-13 17:42:54 17,408 -c--a-w E:\WINDOWS\system32\dllcache\corpol.dll
    + 2004-08-05 10:00:00 35,328 -c--a-w E:\WINDOWS\system32\dllcache\corpol.dll
    - 2007-08-13 17:54:10 33,792 -c--a-w E:\WINDOWS\system32\dllcache\custsat.dll
    + 2004-08-05 10:00:00 28,672 -c--a-w E:\WINDOWS\system32\dllcache\custsat.dll
    - 2008-06-23 16:28:17 347,136 -c--a-w E:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2004-08-05 10:00:00 357,888 -c--a-w E:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2008-06-23 16:28:17 214,528 -c--a-w E:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2006-03-04 03:34:58 205,312 -c--a-w E:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2008-06-23 16:28:17 133,120 -c--a-w E:\WINDOWS\system32\dllcache\extmgr.dll
    + 2006-03-04 03:34:58 55,808 -c--a-w E:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-08-13 17:18:02 60,416 -c--a-w E:\WINDOWS\system32\dllcache\hmmapi.dll
    + 2004-08-05 10:00:00 38,912 -c--a-w E:\WINDOWS\system32\dllcache\hmmapi.dll
    - 2008-06-23 09:21:30 70,656 -c--a-w E:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2004-08-05 10:00:00 34,304 -c--a-w E:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2008-06-23 16:28:18 153,088 -c--a-w E:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2004-08-05 10:00:00 139,264 -c--a-w E:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2008-06-23 16:28:18 230,400 -c--a-w E:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2004-08-05 10:00:00 221,696 -c--a-w E:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2008-06-21 05:23:54 161,792 -c--a-w E:\WINDOWS\system32\dllcache\ieakui.dll
    + 2004-08-05 10:00:00 245,760 -c--a-w E:\WINDOWS\system32\dllcache\ieakui.dll
    - 2008-06-23 16:28:18 384,512 -c--a-w E:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2004-08-05 10:00:00 323,584 -c--a-w E:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-08-13 17:44:02 69,120 -c--a-w E:\WINDOWS\system32\dllcache\iedw.exe
    + 2006-03-04 00:39:06 18,432 -c--a-w E:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-08-13 17:45:18 78,336 -c--a-w E:\WINDOWS\system32\dllcache\ieencode.dll
    + 2004-08-05 10:00:00 81,920 -c--a-w E:\WINDOWS\system32\dllcache\ieencode.dll
    - 2007-08-13 17:54:10 191,488 -c--a-w E:\WINDOWS\system32\dllcache\iepeers.dll
    + 2006-03-04 03:34:58 251,392 -c--a-w E:\WINDOWS\system32\dllcache\iepeers.dll
    - 2008-06-23 16:28:19 44,544 -c--a-w E:\WINDOWS\system32\dllcache\iernonce.dll
    + 2004-08-05 10:00:00 49,152 -c--a-w E:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-08-13 17:39:12 55,296 -c--a-w E:\WINDOWS\system32\dllcache\iesetup.dll
    + 2004-08-05 10:00:00 63,488 -c--a-w E:\WINDOWS\system32\dllcache\iesetup.dll
    - 2008-06-23 09:21:49 625,664 -c--a-w E:\WINDOWS\system32\dllcache\iexplore.exe
    + 2004-08-05 10:00:00 93,184 -c--a-w E:\WINDOWS\system32\dllcache\iexplore.exe
    - 2007-08-13 17:36:06 36,352 -c--a-w E:\WINDOWS\system32\dllcache\imgutil.dll
    + 2004-08-05 10:00:00 35,840 -c--a-w E:\WINDOWS\system32\dllcache\imgutil.dll
    - 2007-08-13 17:39:02 92,672 -c--a-w E:\WINDOWS\system32\dllcache\inseng.dll
    + 2006-03-04 03:34:58 96,768 -c--a-w E:\WINDOWS\system32\dllcache\inseng.dll
    - 2007-08-13 17:38:04 491,520 -c--a-w E:\WINDOWS\system32\dllcache\jscript.dll
    + 2004-08-05 10:00:00 450,560 -c--a-w E:\WINDOWS\system32\dllcache\jscript.dll
    - 2008-06-23 16:28:20 27,648 -c--a-w E:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2004-08-05 10:00:00 15,872 -c--a-w E:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-08-13 17:44:18 40,960 -c--a-w E:\WINDOWS\system32\dllcache\licmgr10.dll
    + 2004-08-05 10:00:00 22,528 -c--a-w E:\WINDOWS\system32\dllcache\licmgr10.dll
    - 2007-08-13 17:32:30 45,568 -c--a-w E:\WINDOWS\system32\dllcache\mshta.exe
    + 2004-08-05 10:00:00 29,184 -c--a-w E:\WINDOWS\system32\dllcache\mshta.exe
    - 2008-06-24 08:28:24 3,592,192 -c--a-w E:\WINDOWS\system32\dllcache\mshtml.dll
    + 2006-03-23 17:35:42 3,074,560 -c--a-w E:\WINDOWS\system32\dllcache\mshtml.dll
    - 2008-06-23 16:28:22 477,696 -c--a-w E:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2006-03-04 03:35:00 448,512 -c--a-w E:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-08-13 17:01:12 48,128 -c--a-w E:\WINDOWS\system32\dllcache\mshtmler.dll
    + 2004-08-05 10:00:00 57,344 -c--a-w E:\WINDOWS\system32\dllcache\mshtmler.dll
    - 2007-08-13 17:54:10 156,160 -c--a-w E:\WINDOWS\system32\dllcache\msls31.dll
    + 2004-08-05 10:00:00 146,432 -c--a-w E:\WINDOWS\system32\dllcache\msls31.dll
    - 2008-06-23 16:28:22 193,024 -c--a-w E:\WINDOWS\system32\dllcache\msrating.dll
    + 2006-03-04 03:35:00 146,432 -c--a-w E:\WINDOWS\system32\dllcache\msrating.dll
    - 2008-06-23 16:28:22 671,232 -c--a-w E:\WINDOWS\system32\dllcache\mstime.dll
    + 2006-03-04 03:35:01 532,480 -c--a-w E:\WINDOWS\system32\dllcache\mstime.dll
    - 2008-06-23 16:28:22 102,912 -c--a-w E:\WINDOWS\system32\dllcache\occache.dll
    + 2004-08-05 10:00:00 97,280 -c--a-w E:\WINDOWS\system32\dllcache\occache.dll
    - 2008-06-23 16:28:22 44,544 -c--a-w E:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2006-03-04 03:35:01 39,424 -c--a-w E:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2006-09-23 12:12:56 1,497,088 -c--a-w E:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2006-03-30 09:26:11 1,492,992 -c--a-w E:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2006-09-23 12:12:56 474,624 -c--a-w E:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2006-03-04 03:35:02 474,624 -c--a-w E:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2008-06-23 16:28:22 105,984 -c--a-w E:\WINDOWS\system32\dllcache\url.dll
    + 2004-08-05 10:00:00 37,888 -c--a-w E:\WINDOWS\system32\dllcache\url.dll
    - 2008-06-23 16:28:23 1,159,680 -c--a-w E:\WINDOWS\system32\dllcache\urlmon.dll
    + 2006-03-18 11:09:53 615,424 -c--a-w E:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-08-13 17:54:10 413,696 -c--a-w E:\WINDOWS\system32\dllcache\vbscript.dll
    + 2004-08-05 10:00:00 417,792 -c--a-w E:\WINDOWS\system32\dllcache\vbscript.dll
    - 2007-07-12 23:30:52 765,952 -c--a-w E:\WINDOWS\system32\dllcache\vgx.dll
    + 2004-08-05 10:00:00 848,384 -c--a-w E:\WINDOWS\system32\dllcache\vgx.dll
    - 2008-06-23 16:28:23 233,472 -c--a-w E:\WINDOWS\system32\dllcache\webcheck.dll
    + 2004-08-05 10:00:00 281,600 -c--a-w E:\WINDOWS\system32\dllcache\webcheck.dll
    - 2008-06-23 16:28:23 826,368 -c--a-w E:\WINDOWS\system32\dllcache\wininet.dll
    + 2006-03-04 03:35:02 662,528 -c--a-w E:\WINDOWS\system32\dllcache\wininet.dll
    - 2008-06-23 16:28:17 347,136 ----a-w E:\WINDOWS\system32\dxtmsft.dll
    + 2004-08-05 10:00:00 357,888 ----a-w E:\WINDOWS\system32\dxtmsft.dll
    - 2008-06-23 16:28:17 214,528 ----a-w E:\WINDOWS\system32\dxtrans.dll
    + 2006-03-04 03:34:58 205,312 ----a-w E:\WINDOWS\system32\dxtrans.dll
    - 2008-06-23 16:28:17 133,120 ----a-w E:\WINDOWS\system32\extmgr.dll
    + 2006-03-04 03:34:58 55,808 ----a-w E:\WINDOWS\system32\extmgr.dll
    - 1998-07-12 23:00:00 40,960 ----a-w E:\WINDOWS\system32\FLXGDFR.DLL
    + 1998-07-12 22:00:00 40,960 ----a-w E:\WINDOWS\system32\FLXGDFR.DLL
    - 2008-06-23 09:21:30 70,656 ----a-w E:\WINDOWS\system32\ie4uinit.exe
    + 2004-08-05 10:00:00 34,304 ----a-w E:\WINDOWS\system32\ie4uinit.exe
    - 2008-06-23 16:28:18 153,088 ----a-w E:\WINDOWS\system32\ieakeng.dll
    + 2004-08-05 10:00:00 139,264 ----a-w E:\WINDOWS\system32\ieakeng.dll
    - 2008-06-23 16:28:18 230,400 ----a-w E:\WINDOWS\system32\ieaksie.dll
    + 2004-08-05 10:00:00 221,696 ----a-w E:\WINDOWS\system32\ieaksie.dll
    - 2008-06-21 05:23:54 161,792 ----a-w E:\WINDOWS\system32\ieakui.dll
    + 2004-08-05 10:00:00 245,760 ----a-w E:\WINDOWS\system32\ieakui.dll
    - 2008-06-23 16:28:18 384,512 ----a-w E:\WINDOWS\system32\iedkcs32.dll
    + 2004-08-05 10:00:00 323,584 ----a-w E:\WINDOWS\system32\iedkcs32.dll
    - 2007-08-13 17:45:18 78,336 ----a-w E:\WINDOWS\system32\ieencode.dll
    + 2004-08-05 10:00:00 81,920 ----a-w E:\WINDOWS\system32\ieencode.dll
    - 2007-08-13 17:54:10 191,488 ----a-w E:\WINDOWS\system32\iepeers.dll
    + 2006-03-04 03:34:58 251,392 ----a-w E:\WINDOWS\system32\iepeers.dll
    - 2008-06-23 16:28:19 44,544 ----a-w E:\WINDOWS\system32\iernonce.dll
    + 2004-08-05 10:00:00 49,152 ----a-w E:\WINDOWS\system32\iernonce.dll
    - 2007-08-13 17:39:12 55,296 ----a-w E:\WINDOWS\system32\iesetup.dll
    + 2004-08-05 10:00:00 63,488 ----a-w E:\WINDOWS\system32\iesetup.dll
    - 2007-08-13 17:36:06 36,352 ----a-w E:\WINDOWS\system32\imgutil.dll
    + 2004-08-05 10:00:00 35,840 ----a-w E:\WINDOWS\system32\imgutil.dll
    - 2007-08-13 17:39:02 92,672 ----a-w E:\WINDOWS\system32\inseng.dll
    + 2006-03-04 03:34:58 96,768 ----a-w E:\WINDOWS\system32\inseng.dll
    - 2007-08-13 17:38:04 491,520 ----a-w E:\WINDOWS\system32\jscript.dll
    + 2004-08-05 10:00:00 450,560 ----a-w E:\WINDOWS\system32\jscript.dll
    - 2008-06-23 16:28:20 27,648 ----a-w E:\WINDOWS\system32\jsproxy.dll
    + 2004-08-05 10:00:00 15,872 ----a-w E:\WINDOWS\system32\jsproxy.dll
    - 2007-08-13 17:44:18 40,960 ----a-w E:\WINDOWS\system32\licmgr10.dll
    + 2004-08-05 10:00:00 22,528 ----a-w E:\WINDOWS\system32\licmgr10.dll
    - 1998-07-12 23:00:00 59,904 ----a-w E:\WINDOWS\system32\MSCC2FR.DLL
    + 1998-07-12 22:00:00 59,904 ----a-w E:\WINDOWS\system32\MSCC2FR.DLL
    - 2007-08-13 17:32:30 45,568 ----a-w E:\WINDOWS\system32\mshta.exe
    + 2004-08-05 10:00:00 29,184 ----a-w E:\WINDOWS\system32\mshta.exe
    - 2008-06-24 08:28:24 3,592,192 ----a-w E:\WINDOWS\system32\mshtml.dll
    + 2006-03-23 17:35:42 3,074,560 ----a-w E:\WINDOWS\system32\mshtml.dll
    - 2008-06-23 16:28:22 477,696 ----a-w E:\WINDOWS\system32\mshtmled.dll
    + 2006-03-04 03:35:00 448,512 ----a-w E:\WINDOWS\system32\mshtmled.dll
    - 2007-08-13 17:01:12 48,128 ----a-w E:\WINDOWS\system32\mshtmler.dll
    + 2004-08-05 10:00:00 57,344 ----a-w E:\WINDOWS\system32\mshtmler.dll
    - 2007-08-13 17:54:10 156,160 ----a-w E:\WINDOWS\system32\msls31.dll
    + 2004-08-05 10:00:00 146,432 ----a-w E:\WINDOWS\system32\msls31.dll
    - 2008-06-23 16:28:22 193,024 ----a-w E:\WINDOWS\system32\msrating.dll
    + 2006-03-04 03:35:00 146,432 ----a-w E:\WINDOWS\system32\msrating.dll
    - 2008-06-23 16:28:22 671,232 ----a-w E:\WINDOWS\system32\mstime.dll
    + 2006-03-04 03:35:01 532,480 ----a-w E:\WINDOWS\system32\mstime.dll
    - 2008-06-23 16:28:22 102,912 ----a-w E:\WINDOWS\system32\occache.dll
    + 2004-08-05 10:00:00 97,280 ----a-w E:\WINDOWS\system32\occache.dll
    - 2008-06-23 16:28:22 44,544 ----a-w E:\WINDOWS\system32\pngfilt.dll
    + 2006-03-04 03:35:01 39,424 ----a-w E:\WINDOWS\system32\pngfilt.dll
    - 2006-09-23 12:12:56 1,497,088 ----a-w E:\WINDOWS\system32\shdocvw.dll
    + 2006-03-30 09:26:11 1,492,992 ----a-w E:\WINDOWS\system32\shdocvw.dll
    - 2006-09-23 12:12:56 474,624 ----a-w E:\WINDOWS\system32\shlwapi.dll
    + 2006-03-04 03:35:02 474,624 ----a-w E:\WINDOWS\system32\shlwapi.dll
    - 1998-07-12 23:00:00 21,504 ----a-w E:\WINDOWS\system32\TABCTFR.DLL
    + 1998-07-12 22:00:00 21,504 ----a-w E:\WINDOWS\system32\TABCTFR.DLL
    - 2008-06-23 16:28:22 105,984 ----a-w E:\WINDOWS\system32\url.dll
    + 2004-08-05 10:00:00 37,888 ----a-w E:\WINDOWS\system32\url.dll
    - 2008-06-23 16:28:23 1,159,680 ----a-w E:\WINDOWS\system32\urlmon.dll
    + 2006-03-18 11:09:53 615,424 ----a-w E:\WINDOWS\system32\urlmon.dll
    - 2007-08-13 17:54:10 413,696 ----a-w E:\WINDOWS\system32\vbscript.dll
    + 2004-08-05 10:00:00 417,792 ----a-w E:\WINDOWS\system32\vbscript.dll
    - 2008-06-23 16:28:23 233,472 ----a-w E:\WINDOWS\system32\webcheck.dll
    + 2004-08-05 10:00:00 281,600 ----a-w E:\WINDOWS\system32\webcheck.dll
    - 2008-06-23 16:28:23 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
    + 2006-03-04 03:35:02 662,528 ----a-w E:\WINDOWS\system32\wininet.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-03-19 07:15 7634944]
    "Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
    "HP Network Registry Agent"="E:\WINDOWS\system32\hpnra.exe" [2000-10-26 17:21 49152]
    "RoxioDragToDisc"="E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
    "ISUSPM Startup"="E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "Share-to-Web Namespace Daemon"="E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
    "KAVWks50"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 20:18 98407]
    "nwiz"="nwiz.exe" [2007-03-19 07:15 1622016 E:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2007-03-19 07:15 86016 E:\WINDOWS\system32\nvmctray.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wrtjuo.dll apfved.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "E:\\Program Files\\Messenger\\msmsgs.exe"=
    "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 a320raid;a320raid;E:\WINDOWS\system32\DRIVERS\a320raid.sys [2004-12-08 23:17]
    R0 AFAmgt;AFAmgt;E:\WINDOWS\system32\drivers\AFAmgt.sys [2005-04-01 17:40]
    R1 DLARTL_M;DLARTL_M;E:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
    R1 klmc;KLMC driver;E:\WINDOWS\system32\drivers\klmc.sys [2006-07-12 20:23]
    R2 MarxDev1;MarxDev1;E:\WINDOWS\system32\drivers\MarxDev1.sys [1999-08-11 17:22]
    R2 MarxDev2;MarxDev2;E:\WINDOWS\system32\drivers\MarxDev2.sys [1999-08-11 17:22]
    R2 MarxDev3;MarxDev3;E:\WINDOWS\system32\drivers\MarxDev3.sys [1999-08-11 17:22]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;E:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
    S2 RAIDStorAgent;Agent RAID Storage Manager;E:\Program Files\Dell\RAID Storage Manager\StorServ.exe [2005-07-06 16:55]
    S3 12Ghosts 12-Z;12Ghosts 12-Z;E:\Program Files\12Ghosts\12kernel.sys [2008-07-24 09:32]
    S3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-28 E:\WINDOWS\Tasks\sauvegarde.job
    - E:\Documents and Settings\PC1\Mes documents\sauvegarde.bat [2007-11-20 16:33]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-29 07:21:07
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klswd.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    E:\WINDOWS\system32\rundll32.exe
    E:\Program Files\3M\PSNotes\psnotes.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-29 7:23:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-29 05:23:29
    ComboFix2.txt 2008-08-28 05:29:24

    Pre-Run: 40,881,147,904 octets libres
    Post-Run: 40,532,643,840 octets libres

    348 --- E O F --- 2008-08-28 23:01:59


    Rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:27:37, on 29/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Viewpoint\Common\ViewpointService.exe
    E:\WINDOWS\system32\RunDLL32.exe
    E:\WINDOWS\system32\hpnra.exe
    E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\3M\PSNotes\psnotes.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\system32\notepad.exe
    E:\Program Files\Outlook Express\msimn.exe
    D:\Program Files\SolidWorks 2007\sldworks.exe
    E:\DOCUME~1\PC1_2\LOCALS~1\Temp\SolidWorksLicTemp.0001
    E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Documents and Settings\PC1\Mes documents\Antivirus\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Network Registry Agent] E:\WINDOWS\system32\hpnra.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KAVWks50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Logiciel notes Post-it®.lnk = E:\Program Files\3M\PSNotes\psnotes.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.com/partserver/viewer/cnsweb3d/cn...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FBB50AB-21A1-419E-995A-2BB07A5A8A31}: NameServer = 193.252.19.3,193.252.19.4
    O20 - AppInit_DLLs: wrtjuo.dll apfved.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - E:\Program Files\Dell\RAID Storage Manager\StorServ.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5923 bytes


    a b 8 Sécurité
    29 Août 2008 12:16:00

    Tu as ces fichiers E:\WINDOWS\system32\apfved.dll & E:\WINDOWS\system32\wrtjuo.dll ?
    29 Août 2008 14:15:12

    Bonjour

    Non je n'ai aucuns de ces deux fichiers.

    J'ai supprimé le repertoire Qoobox car après analyse avec kaspersky, il a trouvé des trojans ( je pense que c'est normal car sa soit etre le dossier où les fichiers sont en quarantaine)

    J'attend ta réponse

    Encore merci
    a b 8 Sécurité
    29 Août 2008 14:41:51

    Tu as accès aux fichiers cachés ?
    Tu as raison pour Qoobox.
    30 Août 2008 09:10:20

    Bonjour. La solution est simple pour supprimer MS ANTIVIRUS. Je l'ai expérimenté ce matin car me suis fais avoir. Il suffit de faire rechercher puis taper MSA.EXE ou MSASETUP et de les supprimer . Ensuite les enlever de la corbeille car il revient en courant sinon. Voila ce que j'ai fais et ça fonctiionne.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS