Sujet Précédent Sujet Suivant

Je ne peux pas installer les antivérus!

linda.zazy Messages postés 318 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
j'ai un trés gran problème! je viens de foramter mo pc et je ne peux pas installer les antivéus.
svp commnet faire et c'est quoi le problème?
merci beaucoup.
A voir également:

34 réponses

Précédent
  • 1
  • 2
Réponse 21 / 34
Utilisateur anonyme
 
euh....il n y a qu'une etape ..!!!
0
linda.zazy Messages postés 318 Statut Membre 16
 
voila le raport:
ComboFix 09-02-12.02 - Djamila 2009-02-12 21:34:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.764 [GMT 1:00]
Lancé depuis: c:\documents and settings\Djamila\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Djamila\LOCALS~1\Temp\E_4
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\com.run
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\dp1.fne
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\eAPI.fne
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\internet.fne
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\krnln.fnr
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\RegEx.fnr
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\shell.fne
c:\docume~1\Djamila\LOCALS~1\Temp\E_4\spec.fne
c:\documents and settings\Djamila\Djamila.exe
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 ))))))))))))))))))))))))))))))))))))
.

2009-02-12 16:42 . 2009-02-12 16:42 <REP> d-------- C:\rsit
2009-02-11 22:28 . 2009-02-11 22:28 <REP> d-------- c:\documents and settings\Djamila\Application Data\Malwarebytes
2009-02-11 22:27 . 2009-02-11 22:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 20:42 . 2009-02-12 15:10 <REP> d-------- c:\program files\FindyKill
2009-02-11 14:10 . 2009-02-11 14:10 <REP> d-------- c:\program files\Trend Micro
2009-02-11 13:58 . 2009-02-12 18:02 <REP> d--h----- c:\windows\$hf_mig$
2009-02-11 13:58 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-11 13:45 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-11 13:45 . 2008-10-16 14:09 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-11 13:45 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-11 13:45 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-11 13:45 . 2008-10-16 14:07 19,992 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Real
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Fichiers communs\Real
2009-02-10 22:09 . 2009-02-10 22:09 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-02-10 22:09 . 2009-02-10 22:09 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-02-10 22:08 . 2009-02-10 22:08 <REP> d-------- c:\program files\Google
2009-02-10 21:23 . 2009-02-10 21:23 <REP> d---s---- c:\documents and settings\Djamila\UserData
2009-02-10 21:02 . 2009-02-10 21:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2009-02-10 21:00 . 2009-02-10 21:03 <REP> d-------- c:\program files\Fichiers communs\Autodesk Shared
2009-02-10 21:00 . 2009-02-10 21:03 <REP> d-------- c:\program files\Autodesk
2009-02-10 21:00 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-02-10 20:45 . 2009-02-10 20:45 <REP> d-------- c:\windows\system32\QuickTime
2009-02-10 20:45 . 2009-02-10 20:49 <REP> d-------- c:\program files\Macromedia
2009-02-10 20:45 . 2009-02-10 20:49 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-10 20:25 . 2009-02-10 20:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-10 18:00 . 2009-02-10 18:00 <REP> d-------- c:\windows\system32\LogFiles
2009-02-10 17:29 . 2009-02-10 17:29 1,420,255 --a------ c:\windows\system32\XP-43742F86.EXE
2009-02-10 17:23 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-10 17:18 . 2009-02-12 21:24 <REP> d-------- c:\documents and settings\Djamila\Tracing
2009-02-10 17:17 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-02-10 17:17 . 2009-02-10 17:17 385 --a------ c:\windows\ODBC.INI
2009-02-10 17:16 . 2009-02-10 17:16 <REP> d-------- c:\windows\SHELLNEW
2009-02-10 17:12 . 2009-02-10 17:12 603 --a------ c:\windows\FNTNSTLR.INI
2009-02-10 17:08 . 2009-02-10 17:08 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-10 17:08 . 2009-02-10 17:08 <REP> d-------- c:\program files\Microsoft
2009-02-10 17:07 . 2009-02-10 17:08 <REP> d-------- c:\program files\Windows Live
2009-02-10 16:05 . 2009-02-10 16:05 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2009-02-10 15:53 . 2009-02-10 15:53 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-10 15:25 . 2009-02-10 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-10 15:21 . 2009-02-10 15:21 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-02-10 15:18 . 2004-08-17 02:40 16,384 --a------ c:\windows\system32\FileOps.exe
2009-02-10 15:17 . 2009-02-10 15:17 <REP> d-------- c:\windows\system32\Adobe
2009-02-10 15:17 . 2009-02-10 15:47 <REP> d-------- c:\program files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 13:00 --------- d-----w c:\program files\Kaspersky Lab
2009-02-10 12:48 --------- d-----w c:\program files\microsoft frontpage
2009-02-10 12:46 --------- d-----w c:\program files\Services en ligne
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-10 249272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XP-43742F86"="c:\windows\system32\XP-43742F86.EXE" [2009-02-10 1420255]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-10 255504]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Djamila\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 195584]
­­­­­­.lnk - c:\windows\system32\XP-43742F86.EXE [2009-02-10 1420255]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\WINDOWS\\system32\\XP-43742F86.EXE"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\mphkno.sys --> c:\windows\system32\drivers\mphkno.sys [?]
S2 i386si;i386si;c:\windows\system32\drivers\i386si.sys [2009-02-10 22784]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Djamila - c:\documents and settings\Djamila\Djamila.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 21:35:16
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\klogon.dll
.
Heure de fin: 2009-02-12 21:36:12
ComboFix-quarantined-files.txt 2009-02-12 20:36:10

Avant-CF: 28 581 588 992 octets libres
Après-CF: 29,024,182,272 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

178 --- E O F --- 2009-02-12 17:02:48
0
Réponse 22 / 34
Utilisateur anonyme
 
ben tu vois que tu y arrives !!! :)

la suite :

---> Désactive(si present) ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

:files
c:\windows\system32\XP-43742F86.EXE

:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 23 / 34
linda.zazy Messages postés 318 Statut Membre 16
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\XP-43742F86.EXE moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\Historique\History.IE5\MSHist012009021220090213\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\flaA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\flaE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\flaF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\hbxi.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\winoyylkh.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Djamila\LOCALS~1\Temp\winyjymhy.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_220942

Files moved on Reboot...
C:\DOCUME~1\Djamila\LOCALS~1\Temp\Historique\History.IE5\MSHist012009021220090213\index.dat moved successfully.
File C:\DOCUME~1\Djamila\LOCALS~1\Temp\flaA.tmp not found!
File C:\DOCUME~1\Djamila\LOCALS~1\Temp\flaE.tmp not found!
File C:\DOCUME~1\Djamila\LOCALS~1\Temp\flaF.tmp not found!
C:\DOCUME~1\Djamila\LOCALS~1\Temp\hbxi.exe moved successfully.
C:\DOCUME~1\Djamila\LOCALS~1\Temp\winoyylkh.exe moved successfully.
C:\DOCUME~1\Djamila\LOCALS~1\Temp\winyjymhy.exe moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
0
Réponse 24 / 34
Utilisateur anonyme
 
impecable relance le log.txt de "rsit" que je t ai fait telecharger au post 16
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 34
linda.zazy Messages postés 318 Statut Membre 16
 
ok voila:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Djamila at 2009-02-13 13:40:03
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 27 GB (71%) free of 38 GB
Total RAM: 1023 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:05, on 13/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Djamila\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Djamila.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [XP-43742F86] C:\WINDOWS\system32\XP-43742F86.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\_OTMoveIt\MovedFiles\02122009_220942\windows\system32\XP-43742F86.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
0
Réponse 26 / 34
Utilisateur anonyme
 
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
C:\WINDOWS\system32\XP-43742F86.EXE
C:\DOCUME~1\Djamila\LOCALS~1\Temp\hbxi.exe
C:\DOCUME~1\Djamila\LOCALS~1\Temp\winyjymhy.exe
C:\DOCUME~1\Djamila\LOCALS~1\Temp\winoyylkh.exe
C:\DOCUME~1\Djamila\LOCALS~1\Temp\daugnu.exe

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27cd6da0-f9c9-11dd-873d-d6bcb06df977}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\XP-43742F86.EXE"=-
"C:\DOCUME~1\Djamila\LOCALS~1\Temp\hbxi.exe"=-
"C:\DOCUME~1\Djamila\LOCALS~1\Temp\winyjymhy.exe"=-
"C:\DOCUME~1\Djamila\LOCALS~1\Temp\winoyylkh.exe"=-
"C:\DOCUME~1\Djamila\LOCALS~1\Temp\daugnu.exe"=-
"C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run]
"XP-43742F86"=-

------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

0
Réponse 27 / 34
linda.zazy Messages postés 318 Statut Membre 16
 
salut gen_hack man et desolée pour le dérangement!
voila:
ComboFix 09-02-12.03 - Djamila 2009-02-13 20:27:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.748 [GMT 1:00]
Lancé depuis: c:\documents and settings\Djamila\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Djamila\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\Djamila\LOCALS~1\Temp\daugnu.exe
c:\docume~1\Djamila\LOCALS~1\Temp\hbxi.exe
c:\docume~1\Djamila\LOCALS~1\Temp\winoyylkh.exe
c:\docume~1\Djamila\LOCALS~1\Temp\winyjymhy.exe
c:\windows\system32\XP-43742F86.EXE
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 ))))))))))))))))))))))))))))))))))))
.

2009-02-13 16:38 . 2009-02-13 16:38 1,409 --a------ c:\windows\system32\tmp3D827.FOT
2009-02-13 16:38 . 2009-02-13 16:38 1,409 --a------ c:\windows\system32\tmp3B827.FOT
2009-02-13 16:38 . 2009-02-13 16:38 1,409 --a------ c:\windows\system32\tmp11927.FOT
2009-02-13 13:24 . 2009-02-13 13:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 13:24 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 13:24 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 22:09 . 2009-02-12 22:09 <REP> d-------- C:\_OTMoveIt
2009-02-12 16:42 . 2009-02-12 16:42 <REP> d-------- C:\rsit
2009-02-11 22:28 . 2009-02-11 22:28 <REP> d-------- c:\documents and settings\Djamila\Application Data\Malwarebytes
2009-02-11 22:27 . 2009-02-11 22:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 20:42 . 2009-02-12 15:10 <REP> d-------- c:\program files\FindyKill
2009-02-11 14:10 . 2009-02-11 14:10 <REP> d-------- c:\program files\Trend Micro
2009-02-11 13:58 . 2009-02-13 13:24 <REP> d--h----- c:\windows\$hf_mig$
2009-02-11 13:58 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-11 13:45 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-11 13:45 . 2008-10-16 14:09 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-11 13:45 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-11 13:45 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-11 13:45 . 2008-10-16 14:07 19,992 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Real
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Fichiers communs\Real
2009-02-10 22:09 . 2009-02-10 22:09 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-02-10 22:09 . 2009-02-10 22:09 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-02-10 22:08 . 2009-02-10 22:08 <REP> d-------- c:\program files\Google
2009-02-10 21:23 . 2009-02-10 21:23 <REP> d---s---- c:\documents and settings\Djamila\UserData
2009-02-10 21:02 . 2009-02-10 21:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2009-02-10 21:00 . 2009-02-10 21:03 <REP> d-------- c:\program files\Fichiers communs\Autodesk Shared
2009-02-10 21:00 . 2009-02-10 21:03 <REP> d-------- c:\program files\Autodesk
2009-02-10 21:00 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-02-10 20:45 . 2009-02-10 20:45 <REP> d-------- c:\windows\system32\QuickTime
2009-02-10 20:45 . 2009-02-10 20:49 <REP> d-------- c:\program files\Macromedia
2009-02-10 20:45 . 2009-02-10 20:49 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-10 20:25 . 2009-02-10 20:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-10 18:00 . 2009-02-10 18:00 <REP> d-------- c:\windows\system32\LogFiles
2009-02-10 17:23 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-10 17:18 . 2009-02-13 20:16 <REP> d-------- c:\documents and settings\Djamila\Tracing
2009-02-10 17:17 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-02-10 17:17 . 2009-02-10 17:17 385 --a------ c:\windows\ODBC.INI
2009-02-10 17:16 . 2009-02-10 17:16 <REP> d-------- c:\windows\SHELLNEW
2009-02-10 17:12 . 2009-02-10 17:12 603 --a------ c:\windows\FNTNSTLR.INI
2009-02-10 17:08 . 2009-02-10 17:08 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-10 17:08 . 2009-02-10 17:08 <REP> d-------- c:\program files\Microsoft
2009-02-10 17:07 . 2009-02-10 17:08 <REP> d-------- c:\program files\Windows Live
2009-02-10 16:05 . 2009-02-10 16:05 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2009-02-10 15:53 . 2009-02-10 15:53 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-10 15:25 . 2009-02-10 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-10 15:21 . 2009-02-10 15:21 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-02-10 15:18 . 2004-08-17 02:40 16,384 --a------ c:\windows\system32\FileOps.exe
2009-02-10 15:17 . 2009-02-10 15:17 <REP> d-------- c:\windows\system32\Adobe
2009-02-10 15:17 . 2009-02-10 15:47 <REP> d-------- c:\program files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 12:48 --------- d-----w c:\program files\microsoft frontpage
2009-02-10 12:46 --------- d-----w c:\program files\Services en ligne
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_21.35.30,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 04:54:36 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:59:28 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2009-02-10 20:16:31 177,856 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-13 12:23:20 177,856 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 04:54:36 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:59:28 332,800 ----a-w c:\windows\system32\netapi32.dll
+ 2009-02-13 19:26:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_116c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-10 249272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-10 255504]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Djamila\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 195584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe Systems Shared\\Service\\Adobelmsvc.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\mphkno.sys --> c:\windows\system32\drivers\mphkno.sys [?]
S2 i386si;i386si;c:\windows\system32\drivers\i386si.sys [2009-02-10 22784]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-XP-43742F86 - c:\windows\system32\XP-43742F86.EXE

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 20:28:24
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\klogon.dll
.
Heure de fin: 2009-02-13 20:29:21
ComboFix-quarantined-files.txt 2009-02-13 19:29:20
ComboFix2.txt 2009-02-12 20:36:13

Avant-CF: 30 751 334 400 octets libres
Après-CF: 30,584,610,816 octets libres

170 --- E O F --- 2009-02-13 12:25:03
0
Réponse 28 / 34
Utilisateur anonyme
 
bonjour relance le log.txt de rsit s'il te plait
0
Réponse 29 / 34
linda.zazy Messages postés 318 Statut Membre 16
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Djamila at 2009-02-14 16:50:03
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 27 GB (71%) free of 38 GB
Total RAM: 1023 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:05, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\DOCUME~1\Djamila\LOCALS~1\Temp\winrhwig.exe
C:\DOCUME~1\Djamila\LOCALS~1\Temp\djghb.exe
C:\DOCUME~1\Djamila\LOCALS~1\Temp\windmcsf.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Djamila\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Djamila.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
0
Réponse 30 / 34
Utilisateur anonyme
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur, il n'est pas transposable sur un autre ordinateur !

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------

File::
C:\WINDOWS\system32\drivers\mphkno.sys

------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

0
Réponse 31 / 34
linda.zazy Messages postés 318 Statut Membre 16
 
ComboFix 09-02-12.03 - Djamila 2009-02-14 23:09:39.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.738 [GMT 1:00]
Lancé depuis: c:\documents and settings\Djamila\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Djamila\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\drivers\mphkno.sys
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 ))))))))))))))))))))))))))))))))))))
.

2009-02-14 20:18 . 2009-02-14 20:18 32,768 --a------ c:\documents and settings\tazebama.dll
2009-02-14 14:13 . 2009-02-14 14:13 197 --a------ c:\windows\system32\MRT.INI
2009-02-14 11:24 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-14 11:24 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-14 11:16 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-14 11:16 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-14 11:16 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-14 11:16 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-14 10:24 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-13 16:38 . 2009-02-13 16:38 1,409 --a------ c:\windows\system32\tmp3D827.FOT
2009-02-13 16:38 . 2009-02-13 16:38 1,409 --a------ c:\windows\system32\tmp3B827.FOT
2009-02-13 16:38 . 2009-02-13 16:38 1,409 --a------ c:\windows\system32\tmp11927.FOT
2009-02-13 13:24 . 2009-02-14 23:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 22:09 . 2009-02-12 22:09 <REP> d-------- C:\_OTMoveIt
2009-02-12 16:42 . 2009-02-12 16:42 <REP> d-------- C:\rsit
2009-02-11 22:28 . 2009-02-11 22:28 <REP> d-------- c:\documents and settings\Djamila\Application Data\Malwarebytes
2009-02-11 22:27 . 2009-02-11 22:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 20:42 . 2009-02-12 15:10 <REP> d-------- c:\program files\FindyKill
2009-02-11 14:10 . 2009-02-11 14:10 <REP> d-------- c:\program files\Trend Micro
2009-02-11 13:58 . 2009-02-14 14:31 <REP> d--h----- c:\windows\$hf_mig$
2009-02-11 13:58 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-11 13:45 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-11 13:45 . 2008-10-16 14:09 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-11 13:45 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-11 13:45 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-11 13:45 . 2008-10-16 14:07 19,992 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Real
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- c:\program files\Fichiers communs\Real
2009-02-10 22:09 . 2009-02-10 22:09 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-02-10 22:09 . 2009-02-10 22:09 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-02-10 22:08 . 2009-02-10 22:08 <REP> d-------- c:\program files\Google
2009-02-10 21:23 . 2009-02-10 21:23 <REP> d---s---- c:\documents and settings\Djamila\UserData
2009-02-10 21:02 . 2009-02-10 21:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2009-02-10 21:00 . 2009-02-10 21:03 <REP> d-------- c:\program files\Fichiers communs\Autodesk Shared
2009-02-10 21:00 . 2009-02-10 21:03 <REP> d-------- c:\program files\Autodesk
2009-02-10 21:00 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-02-10 20:45 . 2009-02-10 20:45 <REP> d-------- c:\windows\system32\QuickTime
2009-02-10 20:45 . 2009-02-10 20:49 <REP> d-------- c:\program files\Macromedia
2009-02-10 20:45 . 2009-02-10 20:49 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-10 20:26 . 2009-02-10 20:26 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-10 20:25 . 2009-02-10 20:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-10 18:00 . 2009-02-10 18:00 <REP> d-------- c:\windows\system32\LogFiles
2009-02-10 17:23 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-10 17:18 . 2009-02-14 20:01 <REP> d-------- c:\documents and settings\Djamila\Tracing
2009-02-10 17:17 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-02-10 17:17 . 2009-02-10 17:17 385 --a------ c:\windows\ODBC.INI
2009-02-10 17:16 . 2009-02-10 17:16 <REP> d-------- c:\windows\SHELLNEW
2009-02-10 17:12 . 2009-02-10 17:12 603 --a------ c:\windows\FNTNSTLR.INI
2009-02-10 17:08 . 2009-02-10 17:08 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-10 17:08 . 2009-02-10 17:08 <REP> d-------- c:\program files\Microsoft
2009-02-10 17:07 . 2009-02-10 17:08 <REP> d-------- c:\program files\Windows Live
2009-02-10 16:05 . 2009-02-10 16:05 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2009-02-10 15:53 . 2009-02-10 15:53 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-10 15:25 . 2009-02-10 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-10 15:21 . 2009-02-10 15:21 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-02-10 15:18 . 2004-08-17 02:40 16,384 --a------ c:\windows\system32\FileOps.exe
2009-02-10 15:17 . 2009-02-10 15:17 <REP> d-------- c:\windows\system32\Adobe
2009-02-10 15:17 . 2009-02-14 16:39 <REP> d-------- c:\program files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 12:48 --------- d-----w c:\program files\microsoft frontpage
2009-02-10 12:46 --------- d-----w c:\program files\Services en ligne
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_21.35.30,50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:18:27 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:20 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:24:11 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:13:24 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:30:27 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:02 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:52 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:46 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 13:44:35 2,138,112 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:44:39 2,059,776 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:44:33 2,017,792 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:44:37 2,182,400 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
- 2004-08-04 04:54:22 100,352 ----a-w c:\windows\system32\6to4svc.dll
+ 2006-08-16 11:59:27 100,352 ----a-w c:\windows\system32\6to4svc.dll
- 2004-08-04 04:54:22 1,017,344 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:38:30 1,024,000 ----a-w c:\windows\system32\browseui.dll
- 2004-08-04 04:54:22 151,552 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:38:27 152,064 ----a-w c:\windows\system32\cdfview.dll
- 2004-08-04 04:54:24 1,056,256 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:38:27 1,056,768 ----a-w c:\windows\system32\danim.dll
- 2004-08-04 04:54:22 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:59:27 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 03:14:16 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2004-08-04 04:54:22 1,017,344 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:38:30 1,024,000 -c--a-w c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 04:54:22 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:38:27 152,064 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2004-08-04 04:54:24 1,056,256 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:38:27 1,056,768 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2004-08-04 04:54:24 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-04 04:54:24 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:38:27 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 04:54:24 201,728 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:38:28 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 04:54:26 243,200 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:31:48 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
- 2004-08-04 04:54:26 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:38:28 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 04:54:28 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:15 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2004-08-04 04:54:52 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 04:54:28 249,344 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:38:28 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 04:54:30 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2004-08-04 04:54:30 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:38:28 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 04:54:30 15,872 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:38:29 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 04:54:54 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 00:31:06 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 04:54:32 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:31:48 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2004-08-04 04:54:34 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:56 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2004-08-04 04:54:34 3,003,392 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:35:12 3,081,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2004-08-04 04:54:34 448,512 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:38:29 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 04:54:36 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:38:28 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 04:54:36 530,432 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:38:28 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 04:54:36 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:06 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll
- 2004-08-04 04:54:36 1,236,480 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-04 04:54:36 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:59:28 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2004-08-04 04:54:38 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:38:28 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 04:54:38 1,293,824 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2002-09-07 00:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2004-08-04 04:54:40 1,483,776 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:38:29 1,495,040 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-04 04:54:40 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:38:29 474,624 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 03:14:46 336,256 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2004-08-04 03:14:42 359,040 -c--a-w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2004-08-04 03:07:46 223,616 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-04 04:54:44 603,136 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:38:30 617,984 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-09-05 22:30:46 267,304 -c----w c:\windows\system32\dllcache\wgaLogon.dll
+ 2008-09-05 22:30:04 952,360 -c----w c:\windows\system32\dllcache\WgaTray.exe
- 2004-08-04 04:45:58 1,836,032 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 04:54:46 660,480 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:38:29 663,552 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 04:54:48 1,050,624 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2004-08-04 04:55:08 2,105,344 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-04 04:54:24 148,480 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w c:\windows\system32\dnsapi.dll
- 2004-08-04 03:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2004-08-04 03:15:18 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2002-09-07 00:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2004-08-04 03:14:46 336,256 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2004-08-04 03:14:42 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2004-08-04 03:07:46 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2004-08-04 04:54:24 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:38:27 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2004-08-04 04:54:24 201,728 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:38:28 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2004-08-04 04:54:26 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:31:48 253,952 ----a-w c:\windows\system32\es.dll
- 2004-08-04 04:54:26 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:38:28 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2009-02-10 20:16:31 177,856 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-14 13:33:33 177,856 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 04:54:28 278,016 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:00:15 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2004-08-04 04:54:28 249,344 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:38:28 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-04 04:54:30 678,400 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2004-08-04 04:54:30 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:38:28 96,768 ----a-w c:\windows\system32\inseng.dll
- 2004-08-04 04:54:30 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:38:29 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2004-08-04 04:54:54 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 00:31:06 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2009-02-11 19:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2004-08-04 04:54:34 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:56 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-08-04 04:54:34 3,003,392 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:35:12 3,081,216 ----a-w c:\windows\system32\mshtml.dll
- 2004-08-04 04:54:34 448,512 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:38:29 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-04 04:54:36 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:38:28 146,432 ----a-w c:\windows\system32\msrating.dll
- 2004-08-04 04:54:36 530,432 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:38:28 532,480 ----a-w c:\windows\system32\mstime.dll
- 2004-08-04 04:54:36 247,808 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:06 247,808 ----a-w c:\windows\system32\mswsock.dll
- 2004-08-04 04:54:36 1,236,480 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:45:11 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2004-08-04 04:54:36 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:59:28 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-04 05:05:42 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:44:33 2,017,792 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 04:48:54 2,150,400 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:44:35 2,138,112 ----a-w c:\windows\system32\ntoskrnl.exe
- 2004-08-04 04:54:38 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:38:28 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2004-08-04 04:54:38 1,293,824 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 ----a-w c:\windows\system32\quartz.dll
- 2004-08-04 04:54:40 1,483,776 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:38:29 1,495,040 ----a-w c:\windows\system32\shdocvw.dll
- 2004-08-04 04:54:40 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:38:29 474,624 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2004-08-04 04:54:44 603,136 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:38:30 617,984 ----a-w c:\windows\system32\urlmon.dll
+ 2008-09-05 22:30:46 267,304 ------w c:\windows\system32\WgaLogon.dll
+ 2008-09-05 22:30:04 952,360 ------w c:\windows\system32\WgaTray.exe
- 2004-08-04 04:45:58 1,836,032 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:39:16 1,846,144 ----a-w c:\windows\system32\win32k.sys
- 2004-08-04 04:54:46 660,480 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:38:29 663,552 ----a-w c:\windows\system32\wininet.dll
- 2004-08-04 04:54:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2004-08-04 04:55:08 2,105,344 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-10-15 19:05:28 370,176 ------w c:\windows\system32\xpsp3res.dll
+ 2009-02-14 22:09:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_e28.dat
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-10 249272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-10 255504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 104304]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Djamila\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 195584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe Systems Shared\\Service\\Adobelmsvc.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\mphkno.sys --> c:\windows\system32\drivers\mphkno.sys [?]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 23:10:48
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\klogon.dll
.
Heure de fin: 2009-02-14 23:11:51
ComboFix-quarantined-files.txt 2009-02-14 22:11:49
ComboFix2.txt 2009-02-13 19:29:22
ComboFix3.txt 2009-02-12 20:36:13

Avant-CF: 28 285 120 512 octets libres
Après-CF: 28,379,742,208 octets libres

403 --- E O F --- 2009-02-14 13:31:47
0
Réponse 32 / 34
Utilisateur anonyme
 
merde il me le supprime pas :(
0
Réponse 33 / 34
linda.zazy Messages postés 318 Statut Membre 16
 
mercci beacoup gen_hackman pour ts ce que tu as fait pour moi!
0
Réponse 34 / 34
Utilisateur anonyme
 
relance Malwarebytes en exam complet en Mode sans echec apres mise a jour stp
0

Discussions similaires

Besoin de l'autorisation trustedinstaller
BRAND7 -
lulu24h -

52 réponses