tackent

J'avais deja effacé ces clés. Il ne reste semble-t-il plus rine. Je crois que maintenant c'est bon. Qu'en penses tu ?

Salut, En fait, le fichier reg.exe n'est pas present sur ma machine. Alors j'ai fait un export de la registry demandée, je ne sais pas si ca peut aider. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "ComSpec"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,6d,00,64,00,2e,00,65,00,78,00,65,00,00,00 "Os2LibPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6f,00,73,00,32,00,5c,00,64,00,6c,00,6c,00,3b,00,00,00 "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,62,00,65,00,6d,\ 00,3b,00,63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\ 46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\ 00,66,00,74,00,20,00,53,00,51,00,4c,00,20,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,5c,00,39,00,30,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,62,00,69,\ 00,6e,00,6e,00,5c,00,00,00 "windir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,00,00 "OS"="Windows_NT" "PROCESSOR_ARCHITECTURE"="x86" "PROCESSOR_LEVEL"="15" "PROCESSOR_IDENTIFIER"="x86 Family 15 Model 2 Stepping 4, GenuineIntel" "PROCESSOR_REVISION"="0204" "NUMBER_OF_PROCESSORS"="1" "PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH" "TEMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00 "TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,54,00,45,00,4d,00,50,00,00,00 "VS80COMNTOOLS"="C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Tools\\" Voila , et toujours pas d'alerte avec l'antivirus. Ca me semble bon !!

Salut, Comme le batch n'a semble-t-il pas fonctionné correctement, j'ai enlevé les clés de registry mentionnées a la main ... fixme: sam. 11.11.2006 17:58:37.30 Granting "F(CI)" access for really "Everyone" - changing existing entry Granting "F(CI)" access for really "Everyone" - really "Everyone" has already all permissions you want to grant Granting "F(CI)" access for really "Everyone" - changing existing entry Granting "F(CI)" access for really "Everyone" - adding new entry Granting "F(CI)" access for really "Everyone" - really "Everyone" has already all permissions you want to grant Granting "F(CI)" access for really "Everyone" - adding new entry ========== Effacement de HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet001\Services\Win32Kernel.toto 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet002\Services\Win32Kernel.toto 'reg' is not recognized as an internal or external command, operable program or batch file. Et voici le rapport escan: File C:\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. Et bien bonne nuit.

Salut, Ok. plus de remote admin. L'antivirus s'est bien calmé. Combofix : Dorella - sam. 11.11.2006 11:26:08.42 Service Pack 4 ComboFix 06.10.19 - Running from: "C:\antivirus\ComboFix" ((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 )))))))))))))))))))))))))))))))))) 2006-11-08 18:13 147,968 --a------ C:\WINNT\system32\msconfig.exe 2006-11-06 23:19 971,536 --a------ C:\WINNT\system32\sfcfiles.dll 2006-11-06 23:19 76,048 --a------ C:\WINNT\system32\cryptsvc.dll 2006-11-06 23:19 69,904 --a------ C:\WINNT\system32\browser.dll 2006-11-06 23:19 61,200 --a------ C:\WINNT\system32\CRYPTNET.DLL 2006-11-06 23:19 57,104 --a------ C:\WINNT\system32\w32tm.exe 2006-11-06 23:19 543,504 --a------ C:\WINNT\system32\CRYPT32.DLL 2006-11-06 23:19 54,544 --a------ C:\WINNT\system32\mpr.dll 2006-11-06 23:19 520,976 --a------ C:\WINNT\system32\LSASRV.DLL 2006-11-06 23:19 50,960 --a------ C:\WINNT\system32\w32time.dll 2006-11-06 23:19 47,888 --a------ C:\WINNT\system32\EVENTLOG.DLL 2006-11-06 23:19 442,640 --a------ C:\WINNT\system32\ipnathlp.dll 2006-11-06 23:19 42,256 --a------ C:\WINNT\system32\BASESRV.DLL 2006-11-06 23:19 403,216 --a------ C:\WINNT\system32\USER32.DLL 2006-11-06 23:19 385,808 --a------ C:\WINNT\system32\USERENV.DLL 2006-11-06 23:19 371,472 --a------ C:\WINNT\system32\NETLOGON.DLL 2006-11-06 23:19 335,120 --a------ C:\WINNT\system32\MSGINA.DLL 2006-11-06 23:19 27,920 --a------ C:\WINNT\system32\umandlg.dll 2006-11-06 23:19 253,200 --a------ C:\WINNT\system32\scesrv.dll 2006-11-06 23:19 236,304 --a------ C:\WINNT\system32\CMD.EXE 2006-11-06 23:19 181,520 --a------ C:\WINNT\system32\WINLOGON.EXE 2006-11-06 23:19 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL 2006-11-06 23:19 143,120 --a------ C:\WINNT\system32\SCHANNEL.DLL 2006-11-06 23:19 115,984 --a------ C:\WINNT\system32\PSBASE.DLL 2006-11-06 23:19 111,376 --a------ C:\WINNT\system32\scecli.dll 2006-11-06 23:19 1,028,880 --a------ C:\WINNT\system32\ntdsa.dll 2006-10-18 18:15 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2006-10-18 18:10 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2006-10-18 18:10 109,568 --------- C:\WINNT\system32\pxinsi64.exe 2006-10-18 18:10 108,544 --------- C:\WINNT\system32\pxcpyi64.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-07 18:23 -------- d-------- C:\Program Files\WinRAR 2006-10-30 22:38 -------- d-------- C:\Program Files\VoipCheapCom 2006-10-18 18:15 -------- d-------- C:\Program Files\Grisoft 2006-10-18 18:15 -------- d-------- C:\Documents and Settings\Dorella\Application Data\DivX 2006-10-18 18:10 -------- d-------- C:\Program Files\DivX 2006-10-08 12:13 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-08 12:13 -------- d-------- C:\Documents and Settings\Dorella\Application Data\PC Tools 2006-10-08 12:12 -------- d-------- C:\Documents and Settings\Dorella\Application Data\Talkback 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx0c.dll 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx07.dll 2006-10-02 21:04 790528 --a------ C:\WINNT\system32\divx_xx11.dll 2006-10-02 21:04 635486 --a------ C:\WINNT\system32\DivX.dll 2006-09-15 18:42 21840 --a------ C:\WINNT\system32\SIntfNT.dll 2006-09-15 18:42 17212 --a------ C:\WINNT\system32\SIntf32.dll 2006-09-15 18:42 12067 --a------ C:\WINNT\system32\SIntf16.dll 2006-09-12 12:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE 2006-09-12 12:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE 2006-08-11 01:04 73728 --a------ C:\WINNT\system32\dpl100.dll 2006-08-11 01:03 196608 --a------ C:\WINNT\system32\dtu100.dll 2006-08-03 19:02 457 --a------ C:\Program Files\INSTALL.LOG (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiS Tray"="C:\\WINNT\\system32\\sistray.EXE" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "Synchronization Manager"="mobsync.exe /logon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: Sat 2006-11-11 11:30:08.80 C:\ComboFix.txt ... 06-11-11 11:30 C:\ComboFix3.txt ... 06-11-06 22:43 C:\ComboFix2.txt ... 06-11-06 23:33 MErci et bonne journée.

Le share est toujours la. J'ai deja essaye plusieurs fois de faire stop sharing sur la console, mais il revient a chaque boot !!

Salut, n'ayant rien qui s'ouvre (seulement un fenetre cmd qui s'ouvre et se referme aussitot), je te poste le fichier lsa.txt qui se trouve sous c:\ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum] "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"=dword:00000000 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "NoUpdateCheck"=dword:00000000 "NoJITSetup"=dword:00000000 "Show_ChannelBand"="No" "Anchor Underline"="yes" "Cache_Update_Frequency"="Once_Per_Session" "Display Inline Images"="yes" "Do404Search"=hex:01,00,00,00 "Local Page"="C:\\WINNT\\system32\\blank.htm" "Save_Session_History_On_Exit"="no" "Show_FullURL"="no" "Show_StatusBar"="yes" "Show_ToolBar"="yes" "Show_URLinStatusBar"="yes" "Show_URLToolBar"="yes" "Start Page"="http://www.google.ch/" "Use_DlgBox_Colors"="yes" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Q261272"="yes" "FullScreen"="no" "Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,e8,03,00,00,b6,02,00,\ 00 "Use FormSuggest"="no" "NotifyDownloadComplete"="yes" "Error Dlg Displayed On Every Error"="no" "Error Dlg Details Pane Open"="no" "AddToFavoritesExpanded"=dword:00000000 "AutoSearch"=dword:00000005 "Disable Script Debugger"="yes" "DisableScriptDebuggerIE"="yes" "ShowedCheckBrowser"="Yes" "Check_Associations"="No" "Expand Alt Text"="no" "Move System Caret"="no" "NscSingleExpand"=dword:00000001 "NoWebJITSetup"=dword:00000000 "Page_Transitions"=dword:00000001 "FavIntelliMenus"="no" "Enable Browser Extensions"="yes" "Force Offscreen Composition"=dword:00000000 "AllowWindowReuse"=dword:00000001 "Friendly http errors"="yes" "ShowGoButton"="yes" "SmoothScroll"=dword:00000001 "Enable AutoImageResize"="yes" "Enable_MyPics_Hoverbar"="yes" "Play_Animations"="yes" "Play_Background_Sounds"="yes" "Display Inline Videos"="yes" "Show image placeholders"=dword:00000000 "Print_Background"="no" "LastCheckedHi"=dword:01c6fe00 La fin de ce fichier est illisible (petit carré sur 3 lignes!). .JE vais maintenant rebooter et voir si le share est toujours la.

Salut, En attendant de suivre tes instructions: (pas eu le temps, je ferai ca demain!) Pas de fichier win32Host.exe trouvé. J'ai chargé tous les patchs windows que j'ai pu trouver. Un peu galère mais finalement j'y suis arrivé. Pour le repertoire partagé, oui, c'est a peu pres ca. Sur ton ordi, si tu ouvres la console "Computer management" (je sais c'est en anglais .. ), tu vois apparaitre une fenetre du meme type que explorer avec des elements comme des repertoires. Sous Systeme Tools, dossiers partagés, partage (fenetre de gauche), (System Tools/Shared Folders/Shares en anglais), il apparait dans la fenetre de gauche, les dossiers partagés, et la effectivement, j'ai le chemin c:\WINNT qui est partagé et en commentaire, il y a marqué "Remote admin" (administrateur distant). J'ai aussi un dossier partagé qui s'appelle $IPC. Est-ce bien necessaire de l'avoir ? Bonne journée. a+. Tackent.

re-, Dans la console Computer Management, dans éa rubriqwue shared folders, Dans Shares, j'ai le repertoire c:\Winnt et en commentaire il y a Remote Admin ... Ca m'ennuie un peu. J'ai beau l'effacer, cela revient a chauqe boot. Une suggestion ?

Voila ée rapport regSearch : REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 08.11.2006 19:55:34 for strings: ; 'win32kernel' ; 'windows ms update 32' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32\0000] "DeviceDesc"="Windows MS Update 32" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32\0000] "DeviceDesc"="Windows MS Update 32" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32\0000] "DeviceDesc"="Windows MS Update 32" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Security] [HKEY_USERS\S-1-5-21-220523388-492894223-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit] "LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Win32Kernel.toto" ; End Of The Log...

Hello, Voici le ntblog.txt , apres 2 reboot successifs : Service Pack 411 8 2006 18:16:19.500 Loaded driver \WINNT\System32\ntoskrnl.exe Loaded driver \WINNT\System32\hal.dll Loaded driver \WINNT\System32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINNT\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINNT\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver Diskperf.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINNT\System32\DRIVERS\CLASSPNP.SYS Loaded driver PxHelp20.sys Loaded driver Fastfat.sys Loaded driver KSecDD.sys Loaded driver NDIS.sys Loaded driver SISAGP.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\drivers\msmpu401.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\InCDPass.sys Loaded driver \SystemRoot\System32\Drivers\incdrm.SYS Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\System32\DRIVERS\openhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnic.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\parallel.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub20.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys Did not load driver \SystemRoot\System32\Drivers\sglfb.SYS Did not load driver \SystemRoot\System32\Drivers\tga.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \??\C:\WINNT\system32\Drivers\InCDFatRec.sys Loaded driver \SystemRoot\System32\Drivers\InCDfs.SYS Loaded driver \SystemRoot\System32\Drivers\InCDrec.SYS Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\ikhlayer.sys Loaded driver \SystemRoot\system32\drivers\ikhfile.sys Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys Loaded driver \SystemRoot\system32\DRIVERS\LVCD.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \??\C:\WINNT\system32\NIOC.SYS Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Service Pack 411 8 2006 18:26:04.500 Loaded driver \WINNT\System32\ntoskrnl.exe Loaded driver \WINNT\System32\hal.dll Loaded driver \WINNT\System32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINNT\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINNT\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver Diskperf.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINNT\System32\DRIVERS\CLASSPNP.SYS Loaded driver PxHelp20.sys Loaded driver Fastfat.sys Loaded driver KSecDD.sys Loaded driver NDIS.sys Loaded driver SISAGP.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\drivers\msmpu401.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\InCDPass.sys Loaded driver \SystemRoot\System32\Drivers\incdrm.SYS Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\System32\DRIVERS\openhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnic.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\parallel.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub20.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys Did not load driver \SystemRoot\System32\Drivers\sglfb.SYS Did not load driver \SystemRoot\System32\Drivers\tga.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \??\C:\WINNT\system32\Drivers\InCDFatRec.sys Loaded driver \SystemRoot\System32\Drivers\InCDfs.SYS Loaded driver \SystemRoot\System32\Drivers\InCDrec.SYS Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\ikhlayer.sys Loaded driver \SystemRoot\system32\drivers\ikhfile.sys Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys Loaded driver \SystemRoot\system32\DRIVERS\LVCD.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \??\C:\WINNT\system32\NIOC.SYS Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys La staruplist de hijackthis: StartupList report, 08.11.2006, 18:33:52 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Dorella\Desktop\Tackent.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\sistray.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dorella\Desktop\Tackent.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SiS Tray = C:\WINNT\system32\sistray.EXE Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe BDMCon = "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg BDAgent = "C:\Program Files\Softwin\BitDefender10\bdagent.exe" !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized Synchronization Manager = mobsync.exe /logon -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINNT\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [bDSCANONLINE Control] InProcServer32 = C:\WINNT\DOWNLO~1\oscan8.ocx CODEBASE = http://www.bitdefender.fr/scan8/oscan8.cab [MUWebControl Class] InProcServer32 = C:\WINNT\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1154378515194 [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [iCSScanner Class] InProcServer32 = C:\WINNT\Downloaded Program Files\ICSScan.dll CODEBASE = http://download.zonelabs.com/bin/promotion...canner37900.cab [ActiveScan Installer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = blank CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab [Lycos File Upload Component] InProcServer32 = blank CODEBASE = http://f010.mail.caramail.lycos.fr/app/upl...ileUploader.cab [shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7'205 bytes Report generated in 0.321 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Pour la registry, il n'y a rien. MAis j'ai qd meme exporté les données ci dessous que j'avais il y a quelques temps deja changer le nom (.toto) lors de ma recherche de virus (avant de vous contecter!). Alors a tout hasard .. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto] "Type"=dword:00000110 "Start"=dword:00000004 "ErrorControl"=dword:00000000 "DisplayName"="Win32 Kernel Update" "ObjectName"="LocalSystem" "FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,9b,0f,\ 00,01,00,00,00,b8,0b,00,00 "Description"="Win32 OS Update" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,2e,00,65,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00,78,00,65,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ 00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,23,02,00,00,78,00,65,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,01,00,00,00,00,00,05,12,00,00,00 Voila voila, et merci a tous. pour info, j'ai passé darkspy105, il n'a rien trouvé de "caché". Par contre bitdefender viens de m'arreter toujours le meme virus (SDBot) mais dont le fichier se trouverait sur une machine distante dont je n'ai pas relevé l'IP !! (fichier erasme_xxx.exe).

hello, rien dans hitjackthis et sdfix: SDFix: Version 1.35 ------------------- Scan run on: mar. 07.11.2006 Time: 17:48 Microsoft Windows 2000 [Version 5.00.2195] Running from: C:\antivirus\SDFix\SDFix Stage One... Checking Services... Name: ----- Path: ---- Repairing Registry... Restoring Default Hosts File... Stage One Complete Rebooting... Stage Two... Checking For Malware: -------------------- Backing Up and Removing any Files Found... Final Check: Services: --------- Files: ------ Any files removed are saved to the SDFix\backups Folder FINISHED voila voila ... pas grand chose a se mettre sous la dent !!

Salut, Grosse galère pour faire ces quelques points. Mon PC rame a fond. Enfin, finalement, j'y suis arrivé ! Pas de sucker.exe, pas fichier status.ini. J'utilise MSN. Voici le rapport combofix. Dorella - Mon 2006-11-06 23:28:51.40 Service Pack 4 ComboFix 06.10.19 - Running from: "C:\antivirus\ComboFix" ((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 )))))))))))))))))))))))))))))))))) 2006-11-06 23:19 971,536 --a------ C:\WINNT\system32\sfcfiles.dll 2006-11-06 23:19 92,432 --a------ C:\WINNT\system32\dnsrslvr.dll 2006-11-06 23:19 76,048 --a------ C:\WINNT\system32\cryptsvc.dll 2006-11-06 23:19 69,904 --a------ C:\WINNT\system32\browser.dll 2006-11-06 23:19 61,200 --a------ C:\WINNT\system32\CRYPTNET.DLL 2006-11-06 23:19 57,104 --a------ C:\WINNT\system32\w32tm.exe 2006-11-06 23:19 543,504 --a------ C:\WINNT\system32\CRYPT32.DLL 2006-11-06 23:19 54,544 --a------ C:\WINNT\system32\mpr.dll 2006-11-06 23:19 520,976 --a------ C:\WINNT\system32\LSASRV.DLL 2006-11-06 23:19 50,960 --a------ C:\WINNT\system32\w32time.dll 2006-11-06 23:19 47,888 --a------ C:\WINNT\system32\EVENTLOG.DLL 2006-11-06 23:19 442,640 --a------ C:\WINNT\system32\ipnathlp.dll 2006-11-06 23:19 42,256 --a------ C:\WINNT\system32\BASESRV.DLL 2006-11-06 23:19 403,216 --a------ C:\WINNT\system32\USER32.DLL 2006-11-06 23:19 385,808 --a------ C:\WINNT\system32\USERENV.DLL 2006-11-06 23:19 371,472 --a------ C:\WINNT\system32\NETLOGON.DLL 2006-11-06 23:19 335,120 --a------ C:\WINNT\system32\MSGINA.DLL 2006-11-06 23:19 27,920 --a------ C:\WINNT\system32\umandlg.dll 2006-11-06 23:19 253,200 --a------ C:\WINNT\system32\scesrv.dll 2006-11-06 23:19 236,304 --a------ C:\WINNT\system32\CMD.EXE 2006-11-06 23:19 181,520 --a------ C:\WINNT\system32\WINLOGON.EXE 2006-11-06 23:19 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL 2006-11-06 23:19 143,120 --a------ C:\WINNT\system32\SCHANNEL.DLL 2006-11-06 23:19 115,984 --a------ C:\WINNT\system32\PSBASE.DLL 2006-11-06 23:19 111,376 --a------ C:\WINNT\system32\scecli.dll 2006-11-06 23:19 1,028,880 --a------ C:\WINNT\system32\ntdsa.dll 2006-10-18 18:15 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2006-10-18 18:10 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2006-10-18 18:10 109,568 --------- C:\WINNT\system32\pxinsi64.exe 2006-10-18 18:10 108,544 --------- C:\WINNT\system32\pxcpyi64.exe 2006-10-08 12:13 51,072 --a------ C:\WINNT\system32\drivers\ikhlayer.sys 2006-10-08 12:13 30,592 --a------ C:\WINNT\system32\drivers\ikhfile.sys 2006-10-07 14:43 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-30 22:38 -------- d-------- C:\Program Files\VoipCheapCom 2006-10-18 18:15 -------- d-------- C:\Program Files\Grisoft 2006-10-18 18:15 -------- d-------- C:\Documents and Settings\Dorella\Application Data\DivX 2006-10-18 18:10 -------- d-------- C:\Program Files\DivX 2006-10-08 12:13 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-08 12:13 -------- d-------- C:\Documents and Settings\Dorella\Application Data\PC Tools 2006-10-08 12:12 -------- d-------- C:\Documents and Settings\Dorella\Application Data\Talkback 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx0c.dll 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx07.dll 2006-10-02 21:04 790528 --a------ C:\WINNT\system32\divx_xx11.dll 2006-10-02 21:04 635486 --a------ C:\WINNT\system32\DivX.dll 2006-09-15 18:42 21840 --a------ C:\WINNT\system32\SIntfNT.dll 2006-09-15 18:42 17212 --a------ C:\WINNT\system32\SIntf32.dll 2006-09-15 18:42 12067 --a------ C:\WINNT\system32\SIntf16.dll 2006-08-11 01:04 73728 --a------ C:\WINNT\system32\dpl100.dll 2006-08-11 01:03 196608 --a------ C:\WINNT\system32\dtu100.dll 2006-08-03 19:02 457 --a------ C:\Program Files\INSTALL.LOG (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiS Tray"="C:\\WINNT\\system32\\sistray.EXE" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "Synchronization Manager"="mobsync.exe /logon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: Mon 2006-11-06 23:33:03.38 C:\ComboFix3.txt ... 06-11-05 20:06 C:\ComboFix2.txt ... 06-11-06 22:43 C:\ComboFix.txt ... 06-11-06 23:33 Bonne soirée.

Salut, Alors voici le rapport RootKitRevealer: C:\Documents and Settings\Dorella\Local Settings\Temp\status.ini 05.11.2006 17:25 466 bytes Visible in Windows API, but not in MFT or directory index. Rapport combofix: Dorella - dim. 05.11.2006 20:02:48.31 Service Pack 4 ComboFix 06.10.19 - Running from: "C:\antivirus\ComboFix" ((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 )))))))))))))))))))))))))))))))))) 2006-10-18 18:15 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2006-10-18 18:10 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2006-10-18 18:10 109,568 --------- C:\WINNT\system32\pxinsi64.exe 2006-10-18 18:10 108,544 --------- C:\WINNT\system32\pxcpyi64.exe 2006-10-08 12:13 51,072 --a------ C:\WINNT\system32\drivers\ikhlayer.sys 2006-10-08 12:13 30,592 --a------ C:\WINNT\system32\drivers\ikhfile.sys 2006-10-07 14:43 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-30 22:38 -------- d-------- C:\Program Files\VoipCheapCom 2006-10-18 18:15 -------- d-------- C:\Program Files\Grisoft 2006-10-18 18:15 -------- d-------- C:\Documents and Settings\Dorella\Application Data\DivX 2006-10-18 18:10 -------- d-------- C:\Program Files\DivX 2006-10-08 12:13 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-08 12:13 -------- d-------- C:\Documents and Settings\Dorella\Application Data\PC Tools 2006-10-08 12:12 -------- d-------- C:\Documents and Settings\Dorella\Application Data\Talkback 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx0c.dll 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx07.dll 2006-10-02 21:04 790528 --a------ C:\WINNT\system32\divx_xx11.dll 2006-10-02 21:04 635486 --a------ C:\WINNT\system32\DivX.dll 2006-09-15 18:42 21840 --a------ C:\WINNT\system32\SIntfNT.dll 2006-09-15 18:42 17212 --a------ C:\WINNT\system32\SIntf32.dll 2006-09-15 18:42 12067 --a------ C:\WINNT\system32\SIntf16.dll 2006-08-11 01:04 73728 --a------ C:\WINNT\system32\dpl100.dll 2006-08-11 01:03 196608 --a------ C:\WINNT\system32\dtu100.dll 2006-08-03 19:02 457 --a------ C:\Program Files\INSTALL.LOG (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiS Tray"="C:\\WINNT\\system32\\sistray.EXE" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "Synchronization Manager"="mobsync.exe /logon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" "Windows MS Update 32"="sucker.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: Sun 2006-11-05 20:06:53.38 C:\ComboFix.txt ... 06-11-05 20:06 Voila voila, j'espere que ca pourras t'aider. Merci encore et bonne soirée.

Hello, Bitdefender continue toujours a me bloquer des exe, tel que ii ou recsl.exe, ou salvage.exe .. ca depend de l'humeur. Il doit y avoir quelque chose qui reactive et copie ces programmes sous c:\winnt\system32... Ca devient enervant !! Pov' today qui se bat contre le mechant virus (ou troyens)

Salut, Entre temps, j'ai fermé le port ftp et interdit l'acces a 2 programmes inconnus qui etaient autorisés par le firewall. Voici le resultat: 135 stealthed RPC Remote Procedure Call (RPC) is used in client/server applications based on MS Windows operating systems 137 stealthed NETBIOS Name Service NetBios is used to share files through your Network Neighborhood 138 stealthed NETBIOS Datagram Service NetBios is used to share files through your Network Neighborhood 139 stealthed NETBIOS Session Service NetBios is used to share files through your Network Neighborhood 21 closed FTP File Transfer Protocol is used to transfer files between computers 23 closed TELNET Telnet is used to remotely create a shell (dos prompt) 80 closed HTTP HTTP web services publish web pages 1080 closed SOCKS PROXY Socks Proxy is an internet proxy service 1243 closed SubSeven SubSeven is one of the most widespread trojans 3128 closed Masters Paradise and RingZero Trojan horses 12345 closed NetBus NetBus is one of the most widespread trojans 12348 closed BioNet BioNet is one of the most widespread trojan 27374 closed SubSeven SubSeven is one of the most widespread trojans 31337 closed Back Orifice Back Orifice is one of the most widespread trojans Le lien https://www.mailsoft.fr/docs/editions-profi...security_10.pdf ne focntionne pas et je ne trouve rien sur le site correspondant. J'ai aussi regardé dans la doc de bitdefender, rien a propos du "Mode furtif" ... .