tackent

J'avais deja effacé ces clés. Il ne reste semble-t-il plus rine. Je crois que maintenant c'est bon. Qu'en penses tu ?

Salut, En fait, le fichier reg.exe n'est pas present sur ma machine. Alors j'ai fait un export de la registry demandée, je ne sais pas si ca peut aider. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "ComSpec"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,6d,00,64,00,2e,00,65,00,78,00,65,00,00,00 "Os2LibPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6f,00,73,00,32,00,5c,00,64,00,6c,00,6c,00,3b,00,00,00 "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,62,00,65,00,6d,\ 00,3b,00,63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,\ 46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\ 00,66,00,74,00,20,00,53,00,51,00,4c,00,20,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,5c,00,39,00,30,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,62,00,69,\ 00,6e,00,6e,00,5c,00,00,00 "windir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,00,00 "OS"="Windows_NT" "PROCESSOR_ARCHITECTURE"="x86" "PROCESSOR_LEVEL"="15" "PROCESSOR_IDENTIFIER"="x86 Family 15 Model 2 Stepping 4, GenuineIntel" "PROCESSOR_REVISION"="0204" "NUMBER_OF_PROCESSORS"="1" "PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH" "TEMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00 "TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,54,00,45,00,4d,00,50,00,00,00 "VS80COMNTOOLS"="C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Tools\\" Voila , et toujours pas d'alerte avec l'antivirus. Ca me semble bon !!

Salut, Comme le batch n'a semble-t-il pas fonctionné correctement, j'ai enlevé les clés de registry mentionnées a la main ... fixme: sam. 11.11.2006 17:58:37.30 Granting "F(CI)" access for really "Everyone" - changing existing entry Granting "F(CI)" access for really "Everyone" - really "Everyone" has already all permissions you want to grant Granting "F(CI)" access for really "Everyone" - changing existing entry Granting "F(CI)" access for really "Everyone" - adding new entry Granting "F(CI)" access for really "Everyone" - really "Everyone" has already all permissions you want to grant Granting "F(CI)" access for really "Everyone" - adding new entry ========== Effacement de HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet001\Services\Win32Kernel.toto 'reg' is not recognized as an internal or external command, operable program or batch file. .... Effacement de HKLM\SYSTEM\ControlSet002\Services\Win32Kernel.toto 'reg' is not recognized as an internal or external command, operable program or batch file. Et voici le rapport escan: File C:\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. Et bien bonne nuit.

Salut, Ok. plus de remote admin. L'antivirus s'est bien calmé. Combofix : Dorella - sam. 11.11.2006 11:26:08.42 Service Pack 4 ComboFix 06.10.19 - Running from: "C:\antivirus\ComboFix" ((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 )))))))))))))))))))))))))))))))))) 2006-11-08 18:13 147,968 --a------ C:\WINNT\system32\msconfig.exe 2006-11-06 23:19 971,536 --a------ C:\WINNT\system32\sfcfiles.dll 2006-11-06 23:19 76,048 --a------ C:\WINNT\system32\cryptsvc.dll 2006-11-06 23:19 69,904 --a------ C:\WINNT\system32\browser.dll 2006-11-06 23:19 61,200 --a------ C:\WINNT\system32\CRYPTNET.DLL 2006-11-06 23:19 57,104 --a------ C:\WINNT\system32\w32tm.exe 2006-11-06 23:19 543,504 --a------ C:\WINNT\system32\CRYPT32.DLL 2006-11-06 23:19 54,544 --a------ C:\WINNT\system32\mpr.dll 2006-11-06 23:19 520,976 --a------ C:\WINNT\system32\LSASRV.DLL 2006-11-06 23:19 50,960 --a------ C:\WINNT\system32\w32time.dll 2006-11-06 23:19 47,888 --a------ C:\WINNT\system32\EVENTLOG.DLL 2006-11-06 23:19 442,640 --a------ C:\WINNT\system32\ipnathlp.dll 2006-11-06 23:19 42,256 --a------ C:\WINNT\system32\BASESRV.DLL 2006-11-06 23:19 403,216 --a------ C:\WINNT\system32\USER32.DLL 2006-11-06 23:19 385,808 --a------ C:\WINNT\system32\USERENV.DLL 2006-11-06 23:19 371,472 --a------ C:\WINNT\system32\NETLOGON.DLL 2006-11-06 23:19 335,120 --a------ C:\WINNT\system32\MSGINA.DLL 2006-11-06 23:19 27,920 --a------ C:\WINNT\system32\umandlg.dll 2006-11-06 23:19 253,200 --a------ C:\WINNT\system32\scesrv.dll 2006-11-06 23:19 236,304 --a------ C:\WINNT\system32\CMD.EXE 2006-11-06 23:19 181,520 --a------ C:\WINNT\system32\WINLOGON.EXE 2006-11-06 23:19 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL 2006-11-06 23:19 143,120 --a------ C:\WINNT\system32\SCHANNEL.DLL 2006-11-06 23:19 115,984 --a------ C:\WINNT\system32\PSBASE.DLL 2006-11-06 23:19 111,376 --a------ C:\WINNT\system32\scecli.dll 2006-11-06 23:19 1,028,880 --a------ C:\WINNT\system32\ntdsa.dll 2006-10-18 18:15 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2006-10-18 18:10 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2006-10-18 18:10 109,568 --------- C:\WINNT\system32\pxinsi64.exe 2006-10-18 18:10 108,544 --------- C:\WINNT\system32\pxcpyi64.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-07 18:23 -------- d-------- C:\Program Files\WinRAR 2006-10-30 22:38 -------- d-------- C:\Program Files\VoipCheapCom 2006-10-18 18:15 -------- d-------- C:\Program Files\Grisoft 2006-10-18 18:15 -------- d-------- C:\Documents and Settings\Dorella\Application Data\DivX 2006-10-18 18:10 -------- d-------- C:\Program Files\DivX 2006-10-08 12:13 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-08 12:13 -------- d-------- C:\Documents and Settings\Dorella\Application Data\PC Tools 2006-10-08 12:12 -------- d-------- C:\Documents and Settings\Dorella\Application Data\Talkback 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx0c.dll 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx07.dll 2006-10-02 21:04 790528 --a------ C:\WINNT\system32\divx_xx11.dll 2006-10-02 21:04 635486 --a------ C:\WINNT\system32\DivX.dll 2006-09-15 18:42 21840 --a------ C:\WINNT\system32\SIntfNT.dll 2006-09-15 18:42 17212 --a------ C:\WINNT\system32\SIntf32.dll 2006-09-15 18:42 12067 --a------ C:\WINNT\system32\SIntf16.dll 2006-09-12 12:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE 2006-09-12 12:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE 2006-08-11 01:04 73728 --a------ C:\WINNT\system32\dpl100.dll 2006-08-11 01:03 196608 --a------ C:\WINNT\system32\dtu100.dll 2006-08-03 19:02 457 --a------ C:\Program Files\INSTALL.LOG (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiS Tray"="C:\\WINNT\\system32\\sistray.EXE" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "Synchronization Manager"="mobsync.exe /logon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: Sat 2006-11-11 11:30:08.80 C:\ComboFix.txt ... 06-11-11 11:30 C:\ComboFix3.txt ... 06-11-06 22:43 C:\ComboFix2.txt ... 06-11-06 23:33 MErci et bonne journée.

Le share est toujours la. J'ai deja essaye plusieurs fois de faire stop sharing sur la console, mais il revient a chaque boot !!

Salut, n'ayant rien qui s'ouvre (seulement un fenetre cmd qui s'ouvre et se referme aussitot), je te poste le fichier lsa.txt qui se trouve sous c:\ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum] "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"=dword:00000000 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "NoUpdateCheck"=dword:00000000 "NoJITSetup"=dword:00000000 "Show_ChannelBand"="No" "Anchor Underline"="yes" "Cache_Update_Frequency"="Once_Per_Session" "Display Inline Images"="yes" "Do404Search"=hex:01,00,00,00 "Local Page"="C:\\WINNT\\system32\\blank.htm" "Save_Session_History_On_Exit"="no" "Show_FullURL"="no" "Show_StatusBar"="yes" "Show_ToolBar"="yes" "Show_URLinStatusBar"="yes" "Show_URLToolBar"="yes" "Start Page"="http://www.google.ch/" "Use_DlgBox_Colors"="yes" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Q261272"="yes" "FullScreen"="no" "Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,e8,03,00,00,b6,02,00,\ 00 "Use FormSuggest"="no" "NotifyDownloadComplete"="yes" "Error Dlg Displayed On Every Error"="no" "Error Dlg Details Pane Open"="no" "AddToFavoritesExpanded"=dword:00000000 "AutoSearch"=dword:00000005 "Disable Script Debugger"="yes" "DisableScriptDebuggerIE"="yes" "ShowedCheckBrowser"="Yes" "Check_Associations"="No" "Expand Alt Text"="no" "Move System Caret"="no" "NscSingleExpand"=dword:00000001 "NoWebJITSetup"=dword:00000000 "Page_Transitions"=dword:00000001 "FavIntelliMenus"="no" "Enable Browser Extensions"="yes" "Force Offscreen Composition"=dword:00000000 "AllowWindowReuse"=dword:00000001 "Friendly http errors"="yes" "ShowGoButton"="yes" "SmoothScroll"=dword:00000001 "Enable AutoImageResize"="yes" "Enable_MyPics_Hoverbar"="yes" "Play_Animations"="yes" "Play_Background_Sounds"="yes" "Display Inline Videos"="yes" "Show image placeholders"=dword:00000000 "Print_Background"="no" "LastCheckedHi"=dword:01c6fe00 La fin de ce fichier est illisible (petit carré sur 3 lignes!). .JE vais maintenant rebooter et voir si le share est toujours la.

Salut, En attendant de suivre tes instructions: (pas eu le temps, je ferai ca demain!) Pas de fichier win32Host.exe trouvé. J'ai chargé tous les patchs windows que j'ai pu trouver. Un peu galère mais finalement j'y suis arrivé. Pour le repertoire partagé, oui, c'est a peu pres ca. Sur ton ordi, si tu ouvres la console "Computer management" (je sais c'est en anglais .. ), tu vois apparaitre une fenetre du meme type que explorer avec des elements comme des repertoires. Sous Systeme Tools, dossiers partagés, partage (fenetre de gauche), (System Tools/Shared Folders/Shares en anglais), il apparait dans la fenetre de gauche, les dossiers partagés, et la effectivement, j'ai le chemin c:\WINNT qui est partagé et en commentaire, il y a marqué "Remote admin" (administrateur distant). J'ai aussi un dossier partagé qui s'appelle $IPC. Est-ce bien necessaire de l'avoir ? Bonne journée. a+. Tackent.

re-, Dans la console Computer Management, dans éa rubriqwue shared folders, Dans Shares, j'ai le repertoire c:\Winnt et en commentaire il y a Remote Admin ... Ca m'ennuie un peu. J'ai beau l'effacer, cela revient a chauqe boot. Une suggestion ?

Voila ée rapport regSearch : REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 08.11.2006 19:55:34 for strings: ; 'win32kernel' ; 'windows ms update 32' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32\0000] "DeviceDesc"="Windows MS Update 32" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Kernel.toto\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32\0000] "DeviceDesc"="Windows MS Update 32" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32Kernel.toto\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32\0000] "DeviceDesc"="Windows MS Update 32" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Security] [HKEY_USERS\S-1-5-21-220523388-492894223-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit] "LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Win32Kernel.toto" ; End Of The Log...

Hello, Voici le ntblog.txt , apres 2 reboot successifs : Service Pack 411 8 2006 18:16:19.500 Loaded driver \WINNT\System32\ntoskrnl.exe Loaded driver \WINNT\System32\hal.dll Loaded driver \WINNT\System32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINNT\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINNT\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver Diskperf.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINNT\System32\DRIVERS\CLASSPNP.SYS Loaded driver PxHelp20.sys Loaded driver Fastfat.sys Loaded driver KSecDD.sys Loaded driver NDIS.sys Loaded driver SISAGP.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\drivers\msmpu401.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\InCDPass.sys Loaded driver \SystemRoot\System32\Drivers\incdrm.SYS Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\System32\DRIVERS\openhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnic.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\parallel.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub20.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys Did not load driver \SystemRoot\System32\Drivers\sglfb.SYS Did not load driver \SystemRoot\System32\Drivers\tga.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \??\C:\WINNT\system32\Drivers\InCDFatRec.sys Loaded driver \SystemRoot\System32\Drivers\InCDfs.SYS Loaded driver \SystemRoot\System32\Drivers\InCDrec.SYS Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\ikhlayer.sys Loaded driver \SystemRoot\system32\drivers\ikhfile.sys Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys Loaded driver \SystemRoot\system32\DRIVERS\LVCD.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \??\C:\WINNT\system32\NIOC.SYS Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Service Pack 411 8 2006 18:26:04.500 Loaded driver \WINNT\System32\ntoskrnl.exe Loaded driver \WINNT\System32\hal.dll Loaded driver \WINNT\System32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINNT\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINNT\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver Diskperf.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINNT\System32\DRIVERS\CLASSPNP.SYS Loaded driver PxHelp20.sys Loaded driver Fastfat.sys Loaded driver KSecDD.sys Loaded driver NDIS.sys Loaded driver SISAGP.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\drivers\msmpu401.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\InCDPass.sys Loaded driver \SystemRoot\System32\Drivers\incdrm.SYS Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\System32\DRIVERS\openhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnic.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\parallel.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub20.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys Did not load driver \SystemRoot\System32\Drivers\sglfb.SYS Did not load driver \SystemRoot\System32\Drivers\tga.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \??\C:\WINNT\system32\Drivers\InCDFatRec.sys Loaded driver \SystemRoot\System32\Drivers\InCDfs.SYS Loaded driver \SystemRoot\System32\Drivers\InCDrec.SYS Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\ikhlayer.sys Loaded driver \SystemRoot\system32\drivers\ikhfile.sys Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys Loaded driver \SystemRoot\system32\DRIVERS\LVCD.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \??\C:\WINNT\system32\NIOC.SYS Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys Loaded driver \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys La staruplist de hijackthis: StartupList report, 08.11.2006, 18:33:52 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Dorella\Desktop\Tackent.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\sistray.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dorella\Desktop\Tackent.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SiS Tray = C:\WINNT\system32\sistray.EXE Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe BDMCon = "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg BDAgent = "C:\Program Files\Softwin\BitDefender10\bdagent.exe" !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized Synchronization Manager = mobsync.exe /logon -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINNT\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [bDSCANONLINE Control] InProcServer32 = C:\WINNT\DOWNLO~1\oscan8.ocx CODEBASE = http://www.bitdefender.fr/scan8/oscan8.cab [MUWebControl Class] InProcServer32 = C:\WINNT\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1154378515194 [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [iCSScanner Class] InProcServer32 = C:\WINNT\Downloaded Program Files\ICSScan.dll CODEBASE = http://download.zonelabs.com/bin/promotion...canner37900.cab [ActiveScan Installer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = blank CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab [Lycos File Upload Component] InProcServer32 = blank CODEBASE = http://f010.mail.caramail.lycos.fr/app/upl...ileUploader.cab [shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7'205 bytes Report generated in 0.321 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Pour la registry, il n'y a rien. MAis j'ai qd meme exporté les données ci dessous que j'avais il y a quelques temps deja changer le nom (.toto) lors de ma recherche de virus (avant de vous contecter!). Alors a tout hasard .. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto] "Type"=dword:00000110 "Start"=dword:00000004 "ErrorControl"=dword:00000000 "DisplayName"="Win32 Kernel Update" "ObjectName"="LocalSystem" "FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,9b,0f,\ 00,01,00,00,00,b8,0b,00,00 "Description"="Win32 OS Update" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Enum] "0"="Root\\LEGACY_WIN32KERNEL\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Kernel.toto\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,2e,00,65,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00,78,00,65,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ 00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,23,02,00,00,78,00,65,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,01,00,00,00,00,00,05,12,00,00,00 Voila voila, et merci a tous. pour info, j'ai passé darkspy105, il n'a rien trouvé de "caché". Par contre bitdefender viens de m'arreter toujours le meme virus (SDBot) mais dont le fichier se trouverait sur une machine distante dont je n'ai pas relevé l'IP !! (fichier erasme_xxx.exe).

hello, rien dans hitjackthis et sdfix: SDFix: Version 1.35 ------------------- Scan run on: mar. 07.11.2006 Time: 17:48 Microsoft Windows 2000 [Version 5.00.2195] Running from: C:\antivirus\SDFix\SDFix Stage One... Checking Services... Name: ----- Path: ---- Repairing Registry... Restoring Default Hosts File... Stage One Complete Rebooting... Stage Two... Checking For Malware: -------------------- Backing Up and Removing any Files Found... Final Check: Services: --------- Files: ------ Any files removed are saved to the SDFix\backups Folder FINISHED voila voila ... pas grand chose a se mettre sous la dent !!

Salut, Grosse galère pour faire ces quelques points. Mon PC rame a fond. Enfin, finalement, j'y suis arrivé ! Pas de sucker.exe, pas fichier status.ini. J'utilise MSN. Voici le rapport combofix. Dorella - Mon 2006-11-06 23:28:51.40 Service Pack 4 ComboFix 06.10.19 - Running from: "C:\antivirus\ComboFix" ((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 )))))))))))))))))))))))))))))))))) 2006-11-06 23:19 971,536 --a------ C:\WINNT\system32\sfcfiles.dll 2006-11-06 23:19 92,432 --a------ C:\WINNT\system32\dnsrslvr.dll 2006-11-06 23:19 76,048 --a------ C:\WINNT\system32\cryptsvc.dll 2006-11-06 23:19 69,904 --a------ C:\WINNT\system32\browser.dll 2006-11-06 23:19 61,200 --a------ C:\WINNT\system32\CRYPTNET.DLL 2006-11-06 23:19 57,104 --a------ C:\WINNT\system32\w32tm.exe 2006-11-06 23:19 543,504 --a------ C:\WINNT\system32\CRYPT32.DLL 2006-11-06 23:19 54,544 --a------ C:\WINNT\system32\mpr.dll 2006-11-06 23:19 520,976 --a------ C:\WINNT\system32\LSASRV.DLL 2006-11-06 23:19 50,960 --a------ C:\WINNT\system32\w32time.dll 2006-11-06 23:19 47,888 --a------ C:\WINNT\system32\EVENTLOG.DLL 2006-11-06 23:19 442,640 --a------ C:\WINNT\system32\ipnathlp.dll 2006-11-06 23:19 42,256 --a------ C:\WINNT\system32\BASESRV.DLL 2006-11-06 23:19 403,216 --a------ C:\WINNT\system32\USER32.DLL 2006-11-06 23:19 385,808 --a------ C:\WINNT\system32\USERENV.DLL 2006-11-06 23:19 371,472 --a------ C:\WINNT\system32\NETLOGON.DLL 2006-11-06 23:19 335,120 --a------ C:\WINNT\system32\MSGINA.DLL 2006-11-06 23:19 27,920 --a------ C:\WINNT\system32\umandlg.dll 2006-11-06 23:19 253,200 --a------ C:\WINNT\system32\scesrv.dll 2006-11-06 23:19 236,304 --a------ C:\WINNT\system32\CMD.EXE 2006-11-06 23:19 181,520 --a------ C:\WINNT\system32\WINLOGON.EXE 2006-11-06 23:19 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL 2006-11-06 23:19 143,120 --a------ C:\WINNT\system32\SCHANNEL.DLL 2006-11-06 23:19 115,984 --a------ C:\WINNT\system32\PSBASE.DLL 2006-11-06 23:19 111,376 --a------ C:\WINNT\system32\scecli.dll 2006-11-06 23:19 1,028,880 --a------ C:\WINNT\system32\ntdsa.dll 2006-10-18 18:15 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2006-10-18 18:10 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2006-10-18 18:10 109,568 --------- C:\WINNT\system32\pxinsi64.exe 2006-10-18 18:10 108,544 --------- C:\WINNT\system32\pxcpyi64.exe 2006-10-08 12:13 51,072 --a------ C:\WINNT\system32\drivers\ikhlayer.sys 2006-10-08 12:13 30,592 --a------ C:\WINNT\system32\drivers\ikhfile.sys 2006-10-07 14:43 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-30 22:38 -------- d-------- C:\Program Files\VoipCheapCom 2006-10-18 18:15 -------- d-------- C:\Program Files\Grisoft 2006-10-18 18:15 -------- d-------- C:\Documents and Settings\Dorella\Application Data\DivX 2006-10-18 18:10 -------- d-------- C:\Program Files\DivX 2006-10-08 12:13 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-08 12:13 -------- d-------- C:\Documents and Settings\Dorella\Application Data\PC Tools 2006-10-08 12:12 -------- d-------- C:\Documents and Settings\Dorella\Application Data\Talkback 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx0c.dll 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx07.dll 2006-10-02 21:04 790528 --a------ C:\WINNT\system32\divx_xx11.dll 2006-10-02 21:04 635486 --a------ C:\WINNT\system32\DivX.dll 2006-09-15 18:42 21840 --a------ C:\WINNT\system32\SIntfNT.dll 2006-09-15 18:42 17212 --a------ C:\WINNT\system32\SIntf32.dll 2006-09-15 18:42 12067 --a------ C:\WINNT\system32\SIntf16.dll 2006-08-11 01:04 73728 --a------ C:\WINNT\system32\dpl100.dll 2006-08-11 01:03 196608 --a------ C:\WINNT\system32\dtu100.dll 2006-08-03 19:02 457 --a------ C:\Program Files\INSTALL.LOG (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiS Tray"="C:\\WINNT\\system32\\sistray.EXE" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "Synchronization Manager"="mobsync.exe /logon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: Mon 2006-11-06 23:33:03.38 C:\ComboFix3.txt ... 06-11-05 20:06 C:\ComboFix2.txt ... 06-11-06 22:43 C:\ComboFix.txt ... 06-11-06 23:33 Bonne soirée.

Salut, Alors voici le rapport RootKitRevealer: C:\Documents and Settings\Dorella\Local Settings\Temp\status.ini 05.11.2006 17:25 466 bytes Visible in Windows API, but not in MFT or directory index. Rapport combofix: Dorella - dim. 05.11.2006 20:02:48.31 Service Pack 4 ComboFix 06.10.19 - Running from: "C:\antivirus\ComboFix" ((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 )))))))))))))))))))))))))))))))))) 2006-10-18 18:15 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2006-10-18 18:10 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2006-10-18 18:10 109,568 --------- C:\WINNT\system32\pxinsi64.exe 2006-10-18 18:10 108,544 --------- C:\WINNT\system32\pxcpyi64.exe 2006-10-08 12:13 51,072 --a------ C:\WINNT\system32\drivers\ikhlayer.sys 2006-10-08 12:13 30,592 --a------ C:\WINNT\system32\drivers\ikhfile.sys 2006-10-07 14:43 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-30 22:38 -------- d-------- C:\Program Files\VoipCheapCom 2006-10-18 18:15 -------- d-------- C:\Program Files\Grisoft 2006-10-18 18:15 -------- d-------- C:\Documents and Settings\Dorella\Application Data\DivX 2006-10-18 18:10 -------- d-------- C:\Program Files\DivX 2006-10-08 12:13 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-08 12:13 -------- d-------- C:\Documents and Settings\Dorella\Application Data\PC Tools 2006-10-08 12:12 -------- d-------- C:\Documents and Settings\Dorella\Application Data\Talkback 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx0c.dll 2006-10-02 21:04 806912 --a------ C:\WINNT\system32\divx_xx07.dll 2006-10-02 21:04 790528 --a------ C:\WINNT\system32\divx_xx11.dll 2006-10-02 21:04 635486 --a------ C:\WINNT\system32\DivX.dll 2006-09-15 18:42 21840 --a------ C:\WINNT\system32\SIntfNT.dll 2006-09-15 18:42 17212 --a------ C:\WINNT\system32\SIntf32.dll 2006-09-15 18:42 12067 --a------ C:\WINNT\system32\SIntf16.dll 2006-08-11 01:04 73728 --a------ C:\WINNT\system32\dpl100.dll 2006-08-11 01:03 196608 --a------ C:\WINNT\system32\dtu100.dll 2006-08-03 19:02 457 --a------ C:\Program Files\INSTALL.LOG (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SiS Tray"="C:\\WINNT\\system32\\sistray.EXE" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "Synchronization Manager"="mobsync.exe /logon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" "Windows MS Update 32"="sucker.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: Sun 2006-11-05 20:06:53.38 C:\ComboFix.txt ... 06-11-05 20:06 Voila voila, j'espere que ca pourras t'aider. Merci encore et bonne soirée.

Hello, Bitdefender continue toujours a me bloquer des exe, tel que ii ou recsl.exe, ou salvage.exe .. ca depend de l'humeur. Il doit y avoir quelque chose qui reactive et copie ces programmes sous c:\winnt\system32... Ca devient enervant !! Pov' today qui se bat contre le mechant virus (ou troyens)

Salut, Entre temps, j'ai fermé le port ftp et interdit l'acces a 2 programmes inconnus qui etaient autorisés par le firewall. Voici le resultat: 135 stealthed RPC Remote Procedure Call (RPC) is used in client/server applications based on MS Windows operating systems 137 stealthed NETBIOS Name Service NetBios is used to share files through your Network Neighborhood 138 stealthed NETBIOS Datagram Service NetBios is used to share files through your Network Neighborhood 139 stealthed NETBIOS Session Service NetBios is used to share files through your Network Neighborhood 21 closed FTP File Transfer Protocol is used to transfer files between computers 23 closed TELNET Telnet is used to remotely create a shell (dos prompt) 80 closed HTTP HTTP web services publish web pages 1080 closed SOCKS PROXY Socks Proxy is an internet proxy service 1243 closed SubSeven SubSeven is one of the most widespread trojans 3128 closed Masters Paradise and RingZero Trojan horses 12345 closed NetBus NetBus is one of the most widespread trojans 12348 closed BioNet BioNet is one of the most widespread trojan 27374 closed SubSeven SubSeven is one of the most widespread trojans 31337 closed Back Orifice Back Orifice is one of the most widespread trojans Le lien https://www.mailsoft.fr/docs/editions-profi...security_10.pdf ne focntionne pas et je ne trouve rien sur le site correspondant. J'ai aussi regardé dans la doc de bitdefender, rien a propos du "Mode furtif" ... .

Salut, Je ne trouve pas le bouton sur ce site. N'a-t-il par hasared pas changé ?? J'ai re essayer le test de secu .. meme chose qu'avant, il patauge ds la semoiule !! Voici le rapport silent : "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SiS Tray" = "C:\WINNT\system32\sistray.EXE" ["Silicon Integrated Systems Corporation"] "Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."] "BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "Synchronization Manager" = "mobsync.exe /logon" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {HKLM...CLSID} = "Shell Extension for CDRW" \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Disable registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "F:\2004_06_25\IMG_0785.JPG" Startup items in "Dorella" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "hp psc 2000 Series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" ["Hewlett-Packard Co."] "officejet 6100" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "blank" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "blank" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ "ButtonText" = "Spyware Doctor" "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "blank" [file not found] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."] InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"] PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] WZCBDL Service, WZCBDLService, ""C:\Program Files\WZCBDL Service\WZCBDLS.exe"" ["D-Link"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt05\Driver = "hpzlnt05.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 77 seconds, including 18 seconds for message boxes) Oh rage, oh desespoir ....

Salut, Le test patauge dans la semoule .. il ne s'arrete jamais !!

ARRRRGGGGG, au moment de faire envoyer le message, bitdefender a bloqué le virus generic.botget.xxxxxx avec le fichier c:\winnt\system32\\ii. Je crois rêver !!!! (((((((

Re, Rapport sdfix : SDFix: Version 1.34 ------------------- Scan run on: dim. 29.10.2006 Time: 22:35 Microsoft Windows 2000 [Version 5.00.2195] Running from: C:\antivirus\SDFix Stage One... Checking Services... Name: ----- Path: ---- Repairing Registry... Restoring Default Hosts File... Stage One Complete Rebooting... Stage Two... Checking For Malware: -------------------- Backing Up and Removing any Files Found... Final Check: Services: --------- Files: ------ Any files removed are saved to the SDFix\backups Folder FINISHED Rapport startuplist.txt: StartupList report, 29.10.2006, 22:43:24 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Dorella\Desktop\Tackent.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINNT\Explorer.EXE C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINNT\system32\notepad.exe C:\WINNT\system32\sistray.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Documents and Settings\Dorella\Desktop\Tackent.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SiS Tray = C:\WINNT\system32\sistray.EXE Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe BDMCon = "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg BDAgent = "C:\Program Files\Softwin\BitDefender10\bdagent.exe" !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized Synchronization Manager = mobsync.exe /logon -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINNT\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [bDSCANONLINE Control] InProcServer32 = C:\WINNT\DOWNLO~1\oscan8.ocx CODEBASE = http://www.bitdefender.fr/scan8/oscan8.cab [MUWebControl Class] InProcServer32 = C:\WINNT\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1154378515194 [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [iCSScanner Class] InProcServer32 = C:\WINNT\Downloaded Program Files\ICSScan.dll CODEBASE = http://download.zonelabs.com/bin/promotion...canner37900.cab [ActiveScan Installer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = blank CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab [Lycos File Upload Component] InProcServer32 = blank CODEBASE = http://f010.mail.caramail.lycos.fr/app/upl...ileUploader.cab [shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7'365 bytes Report generated in 0.471 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 22:45:56, on 29.10.2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINNT\Explorer.EXE C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINNT\system32\notepad.exe C:\WINNT\system32\sistray.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINNT\system32\notepad.exe C:\WINNT\system32\taskmgr.exe C:\Documents and Settings\Dorella\Desktop\Tackent.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing) O4 - HKLM\..\Run: [siS Tray] C:\WINNT\system32\sistray.EXE O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154378515194 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37900.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/app/upl...ileUploader.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Voila voila ,, c'est mieux ??

J'ai oublié le rapport avg: Rien trouvé !! Et la le fichier c:\winnt\system32\\ii qui me fait ....

Salut, -juste avant de transmettre le rapport, j'ai encore eu une alerte avec Generic.botget.xxxx avec le fichier c:\winnt\system32\\ii (ca c'est tout nouveau !!) Voici le premier rapport : -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINNT\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [bDSCANONLINE Control] InProcServer32 = C:\WINNT\DOWNLO~1\oscan8.ocx CODEBASE = http://www.bitdefender.fr/scan8/oscan8.cab [MUWebControl Class] InProcServer32 = C:\WINNT\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdat...b?1154378515194 [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [iCSScanner Class] InProcServer32 = C:\WINNT\Downloaded Program Files\ICSScan.dll CODEBASE = http://download.zonelabs.com/bin/promotion...canner37900.cab [ActiveScan Installer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = blank CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab [Lycos File Upload Component] InProcServer32 = blank CODEBASE = http://f010.mail.caramail.lycos.fr/app/upl...ileUploader.cab [shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7'272 bytes Report generated in 0.291 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Et le deuxieme : FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 568 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe 8 System -> 139 TCP 8 System -> 445 TCP 416 svchost -> 135 TCP C:\WINNT\system32\svchost.exe 1044 vsserv -> 10025 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 1044 vsserv -> 10080 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 1044 vsserv -> 10110 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 1044 vsserv -> 1028 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 8 System -> 137 UDP 8 System -> 138 UDP 8 System -> 445 UDP 236 lsass -> 4500 UDP C:\WINNT\system32\lsass.exe 236 lsass -> 500 UDP C:\WINNT\system32\lsass.exe 224 services -> 68 UDP C:\WINNT\system32\services.exe PsList 1.26 - Process Information Lister Copyright © 1999-2004 Mark Russinovich Sysinternals - www.sysinternals.com Process information for PC1: Name Pid Pri Thd Hnd VM WS Priv Idle 0 0 1 0 0 16 0 System 8 8 37 128 1672 220 32 smss 148 11 6 36 5252 584 1076 winlogon 172 13 17 365 37868 4892 5808 services 224 9 32 476 33340 5532 2740 svchost 416 8 8 218 25532 4368 1612 hpgs2wnf 1128 8 4 88 28444 3660 1056 spoolsv 440 8 12 146 28372 4664 2704 guard 468 8 8 84 44484 10392 17772 svchost 484 8 15 230 36392 6296 1952 InCDsrv 504 8 10 143 23420 3656 1304 MSTask 568 8 7 122 26248 3500 1188 sdhelp 616 8 6 88 29136 4336 1500 stisvc 660 8 5 79 23596 3548 1044 WinMgmt 716 8 5 122 24760 352 1084 WZCBDLS 740 8 3 57 26100 3060 1136 xcommsvr 752 8 2 142 18596 256 548 bdss 764 8 7 250 113912 12768 29848 livesrv 868 8 3 158 28456 784 1304 vsserv 1044 8 15 353 71380 1700 16196 lsass 236 9 16 255 29436 1192 2664 csrss 176 13 10 386 24760 2980 1612 notepad 580 8 3 53 26112 260 1572 Explorer 980 8 16 319 58216 1644 6948 sistray 1092 8 1 42 24752 2776 824 hpgs2wnd 1096 8 3 89 27416 3656 1048 bdmcon 1132 8 14 314 75704 2312 10700 bdagent 1156 8 2 160 31700 140 1756 avgas 1268 8 18 165 84764 8236 27060 hpobnz08 1296 8 5 108 35944 6340 2860 hposol08 1360 8 5 106 35772 6084 2796 cmd 1596 8 1 40 18956 2288 804 pslist 808 13 2 105 23140 2444 1176 ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ Explorer.EXE pid: 980 Command line: C:\WINNT\Explorer.EXE Base Size Version Path 0x00400000 0x3e000 5.00.3700.6690 C:\WINNT\Explorer.EXE 0x77f80000 0x7b000 5.00.2195.6685 C:\WINNT\system32\ntdll.dll 0x7c2d0000 0x62000 5.00.2195.6710 C:\WINNT\system32\ADVAPI32.DLL 0x7c4e0000 0xb9000 5.00.2195.6688 C:\WINNT\system32\KERNEL32.DLL 0x77d30000 0x6f000 5.00.2195.7085 C:\WINNT\system32\RPCRT4.DLL 0x77f40000 0x3c000 5.00.2195.7073 C:\WINNT\system32\GDI32.DLL 0x77e10000 0x65000 5.00.2195.6688 C:\WINNT\system32\USER32.dll 0x70a70000 0x66000 6.00.2800.1740 C:\WINNT\system32\SHLWAPI.DLL 0x78000000 0x45000 6.01.9844.0000 C:\WINNT\system32\msvcrt.dll 0x71710000 0x84000 5.81.4916.0400 C:\WINNT\system32\COMCTL32.DLL 0x732e0000 0x25000 5.00.2195.6717 C:\WINNT\system32\shim.dll 0x23000000 0x56000 5.00.2195.6717 C:\WINNT\AppPatch\AcLayers.DLL 0x5a000000 0x1f000 3.06.0000.2079 C:\Program Files\Spyware Doctor\tools\swpg.dat 0x779b0000 0x9b000 2.40.4522.0000 C:\WINNT\system32\oleaut32.dll 0x7ce20000 0xef000 5.00.2195.7059 C:\WINNT\system32\ole32.dll 0x690a0000 0xb000 5.00.2134.0001 C:\WINNT\system32\PSAPI.DLL 0x7cf30000 0x246000 5.00.3900.7080 C:\WINNT\system32\SHELL32.dll 0x7c950000 0x8f000 2000.02.3529.0000 C:\WINNT\system32\CLBCATQ.DLL 0x77840000 0x3e000 5.00.2195.6705 C:\WINNT\system32\cscui.dll 0x770c0000 0x23000 5.00.2195.6713 C:\WINNT\system32\CSCDLL.DLL 0x00eb0000 0x14a000 6.00.2800.1849 C:\WINNT\system32\SHDOCVW.DLL 0x71500000 0xfc000 6.00.2800.1692 C:\WINNT\system32\browseui.dll 0x76710000 0x9000 5.00.2195.7069 C:\WINNT\system32\LINKINFO.DLL 0x76fa0000 0xf000 5.00.2134.0001 C:\WINNT\system32\ntshrui.dll 0x773e0000 0x15000 3.00.9435.0000 C:\WINNT\system32\ATL.DLL 0x7cdc0000 0x50000 5.00.2195.7105 C:\WINNT\system32\NETAPI32.DLL 0x7c340000 0xf000 5.00.2195.6695 C:\WINNT\system32\Secur32.dll 0x77bf0000 0x11000 5.00.2195.6666 C:\WINNT\system32\NTDSAPI.dll 0x77980000 0x24000 5.00.2195.6680 C:\WINNT\system32\DNSAPI.DLL 0x75050000 0x8000 5.00.2195.6603 C:\WINNT\system32\WSOCK32.DLL 0x75030000 0x14000 5.00.2195.6601 C:\WINNT\system32\WS2_32.DLL 0x75020000 0x8000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL 0x77950000 0x2a000 5.00.2195.6666 C:\WINNT\system32\WLDAP32.DLL 0x751c0000 0x6000 5.00.2134.0001 C:\WINNT\system32\NETRAP.dll 0x75150000 0xf000 5.00.2195.6666 C:\WINNT\system32\SAMLIB.dll 0x76620000 0x11000 5.00.2195.6611 C:\WINNT\system32\MPR.DLL 0x7c0f0000 0x62000 5.00.2195.6711 C:\WINNT\system32\USERENV.DLL 0x75160000 0xc000 5.00.2195.6601 C:\WINNT\System32\ntlanman.dll 0x75210000 0x15000 5.00.2195.6601 C:\WINNT\System32\NETUI0.DLL 0x751d0000 0x38000 5.00.2134.0001 C:\WINNT\System32\NETUI1.DLL 0x76f20000 0x77000 5.00.2195.6604 C:\WINNT\system32\NETSHELL.dll 0x70340000 0x41000 6.00.2800.1106 C:\WINNT\system32\webcheck.dll 0x766d0000 0x18000 5.00.2195.6601 C:\WINNT\system32\stobject.dll 0x76740000 0x8000 5.00.3502.6601 C:\WINNT\system32\BATMETER.DLL 0x77880000 0x8e000 5.00.2195.6622 C:\WINNT\system32\SETUPAPI.DLL 0x766f0000 0x7000 5.00.3502.6601 C:\WINNT\system32\POWRPROF.DLL 0x77570000 0x30000 5.00.2161.0001 C:\WINNT\system32\WINMM.DLL 0x77560000 0x8000 5.00.2195.6673 C:\WINNT\system32\wdmaud.drv 0x77400000 0x8000 5.00.2134.0001 C:\WINNT\system32\msacm32.drv 0x77410000 0x13000 5.00.2134.0001 C:\WINNT\system32\MSACM32.dll 0x745e0000 0x2c6000 3.01.4000.2435 C:\WINNT\system32\MSI.DLL 0x76290000 0x3e000 2000.02.3529.0000 C:\WINNT\System32\es.dll 0x6de80000 0x64000 2000.02.3529.0000 C:\WINNT\System32\TxfAux.Dll 0x01ed0000 0x22000 10.00.0000.0000 C:\Program Files\Softwin\BitDefender10\bdoe.dll 0x01f00000 0x15000 1.08.0011.0000 C:\WINNT\system32\XCOMM.dll 0x77820000 0x7000 5.00.2195.6623 C:\WINNT\system32\VERSION.dll 0x759b0000 0x6000 5.00.2195.6611 C:\WINNT\system32\LZ32.DLL 0x01f20000 0xb000 10.00.0000.0004 C:\Program Files\Softwin\BitDefender10\BDUtils.dll 0x01f30000 0x103000 7.10.3077.0000 C:\WINNT\system32\MFC71.DLL 0x02040000 0x56000 7.10.3052.0004 C:\WINNT\system32\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINNT\system32\MSVCP71.dll 0x5d360000 0xe000 7.10.3077.0000 C:\WINNT\system32\MFC71ENU.DLL 0x63000000 0x95000 6.00.2800.1548 C:\WINNT\system32\WININET.dll 0x77440000 0x78000 5.131.2195.6661 C:\WINNT\system32\CRYPT32.dll 0x77430000 0x10000 5.00.2195.6666 C:\WINNT\system32\MSASN1.DLL 0x71f00000 0x4d000 5.00.2178.0001 C:\WINNT\System32\docprop2.dll 0x6a8f0000 0x20000 5.00.2195.6612 C:\WINNT\System32\MSVFW32.DLL 0x02330000 0x16000 5.00.2195.6612 C:\WINNT\System32\AVIFIL32.DLL 0x10000000 0x174000 1.01.0001.0001 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll 0x70020000 0x5000 5.00.2134.0001 C:\WINNT\system32\faxshell.dll 0x02c60000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x02d60000 0x12000 1.00.0000.0002 C:\Program Files\Softwin\BitDefender10\bdshelxt.dll 0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 0x379b0000 0x8c000 9.00.0000.3503 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL 0x03110000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x71960000 0x12000 6.00.2800.1106 C:\WINNT\system32\browselc.dll 0x03320000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 0x1a400000 0x7d000 6.00.2800.1550 C:\WINNT\system32\urlmon.dll 0x718c0000 0x84000 6.00.2800.1106 C:\WINNT\system32\shdoclc.dll 0x03420000 0x25000 2.06.0000.0161 C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL 0x03460000 0x5000 2.06.0000.0161 C:\Program Files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL 0x034b0000 0x6000 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll 0x75d40000 0x6000 5.00.2134.0001 C:\WINNT\system32\msadp32.acm ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com No matching processes were found. ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 172 Command line: winlogon.exe Base Size Version Path 0x01000000 0x2e000 \??\C:\WINNT\system32\winlogon.exe 0x77f80000 0x7b000 5.00.2195.6685 C:\WINNT\system32\ntdll.dll 0x78000000 0x45000 6.01.9844.0000 C:\WINNT\system32\MSVCRT.DLL 0x7c4e0000 0xb9000 5.00.2195.6688 C:\WINNT\system32\KERNEL32.dll 0x7c2d0000 0x62000 5.00.2195.6710 C:\WINNT\system32\ADVAPI32.DLL 0x77d30000 0x6f000 5.00.2195.7085 C:\WINNT\system32\RPCRT4.DLL 0x77f40000 0x3c000 5.00.2195.7073 C:\WINNT\system32\GDI32.DLL 0x77e10000 0x65000 5.00.2195.6688 C:\WINNT\system32\USER32.dll 0x7c0f0000 0x62000 5.00.2195.6711 C:\WINNT\system32\USERENV.DLL 0x769a0000 0x7000 5.00.2195.6661 C:\WINNT\system32\NDDEAPI.DLL 0x76980000 0x1b000 5.00.2195.6673 C:\WINNT\system32\SFC.DLL 0x68010000 0xf0000 5.00.2195.6717 C:\WINNT\system32\sfcfiles.dll 0x7c340000 0xf000 5.00.2195.6695 C:\WINNT\system32\SECUR32.DLL 0x690f0000 0xb000 5.00.2195.6610 C:\WINNT\system32\PROFMAP.DLL 0x7cdc0000 0x50000 5.00.2195.7105 C:\WINNT\system32\NETAPI32.dll 0x77bf0000 0x11000 5.00.2195.6666 C:\WINNT\system32\NTDSAPI.dll 0x77980000 0x24000 5.00.2195.6680 C:\WINNT\system32\DNSAPI.DLL 0x75050000 0x8000 5.00.2195.6603 C:\WINNT\system32\WSOCK32.DLL 0x75030000 0x14000 5.00.2195.6601 C:\WINNT\system32\WS2_32.DLL 0x75020000 0x8000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL 0x77950000 0x2a000 5.00.2195.6666 C:\WINNT\system32\WLDAP32.DLL 0x751c0000 0x6000 5.00.2134.0001 C:\WINNT\system32\NETRAP.dll 0x75150000 0xf000 5.00.2195.6666 C:\WINNT\system32\SAMLIB.dll 0x76b90000 0x55000 5.00.2195.6669 C:\WINNT\system32\msgina.dll 0x7cf30000 0x246000 5.00.3900.7080 C:\WINNT\system32\SHELL32.DLL 0x70a70000 0x66000 6.00.2800.1740 C:\WINNT\system32\SHLWAPI.dll 0x71710000 0x84000 5.81.4916.0400 C:\WINNT\system32\COMCTL32.dll 0x65780000 0xd000 5.00.2195.6701 C:\WINNT\system32\WINSTA.DLL 0x77570000 0x30000 5.00.2161.0001 C:\WINNT\system32\WINMM.dll 0x77880000 0x8e000 5.00.2195.6622 C:\WINNT\system32\setupapi.dll 0x5a000000 0x1f000 3.06.0000.2079 C:\Program Files\Spyware Doctor\tools\swpg.dat 0x779b0000 0x9b000 2.40.4522.0000 C:\WINNT\system32\oleaut32.dll 0x7ce20000 0xef000 5.00.2195.7059 C:\WINNT\system32\ole32.dll 0x690a0000 0xb000 5.00.2134.0001 C:\WINNT\system32\PSAPI.DLL 0x77560000 0x8000 5.00.2195.6673 C:\WINNT\system32\wdmaud.drv 0x76930000 0x2b000 5.131.2195.6624 C:\WINNT\system32\wintrust.dll 0x77440000 0x78000 5.131.2195.6661 C:\WINNT\system32\CRYPT32.dll 0x77430000 0x10000 5.00.2195.6666 C:\WINNT\system32\MSASN1.DLL 0x77920000 0x23000 5.00.2195.6613 C:\WINNT\system32\IMAGEHLP.dll 0x76a00000 0x5000 5.131.2134.0001 C:\WINNT\system32\mscat32.dll 0x7ca00000 0x23000 5.00.2195.6611 C:\WINNT\system32\rsaenh.dll 0x770c0000 0x23000 5.00.2195.6713 C:\WINNT\system32\cscdll.dll 0x76920000 0x10000 5.00.2195.6706 C:\WINNT\system32\WlNotify.dll 0x75570000 0x24000 5.00.2195.6619 C:\WINNT\system32\CERTCLI.DLL 0x773e0000 0x15000 3.00.9435.0000 C:\WINNT\system32\ATL.DLL 0x76960000 0x17000 5.00.2195.6609 C:\WINNT\system32\WINSCARD.DLL 0x77800000 0x1e000 5.00.2195.6659 C:\WINNT\system32\WINSPOOL.DRV 0x76620000 0x11000 5.00.2195.6611 C:\WINNT\system32\MPR.DLL 0x77840000 0x3e000 5.00.2195.6705 C:\WINNT\system32\cscui.dll 0x01b20000 0x11000 5.00.2195.6604 C:\WINNT\system32\wzcdlg.dll 0x01b40000 0xa000 5.00.2195.6604 C:\WINNT\system32\WZCSAPI.DLL 0x7c950000 0x8f000 2000.02.3529.0000 C:\WINNT\system32\CLBCATQ.DLL 0x77400000 0x8000 5.00.2134.0001 C:\WINNT\system32\msacm32.drv 0x77410000 0x13000 5.00.2134.0001 C:\WINNT\system32\MSACM32.dll 0x77820000 0x7000 5.00.2195.6623 C:\WINNT\system32\VERSION.dll 0x759b0000 0x6000 5.00.2195.6611 C:\WINNT\system32\LZ32.DLL 0x782d0000 0x1f000 5.00.2195.6680 C:\WINNT\system32\msv1_0.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ services.exe pid: 224 Command line: C:\WINNT\system32\services.exe Base Size Version Path 0x01000000 0x18000 5.00.2195.6700 C:\WINNT\system32\services.exe 0x77f80000 0x7b000 5.00.2195.6685 C:\WINNT\system32\ntdll.dll 0x77d30000 0x6f000 5.00.2195.7085 C:\WINNT\system32\RPCRT4.DLL 0x7c4e0000 0xb9000 5.00.2195.6688 C:\WINNT\system32\KERNEL32.dll 0x7c2d0000 0x62000 5.00.2195.6710 C:\WINNT\system32\ADVAPI32.dll 0x7cdc0000 0x50000 5.00.2195.7105 C:\WINNT\system32\NETAPI32.DLL 0x78000000 0x45000 6.01.9844.0000 C:\WINNT\system32\MSVCRT.dll 0x7c340000 0xf000 5.00.2195.6695 C:\WINNT\system32\Secur32.dll 0x77bf0000 0x11000 5.00.2195.6666 C:\WINNT\system32\NTDSAPI.dll 0x77980000 0x24000 5.00.2195.6680 C:\WINNT\system32\DNSAPI.DLL 0x75050000 0x8000 5.00.2195.6603 C:\WINNT\system32\WSOCK32.DLL 0x75030000 0x14000 5.00.2195.6601 C:\WINNT\system32\WS2_32.DLL 0x75020000 0x8000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL 0x77950000 0x2a000 5.00.2195.6666 C:\WINNT\system32\WLDAP32.DLL 0x751c0000 0x6000 5.00.2134.0001 C:\WINNT\system32\NETRAP.dll 0x75150000 0xf000 5.00.2195.6666 C:\WINNT\system32\SAMLIB.dll 0x77e10000 0x65000 5.00.2195.6688 C:\WINNT\system32\USER32.DLL 0x77f40000 0x3c000 5.00.2195.7073 C:\WINNT\system32\GDI32.DLL 0x767a0000 0x19000 5.00.2195.7069 C:\WINNT\system32\UMPNPMGR.DLL 0x7c0f0000 0x62000 5.00.2195.6711 C:\WINNT\system32\USERENV.DLL 0x76460000 0x42000 5.00.2195.6704 C:\WINNT\system32\SCESRV.DLL 0x76890000 0xf000 5.00.2195.6716 C:\WINNT\system32\eventlog.dll 0x77360000 0x19000 5.00.2195.6685 C:\WINNT\system32\dhcpcsvc.dll 0x77520000 0x5000 5.00.2134.0001 C:\WINNT\system32\ICMP.DLL 0x77340000 0x13000 5.00.2195.6602 C:\WINNT\system32\IPHLPAPI.DLL 0x77320000 0x17000 5.00.2181.0001 C:\WINNT\system32\MPRAPI.DLL 0x7ce20000 0xef000 5.00.2195.7059 C:\WINNT\system32\OLE32.DLL 0x779b0000 0x9b000 2.40.4522.0000 C:\WINNT\system32\OLEAUT32.DLL 0x773b0000 0x2f000 5.00.2195.6601 C:\WINNT\system32\ACTIVEDS.DLL 0x77380000 0x23000 5.00.2195.6701 C:\WINNT\system32\ADSLDPC.DLL 0x77830000 0xe000 5.00.2168.0001 C:\WINNT\system32\RTUTILS.DLL 0x77880000 0x8e000 5.00.2195.6622 C:\WINNT\system32\SETUPAPI.DLL 0x774e0000 0x33000 5.00.2195.6625 C:\WINNT\system32\RASAPI32.DLL 0x774c0000 0x11000 5.00.2195.6604 C:\WINNT\system32\RASMAN.DLL 0x77530000 0x22000 5.00.2195.6664 C:\WINNT\system32\TAPI32.DLL 0x71710000 0x84000 5.81.4916.0400 C:\WINNT\system32\COMCTL32.DLL 0x70a70000 0x66000 6.00.2800.1740 C:\WINNT\system32\SHLWAPI.DLL 0x768a0000 0x19000 5.00.2195.6663 C:\WINNT\system32\dnsrslvr.dll 0x76880000 0x6000 5.00.2195.6601 C:\WINNT\system32\lmhsvc.dll 0x74fd0000 0x1e000 5.00.2195.6602 C:\WINNT\system32\msafd.dll 0x75010000 0x7000 5.00.2195.6601 C:\WINNT\System32\wshtcpip.dll 0x65780000 0xd000 5.00.2195.6701 C:\WINNT\system32\WINSTA.DLL 0x768c0000 0x6000 2195.6605.0297.0003 C:\WINNT\system32\dmserver.dll 0x770b0000 0x7000 5.00.2134.0001 C:\WINNT\system32\CFGMGR32.DLL 0x767e0000 0x16000 5.00.2195.6697 C:\WINNT\system32\Srvsvc.dll 0x77800000 0x1e000 5.00.2195.6659 C:\WINNT\system32\WINSPOOL.DRV 0x76620000 0x11000 5.00.2195.6611 C:\WINNT\system32\MPR.DLL 0x76770000 0x1a000 5.00.2195.6692 C:\WINNT\system32\wkssvc.dll 0x76670000 0xe000 5.00.2195.6607 C:\WINNT\system32\CRYPTDLL.DLL 0x768d0000 0x14000 5.00.2195.6661 C:\WINNT\system32\cryptsvc.dll 0x765f0000 0x1f000 5.00.2195.6661 C:\WINNT\system32\psbase.dll 0x7ca00000 0x23000 5.00.2195.6611 C:\WINNT\system32\rsaenh.dll 0x77440000 0x78000 5.131.2195.6661 C:\WINNT\system32\CRYPT32.dll 0x77430000 0x10000 5.00.2195.6666 C:\WINNT\system32\MSASN1.DLL 0x76800000 0x7000 5.00.2195.6707 C:\WINNT\system32\seclogon.dll 0x5a000000 0x1f000 3.06.0000.2079 C:\Program Files\Spyware Doctor\tools\swpg.dat 0x690a0000 0xb000 5.00.2134.0001 C:\WINNT\system32\PSAPI.DLL 0x76750000 0x15000 5.00.2195.6611 C:\WINNT\system32\wmicore.dll 0x782c0000 0xc000 5.00.2195.6603 C:\WINNT\System32\rnr20.dll Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\Program Files 24.12.2002 11:23 <DIR> . 24.12.2002 11:23 <DIR> .. 24.12.2002 11:23 <DIR> Plus! 13.06.2004 19:05 <DIR> CASIO 24.12.2002 11:23 <DIR> CHAT 24.12.2002 11:27 <DIR> Publication Web 24.12.2002 11:23 <DIR> NetMeeting 24.12.2002 11:23 <DIR> Accessoires 24.12.2002 11:23 <DIR> Fichiers communs 24.12.2002 11:23 <DIR> Internet Explorer 24.12.2002 11:23 <DIR> Outlook Express 24.12.2002 11:23 <DIR> Windows Media Player 24.12.2002 11:26 <DIR> Services en ligne 24.12.2002 11:33 <DIR> DirectX 24.12.2002 11:46 <DIR> SiS_Compatible_VGA_V2.07k 24.12.2002 11:54 <DIR> C-Media Audio 24.12.2002 14:18 <DIR> Ahead 24.12.2002 14:38 <DIR> CyberLink 24.12.2002 14:29 <DIR> Microsoft Office 29.12.2002 16:17 <DIR> ReadIris 31.12.2002 15:11 <DIR> vanBasco's Karaoke Player 29.12.2002 16:15 <DIR> Hewlett-Packard 30.12.2002 15:08 <DIR> WinZip 11.01.2003 22:38 <DIR> freesurf 23.05.2005 19:02 <DIR> SSMM 3.7 21.04.2005 19:48 <DIR> Microsoft FrontPage 21.04.2005 19:49 <DIR> Microsoft Visual Studio 13.06.2005 19:59 <DIR> CDRIPMP3 29.06.2005 20:55 <DIR> Adobe 20.09.2005 19:48 <DIR> D-Link 20.09.2005 19:48 <DIR> NIOC Service 29.06.2005 21:08 <DIR> WZCBDL Service 08.10.2005 10:19 <DIR> Common Files 08.10.2005 10:28 <DIR> Windows NT 08.10.2005 10:28 <DIR> Accessories 08.10.2005 10:29 <DIR> ComPlus Applications 10.10.2005 20:52 <DIR> SiS Compatible VGA V2.07k 10.10.2005 21:00 <DIR> SiSLan 16.10.2005 11:14 <DIR> Canon 29.10.2005 17:36 <DIR> Bluewin 30.10.2005 08:10 <DIR> Anuman Interactive 29.01.2006 11:41 <DIR> Logitech 29.01.2006 11:47 <DIR> Messenger 29.01.2006 11:47 <DIR> MSN Messenger 24.02.2006 22:13 <DIR> Microsoft Visual Studio 8 24.02.2006 22:18 <DIR> HTML Help Workshop 24.02.2006 22:18 <DIR> Microsoft.NET 24.02.2006 22:18 <DIR> CE Remote Tools 24.02.2006 22:30 <DIR> MSBuild 24.02.2006 22:39 <DIR> Microsoft SQL Server 2005 Mobile Edition 24.02.2006 22:39 <DIR> Microsoft Device Emulator 24.02.2006 22:40 <DIR> Microsoft SQL Server 25.02.2006 13:27 <DIR> MSDN 26.04.2006 21:08 <DIR> Curl Corporation 01.05.2006 21:16 <DIR> Skype 03.05.2006 21:10 <DIR> Java 03.05.2006 21:12 <DIR> BSW 03.07.2006 23:11 <DIR> Lavasoft 04.07.2006 21:52 <DIR> DoctorCleaner 04.07.2006 21:56 <DIR> Registry Mechanic 04.07.2006 22:01 <DIR> BeClean 12.07.2006 18:28 <DIR> Agnitum 12.07.2006 21:30 <DIR> CCleaner 23.07.2006 14:44 <DIR> Google 25.07.2006 22:07 <DIR> Softwin 03.08.2006 19:02 457 INSTALL.LOG 26.07.2006 20:19 <DIR> VoipCheapCom 31.07.2006 23:05 <DIR> PKWARE 01.08.2006 17:16 <DIR> ESET 01.08.2006 20:16 <DIR> unzip 08.10.2006 11:59 <DIR> Yahoo! 08.10.2006 12:11 <DIR> Mozilla Firefox 08.10.2006 12:13 <DIR> Spyware Doctor 18.10.2006 18:10 <DIR> DivX 18.10.2006 18:15 <DIR> Grisoft 1 File(s) 457 bytes 74 Dir(s) 38'119'702'528 bytes free Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\ 24.05.2001 12:59 162'304 UNWISE.EXE Directory of C:\ 24.05.2001 12:59 162'304 UNWISE.EXE 2 File(s) 324'608 bytes 0 Dir(s) 38'119'702'528 bytes free C:\Documents and Settings\Dorella\Desktop\ATF-Cleaner.exe C:\Documents and Settings\Dorella\Desktop\avgas-setup-7.5.0.50.exe C:\Documents and Settings\Dorella\Desktop\blbeta.exe C:\Documents and Settings\Dorella\Desktop\DivXPlay.exe C:\Documents and Settings\Dorella\Desktop\dxwebsetup.exe C:\Documents and Settings\Dorella\Desktop\f-bot.exe C:\Documents and Settings\Dorella\Desktop\FixSbr.exe C:\Documents and Settings\Dorella\Desktop\KillBox.exe C:\Documents and Settings\Dorella\Desktop\mwav.exe C:\Documents and Settings\Dorella\Desktop\nod32.exe C:\Documents and Settings\Dorella\Desktop\stng260.exe C:\Documents and Settings\Dorella\Desktop\Tackent.exe Bonne soirée et merci encore d'autant de patience. Moi, je perd la mienne !!

Salut, Je suis entrain de generer les rapports. Au restart, bitdefender a bloqué Generic.Botget.xxxxx avec le fichier c:\winnt\system32\i . Et avant le 1er restart, il m'avait trouve le fichier recsl.exe infecté par le meme virus qui voulait faire une connexion internet !! Et je n'ai pas trouvé le fichier salvage.exe ... Diag help : C:\WINNT\System32\i -->28.10.2006 21:21:04 C:\WINNT\System32\ikhcore.log -->28.10.2006 21:17:56 C:\WINNT\System32\bdod.bin -->28.10.2006 21:11:14 C:\WINNT\System32\Perflib_Perfdata_2b0.dat -->28.10.2006 12:31:28 C:\WINNT\System32\Uninstall.ico -->27.10.2006 22:04:00 C:\WINNT\System32\Help.ico -->27.10.2006 22:04:00 C:\WINNT\System32\pavas.ico -->27.10.2006 22:04:00 C:\WINNT\System32\scontrol.inf -->22.10.2006 12:28:30 C:\WINNT\System32\divx_xx11.dll -->02.10.2006 21:04:42 C:\WINNT\System32\divx_xx07.dll -->02.10.2006 21:04:42 C:\WINNT\System32\divx_xx0c.dll -->02.10.2006 21:04:42 C:\WINNT\System32\DivX.dll -->02.10.2006 21:04:40 C:\WINNT\System32\SIntfNT.dll -->15.09.2006 18:42:44 C:\WINNT\System32\SIntf32.dll -->15.09.2006 18:42:42 C:\WINNT\System32\SIntf16.dll -->15.09.2006 18:42:40 C:\WINNT\System32\getfile.dat -->04.09.2006 21:25:48 C:\WINNT\System32\dpl100.dll -->11.08.2006 01:04:00 C:\WINNT\System32\dtu100.dll -->11.08.2006 01:03:58 C:\WINNT\System32\lvcoinst.log -->07.08.2006 20:37:54 C:\WINNT\System32\asuninst.exe -->02.08.2006 12:39:06 C:\WINNT\System32\asfiles.txt -->01.08.2006 20:08:42 C:\WINNT\System32\zllictbl.dat -->01.08.2006 17:02:10 C:\WINNT\System32\qt-dx331.dll -->27.07.2006 19:28:44 C:\WINNT\System32\pxcpyi64.exe -->27.07.2006 19:28:34 C:\WINNT\System32\pxcpya64.exe -->27.07.2006 19:28:34 C:\WINNT\twunk_16.exe |Twain Working Group |06/12/1999 21:00:00 C:\WINNT\twunk_32.exe |Twain Working Group |06/12/1999 21:00:00 C:\WINNT\PATCH.EXE |Trend Micro Inc. |01/08/2006 14:15:26 C:\WINNT\runtsckl.exe |Trend Micro Inc. |02/11/2005 18:07:12 C:\WINNT\bdoscandel.exe |COMPANY |25/05/2006 01:22:06 C:\WINNT\sisUSBrg.exe |Silicon Integrated Systems Corp. |10/10/2005 20:53:23 C:\WINNT\CMIUninstall.exe |COMPANY |10/10/2005 20:57:03 C:\WINNT\CmiRmRedundDir.exe |COMPANY |10/10/2005 20:57:03 C:\WINNT\IsUninst.exe |InstallShield Software Corporation |10/10/2005 20:52:04 C:\WINNT\NuNinst.exe |Nero AG |10/10/2005 22:30:16 C:\WINNT\UNNMP.exe |Nero AG |10/10/2005 22:32:18 C:\WINNT\UNNeroVision.exe |Nero AG |10/10/2005 22:42:21 C:\WINNT\IsUn040c.exe |InstallShield Software Corporation |10/10/2005 20:56:36 C:\WINNT\twain.dll |Twain Working Group |06/12/1999 21:00:00 C:\WINNT\twain_32.dll |Twain Working Group |06/12/1999 21:00:00 C:\WINNT\UNZIP.DLL |Trend Micro Inc. |01/08/2006 14:15:27 C:\WINNT\TMUPDATE.DLL |Trend Micro Inc. |01/08/2006 14:15:27 C:\WINNT\loadhttp.dll |Trend Micro Inc. |15/10/2002 14:29:40 C:\WINNT\patchw32.dll |COMPANY |14/12/2001 13:34:46 C:\WINNT\CMIRmDriver.dll |COMPANY |10/10/2005 20:57:03 C:\WINNT\system32\append.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\dfrgfat.exe |Executive Software International, Inc. |08/10/2005 10:43:15 C:\WINNT\system32\dfrgntfs.exe |Executive Software International, Inc. |08/10/2005 10:43:15 C:\WINNT\system32\dmadmin.exe |VERITAS Software Corp. |08/10/2005 10:43:16 C:\WINNT\system32\dmremote.exe |VERITAS Software Corp. |08/10/2005 10:43:16 C:\WINNT\system32\waitwnd.exe |COMPANY |10/10/2005 20:52:06 C:\WINNT\system32\sistray.exe |Silicon Integrated Systems Corporation |10/10/2005 20:52:39 C:\WINNT\system32\debug.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\dosx.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\dvdplay.exe |COMPANY |30/11/1999 23:40:02 C:\WINNT\system32\edlin.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\exe2bin.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\fastopen.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\mem.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\mscdexnt.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\msswchx.exe |Madenta Applications Inc. |08/10/2005 10:43:23 C:\WINNT\system32\nlsfunc.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\nw16.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\redir.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\NeroCheck.exe |Ahead Software Gmbh |10/10/2005 22:29:16 C:\WINNT\system32\setver.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\share.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\vwipxspx.exe |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\asuninst.exe |Panda Software |27/10/2006 22:04:52 C:\WINNT\system32\LVCOMSX.EXE |Logitech Inc. |19/07/2005 17:32:18 C:\WINNT\system32\HPZipm12.exe |HP |03/01/2006 21:54:47 C:\WINNT\system32\HPZinw12.exe |HP |03/01/2006 21:54:47 C:\WINNT\system32\TLIST.EXE |COMPANY |07/08/2006 20:53:51 C:\WINNT\system32\InstMed.exe |COMPANY |29/01/2006 11:42:02 C:\WINNT\system32\pxhpinst.exe |Sonic Solutions |18/10/2006 18:10:52 C:\WINNT\system32\pxinsa64.exe |Sonic Solutions |18/10/2006 18:10:52 C:\WINNT\system32\pxinsi64.exe |Sonic Solutions |18/10/2006 18:10:52 C:\WINNT\system32\pxcpya64.exe |Sonic Solutions |18/10/2006 18:10:52 C:\WINNT\system32\pxcpyi64.exe |Sonic Solutions |18/10/2006 18:10:52 C:\WINNT\system32\DivXsm.exe |COMPANY |12/07/2006 01:40:17 C:\WINNT\system32\DivXCodecUpdateChecker.exe |DivX, Inc. |12/07/2006 00:33:49 C:\WINNT\system32\java.exe |Sun Microsystems, Inc. |03/05/2006 21:11:28 C:\WINNT\system32\javaw.exe |Sun Microsystems, Inc. |03/05/2006 21:11:28 C:\WINNT\system32\javaws.exe |Sun Microsystems, Inc. |03/05/2006 21:11:28 C:\WINNT\system32\xreglib.dll |COMPANY |06/12/2002 17:37:06 C:\WINNT\system32\devenum.dll |COMPANY |10/10/2005 22:39:03 C:\WINNT\system32\sockspy.dll |COMPANY |26/01/2006 20:19:52 C:\WINNT\system32\dfrgsnap.dll |Executive Software International, Inc. |08/10/2005 10:43:15 C:\WINNT\system32\zlcomm.dll |Zone Labs, LLC |19/07/2006 16:08:33 C:\WINNT\system32\zlcommdb.dll |Zone Labs, LLC |19/07/2006 16:08:33 C:\WINNT\system32\dmconfig.dll |VERITAS Software Corp. |08/10/2005 10:43:16 C:\WINNT\system32\dmintf.dll |VERITAS Software Corp. |08/10/2005 10:43:16 C:\WINNT\system32\dmserver.dll |VERITAS Software Corp. |08/10/2005 10:43:16 C:\WINNT\system32\dmutil.dll |VERITAS Software Corp. |08/10/2005 10:43:16 C:\WINNT\system32\setuplib.dll |COMPANY |10/10/2005 20:52:05 C:\WINNT\system32\dxmasf.dll |COMPANY |08/10/2005 10:43:17 C:\WINNT\system32\sisgrv.dll |Silicon Integrated Systems Corporation |10/10/2005 20:52:39 C:\WINNT\system32\sisgl.dll |Silicon Integrated Systems Corporation |10/10/2005 20:52:38 C:\WINNT\system32\LVUI2RC.dll |Logitech Inc. |29/01/2006 11:41:58 C:\WINNT\system32\udaprop.dll |C-Media Corporation |10/10/2005 20:57:26 C:\WINNT\system32\mciqtz32.dll |COMPANY |10/10/2005 22:39:02 C:\WINNT\system32\vsxml.dll |Zone Labs, LLC |26/07/2006 23:57:41 C:\WINNT\system32\dfrgres.dll |Executive Software International, Inc. |06/12/1999 21:00:00 C:\WINNT\system32\dfrgui.dll |Executive Software International, Inc. |06/12/1999 21:00:00 C:\WINNT\system32\HTICONS.DLL |Hilgraeve, Inc. |08/10/2005 10:43:18 C:\WINNT\system32\lvcoinst.dll |Logitech Inc. |29/01/2006 11:41:58 C:\WINNT\system32\W32N50CT.dll |Printing Communications Assoc., Inc. (PCAUSA) |27/12/2005 15:51:56 C:\WINNT\system32\efsadu.dll |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\SiSApCom.dll |Silicon Integrated Systems Corporation |10/10/2005 20:52:38 C:\WINNT\system32\amstream.dll |COMPANY |10/10/2005 22:39:02 C:\WINNT\system32\picn20.dll |Pegasus Imaging Corp. |10/10/2005 22:42:14 C:\WINNT\system32\vsdata.dll |Zone Labs, LLC |19/07/2006 16:07:32 C:\WINNT\system32\iccvid.dll |Radius Inc. |06/12/1999 21:00:00 C:\WINNT\system32\a3d.dll |Sensaura Ltd |10/10/2005 20:57:26 C:\WINNT\system32\hpgtpusd.dll |Hewlett-Packard |03/01/2006 21:54:24 C:\WINNT\system32\hpotscl.dll |COMPANY |03/01/2006 21:54:24 C:\WINNT\system32\SiSParse.dll |Silicon Integrated Systems Corporation |10/10/2005 20:52:38 C:\WINNT\system32\vsutil.dll |Zone Labs, LLC |19/07/2006 16:07:32 C:\WINNT\system32\ir32_32.dll |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\SiSInst.dll |Silicon Integrated Systems Corporation |10/10/2005 20:52:38 C:\WINNT\system32\msdxmlc.dll |COMPANY |08/10/2005 10:43:21 C:\WINNT\system32\hpovst08.dll |Hewlett-Packard Co. |03/01/2006 21:54:25 C:\WINNT\system32\qcap.dll |COMPANY |10/10/2005 22:39:03 C:\WINNT\system32\hpzcon05.dll |Hewlett-Packard Company |23/04/2002 00:13:34 C:\WINNT\system32\hpzcoi05.dll |HP |23/04/2002 00:13:26 C:\WINNT\system32\qdv.dll |COMPANY |10/10/2005 22:39:03 C:\WINNT\system32\qdvd.dll |COMPANY |10/10/2005 22:39:03 C:\WINNT\system32\instFunc.dll |Silicon Integrated Systems Corporation |10/10/2005 20:52:38 C:\WINNT\system32\msswch.dll |Madenta Applications Inc. |08/10/2005 10:43:23 C:\WINNT\system32\libwlan.dll |Alpha Networks Inc. |24/06/2003 12:56:50 C:\WINNT\system32\WZCBDL.dll |Alpha Networks Inc. |06/06/2003 14:23:18 C:\WINNT\system32\msdmo.dll |COMPANY |10/10/2005 22:39:02 C:\WINNT\system32\IPH.dll |D-Link Corp. |26/06/2003 17:56:38 C:\WINNT\system32\oieng400.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:43:26 C:\WINNT\system32\qedit.dll |COMPANY |10/10/2005 22:39:03 C:\WINNT\system32\qedwipes.dll |COMPANY |10/10/2005 22:39:02 C:\WINNT\system32\hpzlnt05.dll |HP |23/04/2002 00:14:44 C:\WINNT\system32\qcut.dll |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\psisdecd.dll |COMPANY |10/10/2005 22:39:04 C:\WINNT\system32\LVUI2.dll |Logitech Inc. |29/01/2006 11:41:58 C:\WINNT\system32\Audio3D.dll |Sensaura Ltd |10/10/2005 20:57:26 C:\WINNT\system32\ImagX7.dll |Pegasus Imaging Corp. |10/10/2005 22:29:16 C:\WINNT\system32\ImagXpr7.dll |Pegasus Imaging Corp. |10/10/2005 22:29:16 C:\WINNT\system32\HPZc3212.dll |Hewlett-Packard Co. |03/01/2006 21:54:25 C:\WINNT\system32\ImagXR7.dll |Pegasus Imaging Corp. |10/10/2005 22:29:16 C:\WINNT\system32\tsd32.dll |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\ImagXRA7.dll |Pegasus Imaging Corp. |10/10/2005 22:29:16 C:\WINNT\system32\TwnLib20.dll |Pegasus Software |10/10/2005 22:29:17 C:\WINNT\system32\TwnLib4.dll |Pegasus Imaging Corp. |10/10/2005 22:42:14 C:\WINNT\system32\win87em.dll |COMPANY |06/12/1999 21:00:00 C:\WINNT\system32\MSRTEDIT.DLL |COMPANY |22/01/1999 20:46:58 C:\WINNT\system32\xcomm.dll |Softwin |13/01/2006 18:05:36 C:\WINNT\system32\ir41_qc.dll |Intel Corporation. |06/12/1999 21:00:00 C:\WINNT\system32\ir41_qcx.dll |Intel Corporation. |06/12/1999 21:00:00 C:\WINNT\system32\ir50_32.dll |Intel Corporation |06/12/1999 21:00:00 C:\WINNT\system32\ir50_qc.dll |Intel Corporation. |06/12/1999 21:00:00 C:\WINNT\system32\ir50_qcx.dll |Intel Corporation. |06/12/1999 21:00:00 C:\WINNT\system32\NIOCApi.dll |D-Link Corporation |30/07/2002 11:14:52 C:\WINNT\system32\EqnClass.Dll |Equinox Systems Inc. |08/10/2005 10:18:58 C:\WINNT\system32\spxcoins.dll |Specialix International Ltd. |08/10/2005 10:18:58 C:\WINNT\system32\dgsetup.dll |Digi International |08/10/2005 10:18:58 C:\WINNT\system32\dgrpsetu.dll |Digi |08/10/2005 10:18:58 C:\WINNT\system32\vsmonapi.dll |Zone Labs, LLC |19/07/2006 16:08:27 C:\WINNT\system32\vspubapi.dll |Zone Labs, LLC |19/07/2006 16:08:27 C:\WINNT\system32\vswmi.dll |Zone Labs, LLC |19/07/2006 16:08:28 C:\WINNT\system32\PCDLIB32.DLL |Eastman Kodak |09/12/1998 03:53:58 C:\WINNT\system32\AcShlExt.dll |UP-Vision Computergraphik GmbH |16/02/2004 19:48:44 C:\WINNT\system32\imgcmn.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:05 C:\WINNT\system32\mbdbjet.dll |mb Software AG |02/03/2001 11:18:08 C:\WINNT\system32\imgshl.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:05 C:\WINNT\system32\jpeg1x32.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:05 C:\WINNT\system32\jpeg2x32.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:05 C:\WINNT\system32\tsccvid.dll |TechSmith Corporation |30/10/2005 09:26:22 C:\WINNT\system32\oiprt400.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:06 C:\WINNT\system32\oissq400.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:06 C:\WINNT\system32\oitwa400.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:06 C:\WINNT\system32\oislb400.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:06 C:\WINNT\system32\xiffr3_0.dll |Scansoft |08/10/2005 10:28:06 C:\WINNT\system32\tifflt.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:06 C:\WINNT\system32\irisco32.dll |COMPANY |20/10/2005 10:49:54 C:\WINNT\system32\W32N50.DLL |Printing Communications Assoc., Inc. (PCAUSA) |28/05/2004 18:48:54 C:\WINNT\system32\CmdLineExt03.dll |COMPANY |12/10/2005 20:03:19 C:\WINNT\system32\HPZidr12.dll |HP |03/01/2006 21:54:47 C:\WINNT\system32\PixologyIRISS005.dll |Pixology Ltd. |27/02/2003 12:22:52 C:\WINNT\system32\dpu11.dll |DivXNetworks |12/07/2006 00:54:31 C:\WINNT\system32\dpuGUI11.dll |DivXNetworks |12/07/2006 00:54:31 C:\WINNT\system32\HPZipr12.dll |HP |03/01/2006 21:54:47 C:\WINNT\system32\HPZisn12.dll |HP |03/01/2006 21:54:47 C:\WINNT\system32\HPZipt12.dll |HP |03/01/2006 21:54:47 C:\WINNT\system32\iyuv_32.dll |Intel® Corporation |07/08/2006 20:37:00 C:\WINNT\system32\msencode.dll |COMPANY |29/08/2002 07:14:40 C:\WINNT\system32\QCKGen.dll |D-Link Corporation |17/03/2002 00:16:38 C:\WINNT\system32\tsbyuv.dll |Toshiba Corporation |07/08/2006 20:37:03 C:\WINNT\system32\DevCtrl.dll |COMPANY |09/06/2002 13:07:30 C:\WINNT\system32\dpus11.dll |DivXNetworks |12/07/2006 00:54:31 C:\WINNT\system32\ZPORT4AS.dll |COMPANY |27/10/2006 22:04:52 C:\WINNT\system32\dpv11.dll |DivXNetworks |12/07/2006 00:54:31 C:\WINNT\system32\dtu100.dll |DivX, Inc. |11/08/2006 01:03:57 C:\WINNT\system32\dpl100.dll |DivX, Inc. |11/08/2006 01:03:58 C:\WINNT\system32\libdivx.dll |The OpenSSL Project, http://www.openssl.org/ |12/07/2006 01:40:00 C:\WINNT\system32\ssldivx.dll |The OpenSSL Project, http://www.openssl.org/ |12/07/2006 01:40:00 C:\WINNT\system32\LVCOMCX.dll |Logitech Inc. |19/07/2005 17:32:18 C:\WINNT\system32\LVMAENUM.dll |Logitech Inc. |19/07/2005 17:32:18 C:\WINNT\system32\LVCodec2.dll |Logitech Inc. |29/01/2006 11:41:58 C:\WINNT\system32\qt-dx331.dll |COMPANY |27/07/2006 19:28:42 C:\WINNT\system32\dpu10.dll |DivXNetworks |12/07/2006 00:54:31 C:\WINNT\system32\dpuGUI10.dll |DivXNetworks |12/07/2006 00:54:34 C:\WINNT\system32\CoPrism.dll |COMPANY |30/01/2006 18:51:28 C:\WINNT\system32\DivX.dll |DivX, Inc. |02/10/2006 21:04:39 C:\WINNT\system32\divx_xx0c.dll |DivX, Inc. |02/10/2006 21:04:40 C:\WINNT\system32\divx_xx07.dll |DivX, Inc. |02/10/2006 21:04:40 C:\WINNT\system32\hypertrm.dll |Hilgraeve, Inc. |08/10/2005 10:28:13 C:\WINNT\system32\oiui400.dll |Eastman Software, Inc., A Kodak Business |08/10/2005 10:28:06 C:\WINNT\system32\divx_xx11.dll |DivX, Inc. |02/10/2006 21:04:40 C:\WINNT\system32\px.dll |Sonic Solutions |18/10/2006 18:10:51 C:\WINNT\system32\pxmas.dll |Sonic Solutions |18/10/2006 18:10:51 C:\WINNT\system32\pxwave.dll |Sonic Solutions |18/10/2006 18:10:51 C:\WINNT\system32\vxblock.dll |Sonic Solutions |18/10/2006 18:10:51 C:\WINNT\system32\pxdrv.dll |Sonic Solutions |18/10/2006 18:10:52 C:\WINNT\system32\DivXWMPExtType.dll |COMPANY |12/07/2006 00:33:49 C:\WINNT\system32\atmfd.dll |Adobe Systems Incorporated |08/10/2005 10:43:13 C:\WINNT\system32\atmlib.dll |Adobe Systems |08/10/2005 10:43:13 C:\WINNT\system32\CNDPTPC.dll |Canon Inc. |16/10/2005 11:18:32 C:\WINNT\system32\CNDPTPU.dll |Canon Inc. |16/10/2005 11:18:32 C:\WINNT\system32\SIntf16.dll |COMPANY |23/03/2006 09:40:12 C:\WINNT\system32\SIntf32.dll |COMPANY |23/03/2006 09:40:12 C:\WINNT\system32\SIntfNT.dll |COMPANY |23/03/2006 09:40:12 C:\WINNT\system32\quartz.dll |COMPANY |10/10/2005 22:39:04 Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\WINNT\system 13.06.2002 16:18 24'576 CmiReplaceCnfg.exe 1 File(s) 24'576 bytes 0 Dir(s) 38'114'000'896 bytes free Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\WINNT\system32 19.06.2003 12:05 5'392 CSRSS.EXE 1 File(s) 5'392 bytes 0 Dir(s) 38'114'000'896 bytes free Contenu de Downloaded Program Files Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\WINNT\Downloaded Program Files 08.10.2005 10:29 <DIR> . 08.10.2005 10:29 <DIR> .. 27.12.2005 15:49 65 desktop.ini 20.01.2000 15:25 1'162 Microsoft XML Parser for Java.osd 30.06.2006 16:02 1'562'360 ICSScan.dll 30.06.2006 14:03 470 ICSScanner.inf 31.05.2006 04:15 10 oscan81.ocx_x 14.03.2005 13:38 126 live.ini 14.03.2005 13:58 7'073 scanoptions.tsi 16.03.2005 11:34 7'407 lang.ini 01.03.2005 14:08 53'248 ipsupd.dll 01.03.2005 14:08 118'784 bdupd.dll 07.12.2004 16:07 32 libfn.dll 07.12.2004 16:07 32 bdcore.dll 01.06.2006 02:54 471'040 oscan8.ocx 01.06.2006 02:57 1'331 oscan8.inf 26.05.2005 04:19 293 muweb.inf 02.09.2005 10:05 578 kavwebscan.inf 02.11.2005 18:07 435'712 xscan53.ocx 02.11.2005 18:01 1'777 xscan.inf 24.08.2006 08:28 141'424 asinst.dll 22.08.2006 09:06 537 asinst.inf 20 File(s) 2'803'461 bytes Total Files Listed: 20 File(s) 2'803'461 bytes 2 Dir(s) 38'114'000'896 bytes free Recherche de rootkit! (Merci S!Ri) Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\Program Files 24.12.2002 11:23 <DIR> . 24.12.2002 11:23 <DIR> .. 24.12.2002 11:23 <DIR> Plus! 13.06.2004 19:05 <DIR> CASIO 24.12.2002 11:23 <DIR> CHAT 24.12.2002 11:27 <DIR> Publication Web 24.12.2002 11:23 <DIR> NetMeeting 24.12.2002 11:23 <DIR> Accessoires 24.12.2002 11:23 <DIR> Fichiers communs 24.12.2002 11:23 <DIR> Internet Explorer 24.12.2002 11:23 <DIR> Outlook Express 24.12.2002 11:23 <DIR> Windows Media Player 24.12.2002 11:26 <DIR> Services en ligne 24.12.2002 11:33 <DIR> DirectX 24.12.2002 11:46 <DIR> SiS_Compatible_VGA_V2.07k 24.12.2002 11:54 <DIR> C-Media Audio 24.12.2002 14:18 <DIR> Ahead 24.12.2002 14:38 <DIR> CyberLink 24.12.2002 14:29 <DIR> Microsoft Office 29.12.2002 16:17 <DIR> ReadIris 31.12.2002 15:11 <DIR> vanBasco's Karaoke Player 29.12.2002 16:15 <DIR> Hewlett-Packard 30.12.2002 15:08 <DIR> WinZip 11.01.2003 22:38 <DIR> freesurf 23.05.2005 19:02 <DIR> SSMM 3.7 21.04.2005 19:48 <DIR> Microsoft FrontPage 21.04.2005 19:49 <DIR> Microsoft Visual Studio 13.06.2005 19:59 <DIR> CDRIPMP3 29.06.2005 20:55 <DIR> Adobe 20.09.2005 19:48 <DIR> D-Link 20.09.2005 19:48 <DIR> NIOC Service 29.06.2005 21:08 <DIR> WZCBDL Service 08.10.2005 10:19 <DIR> Common Files 08.10.2005 10:28 <DIR> Windows NT 08.10.2005 10:28 <DIR> Accessories 08.10.2005 10:29 <DIR> ComPlus Applications 10.10.2005 20:52 <DIR> SiS Compatible VGA V2.07k 10.10.2005 21:00 <DIR> SiSLan 16.10.2005 11:14 <DIR> Canon 29.10.2005 17:36 <DIR> Bluewin 30.10.2005 08:10 <DIR> Anuman Interactive 29.01.2006 11:41 <DIR> Logitech 29.01.2006 11:47 <DIR> Messenger 29.01.2006 11:47 <DIR> MSN Messenger 24.02.2006 22:13 <DIR> Microsoft Visual Studio 8 24.02.2006 22:18 <DIR> HTML Help Workshop 24.02.2006 22:18 <DIR> Microsoft.NET 24.02.2006 22:18 <DIR> CE Remote Tools 24.02.2006 22:30 <DIR> MSBuild 24.02.2006 22:39 <DIR> Microsoft SQL Server 2005 Mobile Edition 24.02.2006 22:39 <DIR> Microsoft Device Emulator 24.02.2006 22:40 <DIR> Microsoft SQL Server 25.02.2006 13:27 <DIR> MSDN 26.04.2006 21:08 <DIR> Curl Corporation 01.05.2006 21:16 <DIR> Skype 03.05.2006 21:10 <DIR> Java 03.05.2006 21:12 <DIR> BSW 03.07.2006 23:11 <DIR> Lavasoft 04.07.2006 21:52 <DIR> DoctorCleaner 04.07.2006 21:56 <DIR> Registry Mechanic 04.07.2006 22:01 <DIR> BeClean 12.07.2006 18:28 <DIR> Agnitum 12.07.2006 21:30 <DIR> CCleaner 23.07.2006 14:44 <DIR> Google 25.07.2006 22:07 <DIR> Softwin 03.08.2006 19:02 457 INSTALL.LOG 26.07.2006 20:19 <DIR> VoipCheapCom 31.07.2006 23:05 <DIR> PKWARE 01.08.2006 17:16 <DIR> ESET 01.08.2006 20:16 <DIR> unzip 08.10.2006 11:59 <DIR> Yahoo! 08.10.2006 12:11 <DIR> Mozilla Firefox 08.10.2006 12:13 <DIR> Spyware Doctor 18.10.2006 18:10 <DIR> DivX 18.10.2006 18:15 <DIR> Grisoft 1 File(s) 457 bytes 74 Dir(s) 38'114'000'896 bytes free Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\Program Files\fichiers communs 24.12.2002 11:23 <DIR> . 24.12.2002 11:23 <DIR> .. 24.12.2002 14:29 <DIR> ODBC 24.12.2002 11:23 <DIR> SYSTEM 24.12.2002 11:25 <DIR> SERVICES 24.12.2002 11:37 <DIR> InstallShield 24.12.2002 11:23 <DIR> Microsoft Shared 24.12.2002 14:30 <DIR> Designer 29.12.2002 16:15 <DIR> MSSoap 29.12.2002 16:16 <DIR> Hewlett-Packard 13.06.2005 18:25 <DIR> Ahead 12.01.2003 22:56 <DIR> Adaptec Shared 29.06.2005 20:55 <DIR> Adobe 0 File(s) 0 bytes 13 Dir(s) 38'114'000'896 bytes free Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24.12.2002 11:25 <DIR> . 24.12.2002 11:25 <DIR> .. 05.05.1999 22:22 532'537 MSONSEXT.DLL 18.03.1999 05:37 593'977 RAGENT.DLL 08.04.1999 20:49 127'032 MSOWS40C.dll 17.03.1999 21:22 122'936 MSOWS409.DLL 4 File(s) 1'376'482 bytes 2 Dir(s) 38'114'000'896 bytes free Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\Program Files\common files 08.10.2005 10:19 <DIR> . 08.10.2005 10:19 <DIR> .. 08.10.2005 10:19 <DIR> Microsoft Shared 08.10.2005 10:19 <DIR> ODBC 08.10.2005 10:29 <DIR> System 08.10.2005 10:29 <DIR> Services 08.10.2005 10:48 <DIR> InstallShield 10.10.2005 21:57 <DIR> Adobe 10.10.2005 22:29 <DIR> Ahead 11.10.2005 19:14 <DIR> Designer 20.10.2005 10:44 <DIR> MSSoap 20.10.2005 10:46 <DIR> Hewlett-Packard 20.09.1995 16:16 456'976 dao3032.dll 29.01.2006 11:41 <DIR> Logitech 24.02.2006 22:18 <DIR> Merge Modules 03.05.2006 21:10 <DIR> Java 25.07.2006 22:07 <DIR> Softwin 1 File(s) 456'976 bytes 16 Dir(s) 38'114'000'896 bytes free Volume in drive C is LOCAL DISK Volume Serial Number is 2A68-12E5 Directory of C:\ 24.05.2001 12:59 162'304 UNWISE.EXE 1 File(s) 162'304 bytes 0 Dir(s) 38'114'000'896 bytes free c:\Documents and Settings\Dorella\Desktop\ATF-Cleaner.exe c:\Documents and Settings\Dorella\Desktop\avgas-setup-7.5.0.50.exe c:\Documents and Settings\Dorella\Desktop\blbeta.exe c:\Documents and Settings\Dorella\Desktop\DivXPlay.exe c:\Documents and Settings\Dorella\Desktop\dxwebsetup.exe c:\Documents and Settings\Dorella\Desktop\f-bot.exe c:\Documents and Settings\Dorella\Desktop\FixSbr.exe c:\Documents and Settings\Dorella\Desktop\HijackThis.exe c:\Documents and Settings\Dorella\Desktop\KillBox.exe c:\Documents and Settings\Dorella\Desktop\mwav.exe c:\Documents and Settings\Dorella\Desktop\nod32.exe c:\Documents and Settings\Dorella\Desktop\stng260.exe Smitfraudfix SmitFraudFix v2.115 Scan done at 21:29:10.54, sam. 28.10.2006 Run from C:\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dorella »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dorella\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DORELLA\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="sockspy.dll" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Bonne nuit ..

Entre temps, j'ai relancer bitdefender et avg. Bitdefender n'a rien trouvé et avg a trouvé ceci: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 17:31:41 28.10.2006 + Scan result: C:\WINNT\system32\__delete_on_reboot__r_e_c_s_l_._e_x_e_ -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined). ::Report end C'est vraiment tenace ces p'tites betes !! A+.

Hello, Au milieu de toutes ces manip, j'ai eu une msgbox m'indiquant system shutdown. Avec indication erreur c:\winnt\system32\lsass.exe failed ..etc ..et le system a shutdowné. Bon voici les rapports: 1) blbeta.exe 10/28/06 12:27:25 [info]: BlackLight Engine 1.0.47 initialized 10/28/06 12:27:25 [info]: OS: 5.0 build 2195 (Service Pack 4) 10/28/06 12:27:25 [Note]: 7019 4 10/28/06 12:27:25 [Note]: 7005 0 10/28/06 12:27:27 [Note]: 7006 0 10/28/06 12:27:27 [Note]: 7011 940 10/28/06 12:27:27 [Note]: 7026 0 10/28/06 12:27:27 [Note]: 7026 0 10/28/06 12:29:03 [Note]: FSRAW library version 1.7.1020 10/28/06 12:30:38 [Note]: 7007 0 2) Silent_runners "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SiS Tray" = "C:\WINNT\system32\sistray.EXE" ["Silicon Integrated Systems Corporation"] "Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."] "BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "Synchronization Manager" = "mobsync.exe /logon" [MS] "msvcc25" = "salvage.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {HKLM...CLSID} = "Shell Extension for CDRW" \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS] "{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Dossier de téléchargement Share-to-Web " -> {HKLM...CLSID} = "Dossier de téléchargement Share-to-Web " \InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Disable registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "F:\2004_06_25\IMG_0785.JPG" Startup items in "Dorella" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "hp psc 2000 Series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" ["Hewlett-Packard Co."] "officejet 6100" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "blank" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "blank" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ "ButtonText" = "Spyware Doctor" "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "blank" [file not found] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."] InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"] PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] WZCBDL Service, WZCBDLService, ""C:\Program Files\WZCBDL Service\WZCBDLS.exe"" ["D-Link"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt05\Driver = "hpzlnt05.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 52 seconds, including 4 seconds for message boxes) Et j'ai encore eu plusieurs fois des messages de bitdefender et avg qu'ils bloquaient generic.botget.xxxxx (c.bat et \.pif). En lancant dir 3.pif en ligne de commande, j'ai trouve ce fichiuer "6 .pif". J'ai donc fait un delete. mais ca n'a pas suffit !! A plus.

Salut, Bitdefender et avg trouve a la volée backdoor.rbot.aeu. Un peuz pres a chaque fois que j'allume l'ordi. Le fichier incriminé (salvage.exe) est pourtant effacé mais il semble revenir. Y compris le fichier "i" qui etait infr$ecté par autre chose dont je ne me rappelle plus. Scan Panda: Incident Status Location Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\client highway@xiti[1].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\WINDOWS\Cookies\client highway@fe.lea.lycos[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dorella\Application Data\Mozilla\Firefox\Profiles\16mvlqw3.default\cookies.txt[.xiti.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dorella\Application Data\Mozilla\Firefox\Profiles\16mvlqw3.default\cookies.txt[.247realmedia.com/]