thib1984

Je vous ai découragé? Ce qui serait compréhensible.... Maintenant, je peux aussi formater mon pc, mais mon 'cas' pourrait être utile à une autre personne... Sait-on jamais.

Mince, je pensais avoir trouvé une source potentielle de mes soucis... Hum et les messages 'hooked' ils veulent dire quoi (pour info?) Cest lié à un souci matériel?

Bonsoir, voici le rapport ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/04/24 19:55 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEB467000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "cfrmd.sys" at address 0xf73cb82e #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf7b9dd7c #: 063 Function Name: NtDeleteKey Status: Hooked by "cfrmd.sys" at address 0xf73cc53a #: 065 Function Name: NtDeleteValueKey Status: Hooked by "cfrmd.sys" at address 0xf73cbf4e #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xf7b9dd9a #: 119 Function Name: NtOpenKey Status: Hooked by "cfrmd.sys" at address 0xf73cbacc #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf7b9dd68 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf7b9dd6d #: 177 Function Name: NtQueryValueKey Status: Hooked by "cfrmd.sys" at address 0xf73cbd52 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xf7b9dda4 #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xf7b9dd9f #: 247 Function Name: NtSetValueKey Status: Hooked by "cfrmd.sys" at address 0xf73cc2ca ==EOF== Y'a des choses, y'a des choses (mais j'y comprends rien ) PS : est -il utile que je change le titre de mon sujet, car finalement ce n'est pas uniquement les analyses qui mettent mon pc à genou... ? Merci encore

Et voici le rapport.... Rien Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate.

Voici le rapport, au point ou j'en suis, je pense qu'on peut faire du zele et enlever tout ce qui vous paraitrait suspect. A noter, qu'en mode sans échec, une analyse, un transfert ou quoique finissent également par un bug. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-24 12:48:09 Windows 5.1.2600 Service Pack 3 Running: 8yeorvvu.exe; Driver: C:\pwldrpoc.sys ---- System - GMER 1.0.15 ---- SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xF73CB82E] SSDT F7B9F20C ZwCreateThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xF73CC53A] SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xF73CBF4E] SSDT F7B9F22A ZwLoadKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xF73CBACC] SSDT F7B9F1F8 ZwOpenProcess SSDT F7B9F1FD ZwOpenThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xF73CBD52] SSDT F7B9F234 ZwReplaceKey SSDT F7B9F22F ZwRestoreKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xF73CC2CA] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

Voici ce que me donne antivir avant de planter avec le reste du PC Avira AntiVir Personal Report file date: mercredi 14 avril 2010 14:39 Scanning for 1987196 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : EEEPC1984 Version information: BUILD.DAT : 10.0.0.561 32098 Bytes 18/03/2010 15:46:00 AVSCAN.EXE : 10.0.2.3 433832 Bytes 07/03/2010 15:57:10 AVSCAN.DLL : 10.0.2.2 45928 Bytes 02/03/2010 10:48:47 LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 16:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 21:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 15:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 09:29:03 VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 09:29:03 VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 09:29:03 VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 09:29:03 VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 09:29:03 VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 09:29:03 VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 09:29:03 VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 09:29:03 VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 09:29:03 VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 13:43:21 VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 13:24:21 VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 15:41:40 VBASE016.VDF : 7.10.5.69 92672 Bytes 12/03/2010 07:25:53 VBASE017.VDF : 7.10.5.91 119808 Bytes 15/03/2010 07:39:58 VBASE018.VDF : 7.10.5.121 112640 Bytes 18/03/2010 11:01:24 VBASE019.VDF : 7.10.5.138 139776 Bytes 18/03/2010 18:16:30 VBASE020.VDF : 7.10.5.164 113152 Bytes 22/03/2010 18:16:31 VBASE021.VDF : 7.10.5.182 108032 Bytes 23/03/2010 18:16:32 VBASE022.VDF : 7.10.5.199 123904 Bytes 24/03/2010 18:16:33 VBASE023.VDF : 7.10.5.217 279552 Bytes 25/03/2010 18:16:42 VBASE024.VDF : 7.10.5.234 202240 Bytes 26/03/2010 18:16:50 VBASE025.VDF : 7.10.5.254 187904 Bytes 30/03/2010 18:16:52 VBASE026.VDF : 7.10.6.18 130560 Bytes 01/04/2010 18:16:53 VBASE027.VDF : 7.10.6.34 136192 Bytes 06/04/2010 18:16:55 VBASE028.VDF : 7.10.6.44 232448 Bytes 07/04/2010 18:17:03 VBASE029.VDF : 7.10.6.45 2048 Bytes 07/04/2010 18:17:03 VBASE030.VDF : 7.10.6.46 2048 Bytes 07/04/2010 18:17:03 VBASE031.VDF : 7.10.6.55 101376 Bytes 09/04/2010 18:17:04 Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 13/02/2010 10:16:21 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 11/04/2010 18:17:39 AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 16:38:41 AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 09:09:47 AERDL.DLL : 8.1.4.3 541043 Bytes 17/03/2010 09:09:47 AEPACK.DLL : 8.2.1.1 426358 Bytes 11/04/2010 18:17:35 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 09:09:46 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 11/04/2010 18:17:33 AEHELP.DLL : 8.1.11.3 242039 Bytes 11/04/2010 18:17:18 AEGEN.DLL : 8.1.3.6 373108 Bytes 11/04/2010 18:17:17 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/11/2009 07:04:22 AECORE.DLL : 8.1.13.1 188790 Bytes 11/04/2010 18:17:15 AEBB.DLL : 8.1.0.3 53618 Bytes 10/09/2009 10:15:06 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 10:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 10:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 14:47:40 AVREG.DLL : 10.0.1.2 52072 Bytes 29/01/2010 09:47:41 AVSCPLR.DLL : 10.0.2.3 83304 Bytes 07/03/2010 16:02:30 AVARKT.DLL : 10.0.0.13 227176 Bytes 07/03/2010 15:48:41 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 07:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 10:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 13:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 12:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 11:10:20 RCTEXT.DLL : 10.0.46.0 97128 Bytes 05/03/2010 08:09:41 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: d:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: mercredi 14 avril 2010 14:39 Starting search for hidden objects. c:\windows\repair\backup\servicestate\configdirectory\internet.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\tempkey.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\appevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\secevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\sysevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsdata c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsreg c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\eventlogs c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. The scan of running processes will be started Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'avscan.exe' - '65' Module(s) have been scanned Scan process 'WINWORD.EXE' - '57' Module(s) have been scanned Scan process 'msdtc.exe' - '39' Module(s) have been scanned Scan process 'dllhost.exe' - '58' Module(s) have been scanned Scan process 'dllhost.exe' - '44' Module(s) have been scanned Scan process 'vssvc.exe' - '47' Module(s) have been scanned Scan process 'avcenter.exe' - '60' Module(s) have been scanned Scan process 'wscntfy.exe' - '13' Module(s) have been scanned Scan process 'alg.exe' - '32' Module(s) have been scanned Scan process 'wuauclt.exe' - '41' Module(s) have been scanned Scan process 'igfxext.exe' - '17' Module(s) have been scanned Scan process 'avgnt.exe' - '47' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '20' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '20' Module(s) have been scanned Scan process 'igfxtray.exe' - '23' Module(s) have been scanned Scan process 'hkcmd.exe' - '22' Module(s) have been scanned Scan process 'igfxpers.exe' - '19' Module(s) have been scanned Scan process 'AsAcpiSvr.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'ETDCtrl.exe' - '27' Module(s) have been scanned Scan process 'spoolsv.exe' - '61' Module(s) have been scanned Scan process 'Explorer.EXE' - '89' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'svchost.exe' - '27' Module(s) have been scanned Scan process 'svchost.exe' - '160' Module(s) have been scanned Scan process 'btwdins.exe' - '19' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '50' Module(s) have been scanned Scan process 'avshadow.exe' - '24' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '57' Module(s) have been scanned Scan process 'services.exe' - '26' Module(s) have been scanned Scan process 'winlogon.exe' - '64' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '365' files ). Starting the file scan: Begin scan in 'C:\' End of the scan: mercredi 14 avril 2010 15:08 Used time: 28:28 Minute(s) The scan has been canceled! 1457 Scanned directories 41778 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 41778 Files not concerned 397 Archives were scanned 0 Warnings 0 Notes 218224 Objects were scanned with rootkit scan 12 Hidden objects were found 12 objets cachés... c'est grave?

Je me permets de upper, j'aurai le temps ce week-end de faire les tests que vous me conseillerez... Je pense a formater le pc mais ca serait petit bras non?

Merci des conseils En l occurence j en avais deja applique pas mal... Mes programmes sont, si l installateur me le permet, installe sur le deuxieme disque dur. Mes documents, mes dossiers temp, software distribution (avec le programme juction.exe, je ne sais pas si tu connais qui permet les liens symboliques) sont places sur le troisieme (une carte sd). Sur C, j ai uniquement le dossier Windows, documents and settings (sans Mes documents), et quelques programmes. Bref, au niveau de la place, j ai fait du mieux que je pouvais. Je commence a me demander si le souci ne serait pas materiel, ou lie aux pilotes

Combofix est désinstallé. Je vais tenter de réinstaller mes anciens drivers et BIOS... Pas de CD Xp familiale (un pro, par contre mais ce n'est donc pas la bonne version) Pour la place, ce sont des disques ssd d'un eeepc donc 4 go/8go (2 disques) Il me reste 1 go/3go (respectivement) Merci de votre aide... J'attends votre retour.

Le premier passage a été un demi-échec. Au moment de la préparation du log, plusieurs messages d'erreurs. L'application n'a pas réussi à s'initialiser correctement. Cliquez sur OK pour l'arreter (a propos des processus de combofix, puis de notepad) Au démarrage suivant, antivir m'annonce qu'il a bloqué l'autorun.inf de mon disque C. Le premier log de combofix me donne ceci, je décide de refaire un passage. ComboFix 10-04-13.04 - thib1984 14/04/2010 13:50:40.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.422 [GMT 2:00] Lancé depuis: c:\documents and settings\thib1984\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-14 au 2010-04-14 )))))))))))))))))))))))))))))))))))) . 2010-04-13 21:39 . 2010-04-13 21:39 2157 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-04-13 19:32 . 2010-04-13 19:32 2095 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-04-13 17:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-13 17:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-13 11:18 . 2010-04-13 11:18 -------- d--h--w- c:\windows\PIF 2010-04-13 11:16 . 2010-04-13 17:29 -------- d-----w- C:\tdsskiller 2010-04-12 09:31 . 2010-04-12 17:12 35608 ----a-w- C:\UsbFix_Upload_Me_EEEPC1984.zip 2010-04-12 09:19 . 2010-04-12 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\open-config 2010-04-12 09:18 . 2010-04-12 17:12 -------- d-----w- C:\UsbFix 2010-04-11 19:40 . 2010-04-11 19:41 -------- d-----w- C:\rsit 2010-04-11 18:38 . 2010-04-11 18:52 -------- d-----w- C:\FyK 2010-04-11 18:21 . 2010-04-11 18:21 -------- d-----w- c:\windows\system32\NtmsData 2010-04-11 18:20 . 2010-04-11 18:20 -------- d-----w- c:\documents and settings\thib1984\Application Data\Avira 2010-04-11 18:09 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-11 18:09 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-11 18:09 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-11 18:09 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-11 18:09 . 2010-04-11 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- c:\temp\BTN%Copy%1 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- C:\temp 2010-04-11 11:56 . 2010-04-11 11:56 -------- d-----w- c:\windows\ASUSInstAll 2010-04-11 11:53 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2010-04-10 10:51 . 2008-02-15 10:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-04-10 10:40 . 2009-07-21 08:50 180224 ----a-w- c:\windows\system32\W32N55.dll 2010-04-10 10:40 . 2008-09-10 13:55 200704 ----a-w- c:\windows\system32\ssleay32.dll 2010-04-10 10:40 . 2010-02-01 14:36 800128 ----a-w- c:\windows\system32\Scutum.dll 2010-04-10 10:40 . 2009-10-29 07:50 152968 ----a-w- c:\windows\system32\RalinkGina.dll 2010-04-10 10:40 . 2009-05-11 09:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll 2010-04-10 10:40 . 2009-04-21 13:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys 2010-04-10 10:40 . 2008-09-10 13:55 1085440 ----a-w- c:\windows\system32\libeay32.dll 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\windows\system32\RaCoInst.dll 2010-04-10 10:39 . 2010-04-10 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver 2010-04-10 10:39 . 2010-02-04 00:48 1323040 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\rt2860.sys 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaCoInst.dll 2010-04-10 10:39 . 2010-02-04 00:47 13931 ----a-w- c:\windows\system32\RaCoInst.dat 2010-04-10 10:39 . 2009-10-28 07:48 533792 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe 2010-04-10 10:39 . 2009-10-28 07:48 197920 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\CoInstaller.dll 2010-04-10 10:39 . 2009-07-13 16:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi7.dll 2010-04-10 10:39 . 2006-11-02 05:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi.dll 2010-04-10 10:33 . 2008-02-15 11:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll 2010-04-10 10:05 . 2010-04-10 10:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-10 10:04 . 2010-04-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-04-06 19:55 . 2010-04-06 20:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Download Manager 2010-04-06 10:52 . 2010-04-06 10:52 2145 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com 2010-04-06 08:26 . 2010-04-06 08:26 -------- d-----w- c:\documents and settings\thib1984\Application Data\gtk-2.0 2010-04-03 09:22 . 2010-04-11 17:58 -------- d-----w- c:\windows\ie8updates 2010-04-03 09:21 . 2010-04-03 09:21 -------- d-----w- c:\program files\MSXML 4.0 2010-03-31 22:04 . 2010-03-31 22:05 -------- d-----w- c:\documents and settings\thib1984\.smplayer 2010-03-26 08:21 . 2010-03-26 08:21 -------- d-----w- c:\documents and settings\thib1984\dwhelper 2010-03-24 22:01 . 2010-03-24 22:02 2165 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-03-22 15:07 . 2010-03-22 15:07 -------- d-----w- c:\windows\Sun 2010-03-19 10:27 . 2010-03-19 10:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Tracker Software 2010-03-17 13:58 . 2010-03-17 13:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2010-03-17 12:45 . 2010-03-17 12:45 -------- d-----w- c:\windows\Crystal 2010-03-17 12:45 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-03-16 21:01 . 2001-11-13 07:47 41324 ----a-w- c:\windows\system32\winio.sys 2010-03-16 21:01 . 2010-03-16 21:01 -------- d-----w- c:\documents and settings\thib1984\Application Data\MathWorks 2010-03-15 16:19 . 2010-03-15 16:19 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-14 08:27 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\vlc 2010-04-14 05:50 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\.purple 2010-04-10 12:41 . 2008-06-27 09:44 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-04-10 12:41 . 2008-05-19 23:05 -------- d-----w- c:\program files\ASUS 2010-04-10 12:41 . 2008-05-19 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-10 11:04 . 2009-05-14 17:28 64052 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-10 11:04 . 2009-05-14 17:28 445672 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-10 10:39 . 2008-05-19 23:03 -------- d-----w- c:\program files\RALINK 2010-03-26 08:22 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\dvdcss 2010-03-15 18:01 . 2010-03-15 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-15 09:29 . 2010-03-15 09:29 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-15 09:13 . 2010-03-15 08:44 -------- d-----w- c:\documents and settings\thib1984\Application Data\PhotoFiltre 2010-03-14 23:19 . 2010-03-14 13:38 59024 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\thib1984\Application Data\Lingoes 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lingoes 2010-03-14 22:36 . 2010-03-14 17:17 -------- d-----w- c:\documents and settings\thib1984\Application Data\Notepad++ 2010-03-14 20:25 . 2010-03-14 20:25 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-14 20:14 . 2010-03-14 20:14 503808 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcp71.dll 2010-03-14 20:14 . 2010-03-14 20:14 499712 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\jmc.dll 2010-03-14 20:14 . 2010-03-14 20:14 348160 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcr71.dll 2010-03-14 20:13 . 2010-03-14 20:13 61440 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-sse.dll 2010-03-14 20:13 . 2010-03-14 20:13 12800 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-d3d.dll 2010-03-14 20:13 . 2010-03-14 20:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-14 20:11 . 2010-03-14 20:11 79488 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-03-14 20:11 . 2010-03-14 20:11 152576 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\lzma.dll 2010-03-14 20:04 . 2010-03-14 17:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\GlarySoft 2010-03-14 20:03 . 2010-03-14 19:59 -------- d-----w- c:\documents and settings\thib1984\Application Data\.clamwin 2010-03-14 19:18 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\Malwarebytes 2010-03-14 19:17 . 2010-03-14 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-14 18:58 . 2010-03-14 18:58 -------- d-----w- c:\documents and settings\thib1984\Application Data\ComodoGroup 2010-03-14 17:03 . 2010-03-14 17:02 -------- d-----w- c:\documents and settings\thib1984\Application Data\Thunderbird 2010-03-14 16:48 . 2010-03-14 16:48 -------- d-----w- c:\program files\Windows Media Connect 2 2010-03-14 14:51 . 2010-03-14 14:51 -------- d-----w- c:\program files\MSECache 2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\program files\Microsoft.NET 2010-03-14 13:41 . 2010-03-14 13:38 131 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\fusioncache.dat 2010-02-25 06:17 . 2009-05-14 17:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-12 10:03 . 2010-03-14 15:48 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-04 00:48 . 2008-05-19 23:03 1323040 ----a-w- c:\windows\system32\drivers\rt2860.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 01000000 "NoSMHelp"= 01000000 "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "HonorAutoRunSetting"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "SoundMan"=SOUNDMAN.EXE "AlcWzrd"=ALCWZRD.EXE "Alcmtr"=ALCMTR.EXE "AsusTray"=c:\program files\EeePC\ACPI\AsTray.exe "AsusEPCMonitor"=c:\program files\EeePC\ACPI\AsEPCMon.exe "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" "ClamWin"="d:\program files\ClamWin\bin\ClamTray.exe" --logon [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "d:\\Program Files\\NX Client for Windows\\nxclient.exe"= "d:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "d:\\Program Files\\SopCast\\SopCast.exe"= R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [14/03/2010 16:27 3712] R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [14/03/2010 19:16 133448] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [11/04/2010 20:10 135336] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [10/04/2010 12:40 19072] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2008 01:03 1323040] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13/04/2010 19:31 38224] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - ---- PARAMETRES FIREFOX ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"'>http://www.firefox.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 13:55 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2010-04-14 14:00:05 ComboFix-quarantined-files.txt 2010-04-14 11:58 Avant-CF: 482 656 256 octets libres Après-CF: 449 318 912 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 988A39D4E08A368BF6149BD4CE9AAED4 Je relance donc combofix, cette fois ci pas de bug. Nouveau fichier log. ComboFix 10-04-13.04 - thib1984 14/04/2010 14:06:11.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.634 [GMT 2:00] Lancé depuis: c:\documents and settings\thib1984\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-14 au 2010-04-14 )))))))))))))))))))))))))))))))))))) . 2010-04-13 21:39 . 2010-04-13 21:39 2157 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-04-13 19:32 . 2010-04-13 19:32 2095 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-04-13 17:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-13 17:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-13 11:18 . 2010-04-13 11:18 -------- d--h--w- c:\windows\PIF 2010-04-13 11:16 . 2010-04-13 17:29 -------- d-----w- C:\tdsskiller 2010-04-12 09:31 . 2010-04-12 17:12 35608 ----a-w- C:\UsbFix_Upload_Me_EEEPC1984.zip 2010-04-12 09:19 . 2010-04-12 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\open-config 2010-04-12 09:18 . 2010-04-12 17:12 -------- d-----w- C:\UsbFix 2010-04-11 19:40 . 2010-04-11 19:41 -------- d-----w- C:\rsit 2010-04-11 18:38 . 2010-04-11 18:52 -------- d-----w- C:\FyK 2010-04-11 18:21 . 2010-04-11 18:21 -------- d-----w- c:\windows\system32\NtmsData 2010-04-11 18:20 . 2010-04-11 18:20 -------- d-----w- c:\documents and settings\thib1984\Application Data\Avira 2010-04-11 18:09 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-11 18:09 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-11 18:09 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-11 18:09 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-11 18:09 . 2010-04-11 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- c:\temp\BTN%Copy%1 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- C:\temp 2010-04-11 11:56 . 2010-04-11 11:56 -------- d-----w- c:\windows\ASUSInstAll 2010-04-11 11:53 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2010-04-10 10:51 . 2008-02-15 10:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-04-10 10:40 . 2009-07-21 08:50 180224 ----a-w- c:\windows\system32\W32N55.dll 2010-04-10 10:40 . 2008-09-10 13:55 200704 ----a-w- c:\windows\system32\ssleay32.dll 2010-04-10 10:40 . 2010-02-01 14:36 800128 ----a-w- c:\windows\system32\Scutum.dll 2010-04-10 10:40 . 2009-10-29 07:50 152968 ----a-w- c:\windows\system32\RalinkGina.dll 2010-04-10 10:40 . 2009-05-11 09:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll 2010-04-10 10:40 . 2009-04-21 13:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys 2010-04-10 10:40 . 2008-09-10 13:55 1085440 ----a-w- c:\windows\system32\libeay32.dll 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\windows\system32\RaCoInst.dll 2010-04-10 10:39 . 2010-04-10 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver 2010-04-10 10:39 . 2010-02-04 00:48 1323040 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\rt2860.sys 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaCoInst.dll 2010-04-10 10:39 . 2010-02-04 00:47 13931 ----a-w- c:\windows\system32\RaCoInst.dat 2010-04-10 10:39 . 2009-10-28 07:48 533792 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe 2010-04-10 10:39 . 2009-10-28 07:48 197920 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\CoInstaller.dll 2010-04-10 10:39 . 2009-07-13 16:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi7.dll 2010-04-10 10:39 . 2006-11-02 05:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi.dll 2010-04-10 10:33 . 2008-02-15 11:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll 2010-04-10 10:05 . 2010-04-10 10:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-10 10:04 . 2010-04-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-04-06 19:55 . 2010-04-06 20:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Download Manager 2010-04-06 10:52 . 2010-04-06 10:52 2145 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com 2010-04-06 08:26 . 2010-04-06 08:26 -------- d-----w- c:\documents and settings\thib1984\Application Data\gtk-2.0 2010-04-03 09:22 . 2010-04-11 17:58 -------- d-----w- c:\windows\ie8updates 2010-04-03 09:21 . 2010-04-03 09:21 -------- d-----w- c:\program files\MSXML 4.0 2010-03-31 22:04 . 2010-03-31 22:05 -------- d-----w- c:\documents and settings\thib1984\.smplayer 2010-03-26 08:21 . 2010-03-26 08:21 -------- d-----w- c:\documents and settings\thib1984\dwhelper 2010-03-24 22:01 . 2010-03-24 22:02 2165 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-03-22 15:07 . 2010-03-22 15:07 -------- d-----w- c:\windows\Sun 2010-03-19 10:27 . 2010-03-19 10:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Tracker Software 2010-03-17 13:58 . 2010-03-17 13:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2010-03-17 12:45 . 2010-03-17 12:45 -------- d-----w- c:\windows\Crystal 2010-03-17 12:45 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-03-16 21:01 . 2001-11-13 07:47 41324 ----a-w- c:\windows\system32\winio.sys 2010-03-16 21:01 . 2010-03-16 21:01 -------- d-----w- c:\documents and settings\thib1984\Application Data\MathWorks 2010-03-15 16:19 . 2010-03-15 16:19 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-14 08:27 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\vlc 2010-04-14 05:50 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\.purple 2010-04-10 12:41 . 2008-06-27 09:44 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-04-10 12:41 . 2008-05-19 23:05 -------- d-----w- c:\program files\ASUS 2010-04-10 12:41 . 2008-05-19 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-10 11:04 . 2009-05-14 17:28 64052 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-10 11:04 . 2009-05-14 17:28 445672 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-10 10:39 . 2008-05-19 23:03 -------- d-----w- c:\program files\RALINK 2010-03-26 08:22 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\dvdcss 2010-03-15 18:01 . 2010-03-15 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-15 09:29 . 2010-03-15 09:29 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-15 09:13 . 2010-03-15 08:44 -------- d-----w- c:\documents and settings\thib1984\Application Data\PhotoFiltre 2010-03-14 23:19 . 2010-03-14 13:38 59024 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\thib1984\Application Data\Lingoes 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lingoes 2010-03-14 22:36 . 2010-03-14 17:17 -------- d-----w- c:\documents and settings\thib1984\Application Data\Notepad++ 2010-03-14 20:25 . 2010-03-14 20:25 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-14 20:14 . 2010-03-14 20:14 503808 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcp71.dll 2010-03-14 20:14 . 2010-03-14 20:14 499712 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\jmc.dll 2010-03-14 20:14 . 2010-03-14 20:14 348160 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcr71.dll 2010-03-14 20:13 . 2010-03-14 20:13 61440 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-sse.dll 2010-03-14 20:13 . 2010-03-14 20:13 12800 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-d3d.dll 2010-03-14 20:13 . 2010-03-14 20:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-14 20:11 . 2010-03-14 20:11 79488 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-03-14 20:11 . 2010-03-14 20:11 152576 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\lzma.dll 2010-03-14 20:04 . 2010-03-14 17:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\GlarySoft 2010-03-14 20:03 . 2010-03-14 19:59 -------- d-----w- c:\documents and settings\thib1984\Application Data\.clamwin 2010-03-14 19:18 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\Malwarebytes 2010-03-14 19:17 . 2010-03-14 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-14 18:58 . 2010-03-14 18:58 -------- d-----w- c:\documents and settings\thib1984\Application Data\ComodoGroup 2010-03-14 17:03 . 2010-03-14 17:02 -------- d-----w- c:\documents and settings\thib1984\Application Data\Thunderbird 2010-03-14 16:48 . 2010-03-14 16:48 -------- d-----w- c:\program files\Windows Media Connect 2 2010-03-14 14:51 . 2010-03-14 14:51 -------- d-----w- c:\program files\MSECache 2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\program files\Microsoft.NET 2010-03-14 13:41 . 2010-03-14 13:38 131 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\fusioncache.dat 2010-02-25 06:17 . 2009-05-14 17:28 916480 ------w- c:\windows\system32\wininet.dll 2010-02-12 10:03 . 2010-03-14 15:48 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-04 00:48 . 2008-05-19 23:03 1323040 ----a-w- c:\windows\system32\drivers\rt2860.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 01000000 "NoSMHelp"= 01000000 "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "HonorAutoRunSetting"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "SoundMan"=SOUNDMAN.EXE "AlcWzrd"=ALCWZRD.EXE "Alcmtr"=ALCMTR.EXE "AsusTray"=c:\program files\EeePC\ACPI\AsTray.exe "AsusEPCMonitor"=c:\program files\EeePC\ACPI\AsEPCMon.exe "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" "ClamWin"="d:\program files\ClamWin\bin\ClamTray.exe" --logon [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "d:\\Program Files\\NX Client for Windows\\nxclient.exe"= "d:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "d:\\Program Files\\SopCast\\SopCast.exe"= R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [14/03/2010 16:27 3712] R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [14/03/2010 19:16 133448] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [11/04/2010 20:10 135336] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [10/04/2010 12:40 19072] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2008 01:03 1323040] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13/04/2010 19:31 38224] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - ---- PARAMETRES FIREFOX ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 14:10 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3064) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll d:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-04-14 14:12:30 ComboFix-quarantined-files.txt 2010-04-14 12:12 ComboFix2.txt 2010-04-14 12:00 Avant-CF: 452 857 856 octets libres Après-CF: 419 635 200 octets libres - - End Of File - - 4969AC9D515202E0C273BBEAA7EE0FCC C'est bon signe? EDIT : pas bon signe. Analyse antivir (pour voir). Ca bloque comme habitude.

La première modif a été faite, les analyses, transferts continuent à planter (pire les deux dernières se soldent pas une extinction de l'écran + reboot, sans que je ne le demande) Voici le log de recherche de DanolFix DaonolFix (15.04.09) by jpshortstuff Log created at 12:39 on 14/04/2010 by thib1984 Running from C:\Documents and Settings\thib1984\Bureau\DaonolFix(2).exe =====Find Daonol===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux"="wdmaud.drv" "midi"="wdmaud.drv" "midi1"="wdmaud.drv" "midi2"="wdmaud.drv" "midi3"="wdmaud.drv" "midimapper"="midimap.dll" "mixer"="wdmaud.drv" "mixer1"="wdmaud.drv" "mixer2"="wdmaud.drv" "mixer3"="wdmaud.drv" "msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" "msacm.imaadpcm"="imaadp32.acm" "msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msaudio1"="msaud32.acm" "msacm.msg711"="msg711.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.sl_anet"="sl_anet.acm" "msacm.trspch"="tssoft32.acm" "MSVideo8"="VfWWDM32.dll" "vidc.cvid"="iccvid.dll" "VIDC.I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "VIDC.IYUV"="iyuv_32.dll" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC.UYVY"="msyuv.dll" "VIDC.YUY2"="msyuv.dll" "VIDC.YVU9"="tsbyuv.dll" "VIDC.YVYU"="msyuv.dll" "wave"="wdmaud.drv" "wave1"="wdmaud.drv" "wave2"="wdmaud.drv" "wave3"="wdmaud.drv" "wavemapper"="msacm32.drv" -=Daonol Files=- (none found) -=End Of File=-

Bonjour, et content de ne pas vous avoir découragé... Je garde espoir... Voici le rapport (le warning n'indique rien de grave?) *************************************************************** Running from: C:\Documents and Settings\thib1984\Bureau\Win32kDiag.exe Log file at : C:\Documents and Settings\thib1984\Bureau\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! ***************************************************************

Bonjour, Voici le rapport. Je n'ai rien supprimé. Pas de rootkit, je crois. Je devais tout supprimer? Par contre, le pc ne plante pas uniquement avec MBAM, mais aussi avec antivir, kaspersky removal tool, voir un transfert d'un grand lot de fichiers.... GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-14 07:30:01 Windows 5.1.2600 Service Pack 3 Running: vzfxzluu.exe; Driver: E:\Temp\pwldrpoc.sys ---- System - GMER 1.0.15 ---- SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xF73DD82E] SSDT F7B9E24C ZwCreateThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xF73DE53A] SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xF73DDF4E] SSDT F7B9E26A ZwLoadKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xF73DDACC] SSDT F7B9E238 ZwOpenProcess SSDT F7B9E23D ZwOpenThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xF73DDD52] SSDT F7B9E274 ZwReplaceKey SSDT F7B9E26F ZwRestoreKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xF73DE2CA] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

Bonsoir, et encore merci de votre aide précieuse... Malheureusement les choses ne s'arrangent pas. Le premier des deux softs (load_tdsskiller) ne trouve rien (invite de commande affiche 0 fichier infecté) mais, plus surprenant, le fichier log est vide Oo'. Le bloc notes s'affiche vide, rien dans C:\tdsskiller\report.txt (ce fichier n'existe même pas...) Le deuxième soft (rkill.com) ne trouve rien non plsu mais me renvoie un fichier log en bon et du forme ********************************************************* This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as thib1984 on 13/04/2010 at 19:30:06. Processes terminated by Rkill or while it was running: C:\Documents and Settings\thib1984\Bureau\rkill.com Rkill completed on 13/04/2010 at 19:30:11. ********************************************************** La désinstallation, installation scan de MBAM se finit comme d'habitude dorénavant (pc plus ou moins bloqué). Nouvelle : quand je copie colle un grand lot de données (plusieurs milliers d'images), la copie s'arrete avec le message d'erreurs "Ressources système insuffisantes pour terminer le service demandé" et les symptomes qui suivent sont les mêmes que d'habitude... Merci encore de votre aide

Initiative personelle : J'ai testé l'antivir rescue cd... Deux nouvelles : - il ne trouve rien... - il arrive à scanner tous les disques durs sans se bloquer... Je comprends de moins en moins....

Bonsoir, j'ai réalisé ce que vous m'aviez demandé (et un fichier a été supprimé) Voici les logs ############################## | UsbFix V6.102 | User : thib1984 (Administrateurs) # EEEPC1984 Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 11:19:52 | 12/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Atom CPU N270 @ 1.60GHz Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AntiVir Desktop 10.0.1.43 [ (!) Disabled | (!) Outdated ] C:\ -> Disque fixe local # 3,72 Go (1,02 Go free) # NTFS D:\ -> Disque fixe local # 7,51 Go (3,84 Go free) # NTFS E:\ -> Disque fixe local # 7,46 Go (3,44 Go free) [Disque Local] # NTFS ################## | Elements infectieux | E:\Temp\Setup.exe ################## | Registre | [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoComputersNearMe" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu" ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\H Shell\AutoRun\command =H:\SETUP.EXE /AUTORUN Shell\configure\command =H:\SETUP.EXE Shell\install\command =H:\SETUP.EXE ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné ! ################## | ! Fin du rapport # UsbFix V6.102 ! | ############################## | UsbFix V6.102 | User : thib1984 (Administrateurs) # EEEPC1984 Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 11:26:47 | 12/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Atom CPU N270 @ 1.60GHz Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AntiVir Desktop 10.0.1.43 [ (!) Disabled | (!) Outdated ] C:\ -> Disque fixe local # 3,72 Go (1016,62 Mo free) # NTFS D:\ -> Disque fixe local # 7,51 Go (3,84 Go free) # NTFS E:\ -> Disque fixe local # 7,46 Go (3,44 Go free) [Disque Local] # NTFS ################## | Elements infectieux | Supprimé ! E:\Temp\Setup.exe Supprimé ! C:\Recycler\S-1-5-21-1214440339-1123561945-299502267-1003 Supprimé ! C:\Recycler\S-1-5-21-2151119805-2425998071-3978150400-1003 Supprimé ! C:\Recycler\S-1-5-21-3057862583-99463857-538722824-1003 Supprimé ! C:\Recycler\S-1-5-21-511707258-1552745209-3909410974-1006 Supprimé ! D:\Recycler\S-1-5-21-1214440339-1123561945-299502267-1003 Supprimé ! D:\Recycler\S-1-5-21-511707258-1552745209-3909410974-1006 Supprimé ! E:\Recycler\S-1-5-21-4070829689-2914742153-4263804424-1006 Supprimé ! E:\Recycler\S-1-5-21-511707258-1552745209-3909410974-1006 Supprimé ! E:\Recycler\S-1-5-21-935334264-2521023503-4240145413-1006 ################## | Registre | Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoComputersNearMe" Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu" ################## | Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command ################## | Listing des fichiers présent | [10/04/2010 11:49|--a------|157] C:\AsusUpdate.log [15/05/2008 12:00|--a------|0] C:\AUTOEXEC.BAT [14/03/2010 15:38|-rahs----|216] C:\boot.ini [15/04/2008 05:00|-rahs----|4952] C:\Bootfont.bin [15/05/2008 12:00|--a------|0] C:\CONFIG.SYS [11/04/2010 20:52|--a------|833] C:\FyK.txt [15/05/2008 12:00|-rahs----|0] C:\IO.SYS [15/05/2008 12:00|-rahs----|0] C:\MSDOS.SYS [15/04/2008 05:00|-rahs----|47564] C:\NTDETECT.COM [15/04/2008 05:00|-rahs----|252240] C:\ntldr [11/04/2010 13:56|--a------|573] C:\RHDSetup.log [12/04/2010 11:30|--a------|2400] C:\UsbFix.txt [?|?|?] D:\pagefile.sys [24/03/2010 07:22|--a------|1379964] D:\test.txt ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_EEEPC1984.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.102 ! | Par contre, dés la première analyse d'antivir qui a suvi, même souci. Ca bloque sur un fichier, (différent des deux fois précédentes) et le pc se bloque quasiment (menu démarrer incomplet), impossible d'ouvrir le poste de travail. Impossible de délocker le pc (aprés un WIN+L)... Reboot, ca marche mieux... tant que je n'analyse rien... Avez vous une idée du problème potentiel? Comment être sur que le souci n'est pas matériel? Thibault (bien désolé de vous donner du fil a retordre)

Bonjour, comment être "sûr" que ce souci n'est pas matériel? Les tests que j'ai pu faire avec MemTest et HDTune suffisent? Ou alors avez vous vu des signes d'infections dans les fichiers logs que j'ai envoyé? Merci Thibault

Logfile of random's system information tool 1.06 (written by random/random) Run by thib1984 at 2010-04-11 21:40:54 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 1 GB (28%) free of 4 GB Total RAM: 1015 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41:04, on 11/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Elantech\ETDCtrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\thib1984\Bureau\RSIT.exe C:\Documents and Settings\thib1984\Bureau\thib1984.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1268578532515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1268578522125 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe -- End of file - 4884 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-14 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-14 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-06-25 335872] "AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-06-03 479232] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoNetworkConnections"=01000000 "NoSMHelp"=01000000 "NoActiveDesktop"=01000000 "NoUserNameInStartMenu"=01000000 "StartMenuLogOff"=1 "NoSMMyDocs"=1 "NoSMMyPictures"=1 "NoFavoritesMenu"=1 "NoStartMenuMyMusic"=1 "NoDriveAutoRun"=FFFFFF03 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\NX Client for Windows\nxclient.exe"="D:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient" "D:\Program Files\NX Client for Windows\bin\nxssh.exe"="D:\Program Files\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "D:\Program Files\SopCast\adv\SopAdver.exe"="D:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "D:\Program Files\SopCast\SopCast.exe"="D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "D:\Program Files\ma-config.com\maconfservice.exe"="D:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\SETUP.EXE /AUTORUN shell\configure\command - H:\SETUP.EXE shell\install\command - H:\SETUP.EXE ======List of files/folders created in the last 1 months====== 2010-04-11 21:40:54 ----D---- C:\rsit 2010-04-11 20:52:51 ----A---- C:\FyK.txt 2010-04-11 20:38:31 ----D---- C:\FyK 2010-04-11 20:21:07 ----D---- C:\WINDOWS\system32\NtmsData 2010-04-11 20:20:22 ----D---- C:\Documents and Settings\thib1984\Application Data\Avira 2010-04-11 20:09:49 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-04-11 15:16:25 ----D---- C:\temp 2010-04-11 15:11:00 ----A---- C:\WINDOWS\ntbtlog.txt 2010-04-11 13:56:21 ----D---- C:\WINDOWS\ASUSInstAll 2010-04-11 13:54:27 ----A---- C:\WINDOWS\Ascd_log.ini 2010-04-11 13:54:00 ----A---- C:\WINDOWS\Ascd_tmp.ini 2010-04-10 12:51:39 ----A---- C:\WINDOWS\system32\igfxres.dll 2010-04-10 12:40:07 ----A---- C:\WINDOWS\system32\W32N55.INI 2010-04-10 12:40:07 ----A---- C:\WINDOWS\system32\W32N55.dll 2010-04-10 12:40:07 ----A---- C:\WINDOWS\system32\ssleay32.dll 2010-04-10 12:40:07 ----A---- C:\WINDOWS\system32\DiagFunc.ini 2010-04-10 12:40:06 ----A---- C:\WINDOWS\system32\Scutum.dll 2010-04-10 12:40:06 ----A---- C:\WINDOWS\system32\RalinkGina.dll 2010-04-10 12:40:06 ----A---- C:\WINDOWS\system32\libeay32.dll 2010-04-10 12:40:06 ----A---- C:\WINDOWS\system32\DiagFunc.dll 2010-04-10 12:39:32 ----A---- C:\WINDOWS\system32\RaCoInst.dll 2010-04-10 12:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\Ralink Driver 2010-04-10 12:33:21 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll 2010-04-10 12:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2010-04-06 21:55:20 ----D---- C:\Documents and Settings\thib1984\Application Data\Download Manager 2010-04-06 10:26:38 ----D---- C:\Documents and Settings\thib1984\Application Data\gtk-2.0 2010-04-03 11:22:03 ----D---- C:\WINDOWS\ie8updates 2010-04-03 11:21:28 ----D---- C:\Program Files\MSXML 4.0 2010-03-22 17:07:09 ----D---- C:\WINDOWS\Sun 2010-03-19 12:27:39 ----D---- C:\Documents and Settings\thib1984\Application Data\Tracker Software 2010-03-17 15:58:08 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe 2010-03-17 15:35:59 ----D---- C:\Program Files\xerox 2010-03-17 15:35:59 ----D---- C:\Program Files\outlook express 2010-03-17 15:35:59 ----D---- C:\Program Files\netmeeting 2010-03-17 15:35:59 ----D---- C:\Program Files\msn gaming zone 2010-03-17 15:35:59 ----D---- C:\Program Files\movie maker 2010-03-17 14:47:06 ----A---- C:\WINDOWS\PSPICEEV.INI 2010-03-17 14:46:42 ----A---- C:\WINDOWS\system32\vbar332.dll 2010-03-17 14:46:38 ----A---- C:\WINDOWS\system32\p2irdao.dll 2010-03-17 14:46:38 ----A---- C:\WINDOWS\system32\p2ctdao.dll 2010-03-17 14:46:38 ----A---- C:\WINDOWS\system32\p2bdao.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\msrd2x35.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\msjter35.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\msjint35.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\msjet35.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\ltkrn60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\ltfil60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfwpg60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfwmf60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lftif60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lftga60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfpsd60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfpng60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfpcx60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfpct60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfmsp60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfmac60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lffax60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfeps60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfcmp60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\lfbmp60n.dll 2010-03-17 14:46:35 ----A---- C:\WINDOWS\system32\implode.dll 2010-03-17 14:46:34 ----A---- C:\WINDOWS\system32\crpe32.dll 2010-03-17 14:46:34 ----A---- C:\WINDOWS\system32\crpaig32.dll 2010-03-17 14:46:34 ----A---- C:\WINDOWS\system32\cpeaut32.dll 2010-03-17 14:45:55 ----D---- C:\WINDOWS\Crystal 2010-03-17 14:45:19 ----A---- C:\WINDOWS\IsUninst.exe 2010-03-16 23:01:44 ----A---- C:\WINDOWS\matlab.ini 2010-03-16 23:01:24 ----D---- C:\Documents and Settings\thib1984\Application Data\MathWorks 2010-03-15 11:31:50 ----D---- C:\Documents and Settings\thib1984\Application Data\Macromedia 2010-03-15 11:31:49 ----D---- C:\Documents and Settings\thib1984\Application Data\Adobe 2010-03-15 11:14:47 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2010-03-15 10:44:21 ----D---- C:\Documents and Settings\thib1984\Application Data\PhotoFiltre 2010-03-15 01:11:41 ----D---- C:\Documents and Settings\thib1984\Application Data\Lingoes 2010-03-15 01:11:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lingoes 2010-03-15 01:02:24 ----D---- C:\WINDOWS\pss 2010-03-15 00:36:09 ----D---- C:\Documents and Settings\thib1984\Application Data\Application Updater 2010-03-14 22:57:02 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll 2010-03-14 22:57:01 ----A---- C:\WINDOWS\system32\VB6FR.DLL 2010-03-14 22:57:01 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2010-03-14 22:57:01 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL 2010-03-14 22:57:00 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL 2010-03-14 22:25:07 ----D---- C:\Program Files\Fichiers communs\Java 2010-03-14 22:13:45 ----A---- C:\WINDOWS\system32\javaws.exe 2010-03-14 22:13:45 ----A---- C:\WINDOWS\system32\javaw.exe 2010-03-14 22:13:45 ----A---- C:\WINDOWS\system32\java.exe 2010-03-14 22:13:45 ----A---- C:\WINDOWS\system32\deploytk.dll 2010-03-14 22:11:20 ----D---- C:\Documents and Settings\thib1984\Application Data\Sun 2010-03-14 21:59:21 ----D---- C:\Documents and Settings\thib1984\Application Data\.clamwin 2010-03-14 21:18:39 ----D---- C:\Documents and Settings\thib1984\Application Data\Malwarebytes 2010-03-14 21:18:19 ----D---- C:\Documents and Settings\thib1984\Application Data\.purple 2010-03-14 21:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-14 21:11:54 ----A---- C:\WINDOWS\system32\msxml4r.dll 2010-03-14 21:11:54 ----A---- C:\WINDOWS\system32\msxml4a.dll 2010-03-14 20:58:58 ----D---- C:\Documents and Settings\thib1984\Application Data\ComodoGroup 2010-03-14 19:29:54 ----D---- C:\Documents and Settings\thib1984\Application Data\dvdcss 2010-03-14 19:29:53 ----D---- C:\Documents and Settings\thib1984\Application Data\vlc 2010-03-14 19:27:09 ----D---- C:\Documents and Settings\thib1984\Application Data\GlarySoft 2010-03-14 19:17:26 ----D---- C:\Documents and Settings\thib1984\Application Data\Notepad++ 2010-03-14 19:16:22 ----A---- C:\WINDOWS\system32\cnat.exe 2010-03-14 19:02:12 ----D---- C:\Documents and Settings\thib1984\Application Data\Thunderbird 2010-03-14 18:58:34 ----D---- C:\Documents and Settings\thib1984\Application Data\Mozilla 2010-03-14 18:49:16 ----N---- C:\WINDOWS\system32\spmsg.dll 2010-03-14 18:48:47 ----D---- C:\Program Files\Windows Media Connect 2 2010-03-14 18:45:45 ----D---- C:\WINDOWS\system32\LogFiles 2010-03-14 18:18:39 ----A---- C:\WINDOWS\system32\MRT.exe 2010-03-14 18:04:32 ----D---- C:\WINDOWS\WBEM 2010-03-14 17:57:47 ----A---- C:\WINDOWS\system32\TweakUI.exe 2010-03-14 17:48:40 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-14 17:11:29 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-03-14 17:11:12 ----D---- C:\WINDOWS\system32\PreInstall 2010-03-14 17:11:11 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2010-03-14 17:11:10 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-14 16:56:51 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2010-03-14 16:51:40 ----D---- C:\Program Files\Microsoft Office 2010-03-14 16:51:10 ----D---- C:\Program Files\MSECache 2010-03-14 16:50:07 ----A---- C:\WINDOWS\ODBC.INI 2010-03-14 16:49:41 ----A---- C:\WINDOWS\system32\mdimon.dll 2010-03-14 16:46:45 ----D---- C:\Program Files\Fichiers communs\DESIGNER 2010-03-14 16:46:02 ----D---- C:\Program Files\Microsoft Visual Studio 2010-03-14 16:45:21 ----D---- C:\WINDOWS\SHELLNEW 2010-03-14 16:45:17 ----D---- C:\Program Files\Microsoft.NET 2010-03-14 16:34:59 ----D---- C:\WINDOWS\SoftwareDistribution 2010-03-14 16:26:00 ----D---- C:\Program Files\Fichiers communs\speechengines 2010-03-14 15:39:00 ----ASH---- C:\Documents and Settings\thib1984\Application Data\desktop.ini 2010-03-14 15:38:59 ----SD---- C:\Documents and Settings\thib1984\Application Data\Microsoft 2010-03-14 15:38:59 ----D---- C:\Documents and Settings\thib1984\Application Data\InstallShield 2010-03-14 15:38:59 ----D---- C:\Documents and Settings\thib1984\Application Data\Identities ======List of files/folders modified in the last 1 months====== 2010-04-11 21:40:50 ----D---- C:\WINDOWS\Prefetch 2010-04-11 21:38:41 ----D---- C:\WINDOWS\Temp 2010-04-11 21:38:40 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-11 21:26:53 ----D---- C:\WINDOWS\Registration 2010-04-11 21:22:28 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-11 20:21:12 ----HD---- C:\WINDOWS\inf 2010-04-11 20:21:07 ----D---- C:\WINDOWS\system32 2010-04-11 20:21:06 ----D---- C:\WINDOWS\repair 2010-04-11 20:10:03 ----D---- C:\WINDOWS\system32\drivers 2010-04-11 20:08:57 ----SHD---- C:\WINDOWS\Installer 2010-04-11 20:08:53 ----D---- C:\WINDOWS\WinSxS 2010-04-11 20:08:45 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2010-04-11 20:00:35 ----D---- C:\WINDOWS 2010-04-11 14:59:36 ----D---- C:\WINDOWS\system32\CatRoot 2010-04-11 14:57:43 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-04-11 14:12:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-11 13:56:14 ----D---- C:\WINDOWS\system32\RTCOM 2010-04-11 11:20:17 ----SHD---- C:\System Volume Information 2010-04-10 17:36:23 ----RD---- C:\Program Files 2010-04-10 14:43:18 ----D---- C:\WINDOWS\Debug 2010-04-10 14:41:31 ----D---- C:\Program Files\Fichiers communs\InstallShield 2010-04-10 14:41:27 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-10 14:41:27 ----D---- C:\Program Files\ASUS 2010-04-10 14:37:17 ----SD---- C:\WINDOWS\Tasks 2010-04-10 13:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-10 13:00:58 ----D---- C:\WINDOWS\system32\Atheros_L1e 2010-04-10 12:39:37 ----D---- C:\Program Files\RALINK 2010-04-10 12:39:32 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-04-04 14:26:10 ----D---- C:\Program Files\Internet Explorer 2010-03-17 13:46:14 ----D---- C:\WINDOWS\Help 2010-03-17 13:34:58 ----D---- C:\Program Files\Fichiers communs 2010-03-15 01:33:02 ----A---- C:\WINDOWS\OEWABLog.txt 2010-03-15 01:17:23 ----RSD---- C:\WINDOWS\Fonts 2010-03-14 19:08:48 ----A---- C:\WINDOWS\imsins.BAK 2010-03-14 18:48:58 ----A---- C:\WINDOWS\win.ini 2010-03-14 18:48:46 ----D---- C:\Program Files\Windows Media Player 2010-03-14 18:31:59 ----D---- C:\WINDOWS\system32\wbem 2010-03-14 18:31:59 ----D---- C:\WINDOWS\system32\fr-fr 2010-03-14 18:31:59 ----D---- C:\WINDOWS\AppPatch 2010-03-14 18:04:15 ----D---- C:\WINDOWS\Media 2010-03-14 16:55:39 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-14 16:43:34 ----D---- C:\WINDOWS\system 2010-03-14 16:34:09 ----SHD---- C:\RECYCLER 2010-03-14 16:26:00 ----D---- C:\Program Files\Windows NT 2010-03-14 16:25:47 ----D---- C:\WINDOWS\msagent 2010-03-14 16:25:17 ----D---- C:\WINDOWS\security 2010-03-14 16:21:35 ----D---- C:\WINDOWS\srchasst 2010-03-14 15:41:49 ----D---- C:\WINDOWS\system32\Restore 2010-03-14 15:38:58 ----D---- C:\Documents and Settings 2010-03-14 15:38:48 ----A---- C:\WINDOWS\setuplog.txt 2010-03-14 15:38:36 ----D---- C:\WINDOWS\system32\config 2010-03-14 15:38:27 ----RASH---- C:\boot.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2009-04-21 19072] R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2007-07-26 11264] R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-17 4756992] R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-06-20 25088] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2009-12-24 46632] R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2010-02-04 1323040] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-15 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768] S3 maconfservice;Ma-Config Service; D:\Program Files\ma-config.com\maconfservice.exe [2010-01-26 243056] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] S4 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] S4 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-03-14 153376] S4 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] S4 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\RALINK\Common\RaRegistry.exe [2009-12-15 185632] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-04-11 21:41:07 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4nec2 extension version 5.8.0-->"D:\Program Files\4nec2\unins001.exe" 4nec2 version 5.8.0-->"D:\Program Files\4nec2\unins000.exe" 7-Zip 4.65-->"D:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Aspell French Dictionary-0.50-3-->"D:\Program Files\Aspell\unins001.exe" Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2} Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bibliothèques GTK+ 2.14.7 rev a (supprimer uniquement)-->D:\Program Files\Fichiers communs\GTK\2.0\uninst.exe ClamWin Free Antivirus 0.95.3-->"D:\Program Files\ClamWin\unins000.exe" Cobian Backup 9-->D:\Program Files\Cobian Backup 9\cbUninstall.exe COMODO System - Cleaner-->MsiExec.exe /X{C7705C79-92DE-4B48-A64B-98C56E336191} Defraggler-->"D:\Program Files\Defraggler\uninst.exe" Eee Instant Key-->C:\Program Files\InstallShield Installation Information\{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}\setup.exe -runfromtemp -l0x0009 -removeonly ETDWare PS/2-x86 7.0.3.6 WHQL-->rundll32.exe "C:\Program Files\Elantech\ETDUninst.dll",ETD_Uninstall 0 Gadwin PrintScreen-->D:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe Glary Utilities 2.20.0.831-->"D:\Program Files\Glary Utilities\unins000.exe" GNU Aspell 0.50-3-->"D:\Program Files\Aspell\unins000.exe" GPL Ghostscript 8.62-->D:\Program Files\gs\uninstgs.exe "D:\Program Files\gs\gs8.62\uninstal.txt" GPL Ghostscript Fonts-->D:\Program Files\gs\uninstgs.exe "D:\Program Files\gs\fonts\uninstal.txt" GSview 4.9-->D:\Program Files\Ghostgum\gsview\uninstgs.exe "D:\Program Files\Ghostgum\gsview\uninstal.txt" HD Tune 2.54-->"E:\Program Files\HD Tune\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\thib1984\Bureau\HijackThis.exe" /uninstall Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Lingoes 2.7.0-->"D:\Program Files\Lingoes\Translator2\unins000.exe" Ma-Config.com-->MsiExec.exe /X{B9706D6B-754E-4D81-8EE9-393008D57EDB} Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MATLAB Family of Products Release 14-->D:\Matlab\uninstall\uninstall.exe D:\Matlab\ Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.6.3)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (3.0.4)-->D:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Notepad++-->D:\Program Files\Notepad++\uninstall.exe NX Client for Windows 3.4.0-7-->"D:\Program Files\NX Client for Windows\unins000.exe" PDFCreator-->D:\Program Files\PDFCreator\unins000.exe PDF-Viewer-->"D:\Program Files\Tracker Software\PDF Viewer\unins000.exe" Pidgin-->D:\Program Files\Pidgin\pidgin-uninst.exe PSpice Student 9.1-->C:\WINDOWS\IsUninst.exe -f"D:\Program Files\OrCAD_Demo\DeIsL1.isu" Ralink RT2860 Wireless LAN Card-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly Recuva-->"D:\Program Files\Recuva\uninst.exe" SopCast 3.2.9-->D:\Program Files\SopCast\uninst.exe Super Hybrid Engine-->C:\Program Files\InstallShield Installation Information\{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}\setup.exe -runfromtemp -l0x0009 -removeonly TeXnicCenter Version 1 Beta 7.50-->"D:\Program Files\TeXnicCenter\unins000.exe" Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Unlocker 1.8.9-->D:\Program Files\Unlocker\uninst.exe VLC media player 1.0.5-->D:\Program Files\VideoLAN\VLC\uninstall.exe WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinSCP 4.2.7-->"D:\Program Files\WinSCP\unins000.exe" ======Security center information====== AV: AntiVir Desktop (disabled) (outdated) ======System event log====== Computer Name: EEEPC1984 Event Code: 7036 Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution. Record Number: 1692 Source Name: Service Control Manager Time Written: 20100322100422.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Services Terminal Server. Record Number: 1691 Source Name: Service Control Manager Time Written: 20100322100422.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: EEEPC1984 Event Code: 7036 Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté. Record Number: 1690 Source Name: Service Control Manager Time Written: 20100322100422.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 7036 Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution. Record Number: 1689 Source Name: Service Control Manager Time Written: 20100322100422.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application. Record Number: 1688 Source Name: Service Control Manager Time Written: 20100322100422.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: EEEPC1984 Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20100314144141.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 1001 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 4 Source Name: LoadPerf Time Written: 20100314144141.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20100314143936.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 1001 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 2 Source Name: LoadPerf Time Written: 20100314143935.000000+060 Event Type: Informations User: Computer Name: EEEPC1984 Event Code: 11728 Message: Product: WebFldrs XP -- La configuration s'est terminée correctement. Record Number: 1 Source Name: MsiInstaller Time Written: 20100314143923.000000+060 Event Type: Informations User: EEEPC1984\thib1984 ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Matlab\bin\win32; "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=1c02 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% -----------------EOF----------------- Bonsoir et merci encore de vos réponses. Vous trouverez les deux fichiers logs ci dessus...

Merci de vous occuper de mon cas. Avant votre réponse, j'ai téléchargé et installé (en deux essais, premier amenant un échec avec même symptômes que plus haut) Antivir. Impossible de faire un scan (ca bloque sur un fichier, en l'occurence IO.sys, avec les symptômes habituels) Les symptomes apparaissent pendant des analyses, mais ensuite c'est tout le pc qui est atteint (jusqu'au prochain reboot). Je n'ai pas téléchargé de cracks ces derniers temps, mais j'ai quand même installé le logiciel que vous me proposez. Il reboote, mais 'bloque' pendant le scan (essayé deux fois) 1er message (sur un fichier différent à chaque fois) dans boite de dialogue : "L'application n'a pas réussi à s'initialiser correctement (0x00000142). Cliquez sur OK pour arreter l'application" Puis sur un fichier inconnu (l'invite de commande reste noire) "Aucun programme n'est associé à ce fichier pour executer cette action. Creez une association en utilisant l'application Options des dossiers dans le Panneau de Configuration." "Le système ne peut executer le fichier spécifié" apparait dans l'invite de commande 4 fois de suite avec la boite de dialogue précédente. (Cette dernière boucle se répète) Impossible de mener à bout cette analyse donc. Merci de votre aide.

Bonjour à tous, pour commencer, désolé du titre peu évocateur mais mon problème me semble bien complexe pour être résumé en quelques mots. Mon ordinateur est donc un eeepc 901, sous windows XP. 2 disques ssd 4 et 8 go, une troisieme carte mémoire paramètrée comme un disque dur. Quand je lance une analyse 'profonde' avec un logiciel de sécurité (clamwin, mrt, kaspersky removal tools, ...), l'analyse finit par afficher des messages du type 'invalid argument' (clamwin), 'processing error - read error' (kaspersky), ... Le PC devient quasiment inutilisable, le menu démarrer est incomplet, les programmes ne peuvent être lancés ("application win32 non valide"), je ne peux même pas lancer le gestionnaire de tâches ("l'application n'a pas réussi à s'installer correctement")... Les icones disparaissent, les pages internet se 'vident' de leur texte et image... Si je redemarre, le système redevient stable... La rare fois ou l'analyse a correctement fonctionné clamwin n'a rien trouvé. De meme pour MalwareBytes et MRT... J'ai dernièrement upgradé mon BIOS. Le test MTest et ceux que j'ai fait avec HDTune ne m'indiquent aucun problème.... Je ne comprends rien Voici le log de HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:15:33, on 11/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxext.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\thib1984\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: setup_9.0.0.722_11.04.2010_11-09.lnk = E:\Virus Removal Tool\setup_9.0.0.722_11.04.2010_11-09\startup.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1268578532515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1268578522125 O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe -- End of file - 4205 bytes Merci d'avance à tous ceux qui tenteront de m'aider.

Merci !

Bonjour à tous, je pense que mon post est dans la chartre, mais si un modo pense le contraire, qu'il supprime ce message... Voila, j'ai office 2003, et j'ai un souci avec un fichier... qui a disparu. Il s'agit du ficheir xlsicons.exe dans le repertoire C:/WINDOWS/Installer/{9011040C-6000-11D3-8CFE-0150 048383C9} (fichier caché) Il m'a été supprimé par mon ativirus... mais le dernier patch microsoft de ce matin ne me l'a pas ramené... Qqun, qui a fait cette MAJ, peut t'il me faire parvenir ce fichier? (de 400ko)

Problème résolu en rentrant la commande suivante dans l'invite de commande : netsh winsock reset J'ai du faire une bétise avant pour devoir reseter quelque chose... En espérant que quelqu'un trouve une utilité à ce topic un jour!

Comment connaitre son serveur DNS? Je pense qu'il est le meme sur tous mes ordis puisque je ne crois pas l'avoir changé... Demain, je serai sur une autre connexion, celle de mon travail. Je vais voir ce que ca donne la bas...

Bonjour, Il m'est parfois impossible d'acceder à certains sites, par exemple www.clubic.com, depuis mon pc, connecté en wifi à ma livebox. Quelques précisions - Mon pc est optimisé, c''est à dire que j'ai désactivé certains services, depuis un tuto, suur le site de "libellule". - Le problème intervient toujours sur les memes sites (et pas tous donc). - Sur les autres pc connectés à la livebox, pas de soucis, pour ces mêmes sites. - Le ping fonctionne - Le site peut redevenir accesible au cours d'une meme session (et redevenir desacessible quelques minutes aprés) sans que je ne touche a rien. - Ceci intervient sur tous les navigateurs Que faire?