zoobie78

Bonjour, je vous ecris car depuis un certain temps j'ai quelques pb avec mes PC (portable et desktop). En effet les 1er symptomes sont apparu sur mon desktop, avec une disparition intermitente du lecteur graveur DVD, quand il apparait dans l'explorateur, impossible de lire CD ou dvd sans avoir des acces disque interminable avec des freeze du PC, en plus impossible de lire n'importe quel CD ou DVD. Maintenant c'est mon portable qui bug, le lecteur dvd apparait bien dans l'explorateur windows, mais impossible de lire n'importe quel CD ou dvd. ayant maintenant des symptomes similaires sur les deux pc, je crois que j'ai besoin de votre aide. Par avance merci. zoobie

Bonjour, je vous ecris car depuis un certain temps j'ai quelques pb avec mes PC (portable et desktop). En effet les 1er symptomes sont apparu sur mon desktop, avec une disparition intermitente du lecteur graveur DVD, quand il apparait dans l'explorateur, impossible de lire CD ou dvd sans avoir des acces disque interminable avec des freeze du PC, en plus impossible de lire n'importe quel CD ou DVD. Maintenant c'est mon portable qui bug, le lecteur dvd apparait bien dans l'explorateur windows, mais impossible de lire n'importe quel CD ou dvd. ayant maintenant des symptomes similaires sur les deux pc, je suspecte peut etre une infection ou quelque chose du genre. Bon je souhaite regler en premier le probleme du portable. j'ai tourne MAM et Antivir = rien de detecte. Voici le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:46:49, on 04/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Microsoft Money 2005\MNYCoreFiles\msmoney.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Admin\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1237157314546 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.casimages.com/iu/ImageUploader5.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myvpn.ford.com/dana-cached/setup/JuniperSetupSP1.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6980 bytes Merci de votre aide Zoobie

OK merci beaucoup pour ton aide !!!

Rapport OTImoveit3 Error: Unable to interpret <processes> in the current context! Error: Unable to interpret <explorer.exe> in the current context! ========== FILES ========== c:\windows\Internet Logs\xDB6.tmp moved successfully. c:\windows\Internet Logs\xDB7.tmp moved successfully. c:\windows\Internet Logs\xDB4.tmp moved successfully. c:\windows\Internet Logs\xDB5.tmp moved successfully. c:\windows\Internet Logs\xDB2.tmp moved successfully. c:\windows\Internet Logs\xDB3.tmp moved successfully. c:\windows\Internet Logs\xDB1.tmp moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3821cf1-e5f6-11dd-997b-00221588ac65}\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Antares\LOCALS~1\Temp\Perflib_Perfdata_8c4.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Antares\LOCALS~1\Temp\tmp3B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Antares\LOCALS~1\Temp\tmp3C.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1ac.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT06dd1.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT07dc8.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01232009_233548 Files moved on Reboot... File C:\DOCUME~1\Antares\LOCALS~1\Temp\Perflib_Perfdata_8c4.dat not found! C:\DOCUME~1\Antares\LOCALS~1\Temp\tmp3B.tmp moved successfully. C:\DOCUME~1\Antares\LOCALS~1\Temp\tmp3C.tmp moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_1ac.dat not found! C:\WINDOWS\temp\ZLT06dd1.TMP moved successfully. C:\WINDOWS\temp\ZLT07dc8.TMP moved successfully.

Voici le rapport de Combofix ComboFix 09-01-21.04 - Antares 2009-01-22 18:18:35.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3327.2706 [GMT 1:00] Lancé depuis: c:\documents and settings\Antares\Bureau\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\resycled c:\resycled\ntldr.com c:\windows\system32\drivers\gaopdxserv.sys D:\Autorun.inf D:\resycled d:\resycled\ntldr.com E:\Autorun.inf E:\resycled e:\resycled\ntldr.com F:\Autorun.inf F:\resycled f:\resycled\ntldr.com G:\Autorun.inf G:\resycled g:\resycled\ntldr.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 )))))))))))))))))))))))))))))))))))) . 2009-01-22 18:11 . 2009-01-22 18:16 <REP> d-------- C:\32788R22FWJFW 2009-01-22 11:04 . 2009-01-22 11:04 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-01-22 10:19 . 2009-01-22 10:19 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Juniper Networks 2009-01-22 09:51 . 2009-01-22 09:51 <REP> d-------- c:\documents and settings\Antares\Application Data\OpenOffice.org 2009-01-22 09:47 . 2009-01-22 09:47 <REP> d-------- c:\program files\OpenOffice.org 3 2009-01-22 09:47 . 2009-01-22 09:47 <REP> d-------- c:\documents and settings\Antares\Application Data\FFSJ 2009-01-22 09:38 . 2009-01-22 09:38 <REP> d-------- c:\windows\system32\FFSJ 2009-01-22 09:38 . 2009-01-22 09:38 794,906 --a------ c:\windows\unins000.exe 2009-01-22 09:38 . 2009-01-22 09:38 4,044 --a------ c:\windows\unins000.dat 2009-01-22 09:21 . 2009-01-22 09:21 <REP> d-------- c:\program files\Juniper Networks 2009-01-22 09:21 . 2009-01-22 11:18 <REP> d-------- c:\documents and settings\Antares\Application Data\Juniper Networks 2009-01-22 09:20 . 2009-01-22 09:20 <REP> d-------- c:\windows\Sun 2009-01-20 21:44 . 2009-01-20 21:46 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-20 21:44 . 2009-01-20 21:44 <REP> d-------- c:\documents and settings\Antares\Application Data\Malwarebytes 2009-01-20 21:44 . 2009-01-20 21:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-20 21:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-20 21:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-19 22:59 . 2009-01-20 21:55 <REP> d-------- c:\program files\PowerStrip 2009-01-16 23:37 . 2009-01-16 23:36 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-16 23:37 . 2009-01-16 23:36 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-16 23:36 . 2009-01-16 23:36 <REP> d-------- c:\program files\Java 2009-01-16 22:56 . 2009-01-16 22:56 <REP> d-------- c:\program files\Intelore 2009-01-14 22:06 . 2009-01-14 22:06 <REP> d-------- c:\program files\Free Download Manager 2009-01-14 22:06 . 2009-01-22 18:20 <REP> d-------- c:\documents and settings\Antares\Application Data\Free Download Manager 2009-01-14 22:06 . 2009-01-14 22:06 <REP> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG 2009-01-14 20:52 . 2009-01-14 20:52 <REP> d-------- c:\windows\system32\fr-fr 2009-01-14 20:52 . 2008-10-16 21:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-14 20:52 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-14 20:52 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-14 20:52 . 2008-10-16 21:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-14 20:52 . 2008-10-16 21:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-14 20:52 . 2008-10-16 21:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-14 20:52 . 2008-10-16 21:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-14 20:52 . 2008-10-16 21:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-14 20:52 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-11 23:20 . 2009-01-11 23:20 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-01-11 23:16 . 2008-12-13 07:37 3,593,216 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-01-11 23:16 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-11 23:16 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-11 23:16 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-11 23:16 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-11 23:16 . 2008-09-15 16:39 1,846,144 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-01-11 23:15 . 2008-06-10 07:07 2,376,760 -----c--- c:\windows\system32\dllcache\WMVCore.dll 2009-01-11 23:15 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-11 23:14 . 2009-01-15 20:45 <REP> d--h----- c:\windows\$hf_mig$ 2009-01-11 23:14 . 2008-04-11 19:51 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-01-11 23:14 . 2008-10-15 17:59 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-11 16:39 . 2009-01-11 16:39 <REP> d-------- c:\windows\system32\LogFiles 2009-01-11 15:02 . 2009-01-11 15:02 <REP> d-------- c:\windows\Logs 2009-01-11 11:40 . 2009-01-10 23:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-01-11 11:40 . 2009-01-10 23:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-01-11 11:40 . 2009-01-10 22:59 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-01-11 11:40 . 2009-01-10 23:55 <REP> d-------- c:\documents and settings\Administrateur\Mes documents 2009-01-11 11:40 . 2009-01-10 23:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-01-11 11:40 . 2009-01-19 21:46 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2009-01-11 11:40 . 2009-01-10 23:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-01-11 11:40 . 2009-01-11 11:40 <REP> d-------- c:\documents and settings\Administrateur 2009-01-11 10:56 . 2009-01-11 10:56 4,030,464 --a------ C:\HDIMG2.dll 2009-01-11 10:56 . 2009-01-11 10:56 1,994,752 --a------ C:\iMEDIAN HD.exe 2009-01-11 10:56 . 2009-01-11 10:56 573,440 --a------ C:\HDRSC.dll 2009-01-11 10:56 . 2009-01-11 10:56 364,544 --a------ C:\uSMCA.dll 2009-01-11 10:56 . 2009-01-11 10:56 102,400 --a------ C:\VKBD.dll 2009-01-11 10:52 . 2009-01-11 10:52 <REP> d-------- c:\program files\SOUNDGRAPH 2009-01-11 10:52 . 2009-01-22 11:18 <REP> d-------- c:\documents and settings\Antares\Application Data\SOUNDGRAPH 2009-01-11 10:52 . 2009-01-11 10:52 <REP> d-------- c:\documents and settings\All Users\Application Data\SOUNDGRAPH 2009-01-11 10:52 . 2003-12-30 22:28 45,060 --a------ c:\windows\system32\drivers\TG_iMON.sys 2009-01-11 10:52 . 2004-12-22 14:51 18,090 --a------ c:\windows\system32\drivers\iMON_PAD.sys 2009-01-11 10:51 . 2009-01-11 10:51 <REP> d-------- c:\program files\ReClock 2009-01-11 10:18 . 2009-01-11 10:18 <REP> d-------- c:\program files\AviSynth 2.5 2009-01-11 10:15 . 2008-10-07 13:19 493,080 --a------ c:\windows\system32\evr.dll 2009-01-11 10:15 . 2007-09-27 14:17 207,720 --a------ c:\windows\system32\evrprop.dll 2009-01-11 10:15 . 2007-10-09 12:03 73,752 --a------ c:\windows\system32\dxva2.dll 2009-01-11 10:14 . 2009-01-11 10:14 <REP> d-------- c:\program files\Haali 2009-01-11 10:13 . 2009-01-14 21:27 <REP> d-------- c:\program files\ffdshow 2009-01-11 10:13 . 2009-01-09 18:15 57,344 --a------ c:\windows\system32\ff_vfw.dll 2009-01-11 10:13 . 2009-01-09 18:15 50,688 --a------ c:\windows\system32\ff_acm.acm 2009-01-11 10:13 . 2009-01-07 19:14 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-01-11 10:12 . 2009-01-11 10:12 <REP> d-------- c:\program files\AC3Filter 2009-01-11 10:12 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm 2009-01-11 10:07 . 2009-01-11 10:08 <REP> d-------- c:\program files\Tracker Software 2009-01-11 10:04 . 2009-01-11 10:04 <REP> d-------- c:\program files\NVIDIA Corporation 2009-01-11 10:04 . 2009-01-11 10:04 <REP> d-------- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-01-11 10:04 . 2006-03-29 08:51 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-01-11 10:04 . 2006-03-29 08:50 671,744 --a------ c:\windows\system32\DolbyHph.dll 2009-01-11 10:04 . 2006-03-29 08:51 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-01-11 10:04 . 2006-03-29 08:51 89,088 --a------ c:\windows\system32\atl71.dll 2009-01-11 10:04 . 2006-03-29 08:51 60,416 --a------ c:\windows\system32\DSETUP.dll 2009-01-11 10:04 . 2006-03-29 08:49 9,856 --a------ c:\windows\system32\drivers\pfc.sys 2009-01-11 10:04 . 2006-05-05 19:21 4,608 --a------ c:\windows\system32\drivers\nvport.sys 2009-01-11 10:03 . 2006-03-29 08:51 348,160 --a------ c:\windows\system32\msvcr71.dll 2009-01-11 10:01 . 2009-01-11 10:01 <REP> d-------- c:\program files\CoreCodec 2009-01-11 09:56 . 2009-01-11 15:08 <REP> d-------- c:\program files\MPC HomeCinema 2009-01-11 09:56 . 2009-01-11 09:56 <REP> d-------- c:\documents and settings\Antares\Application Data\Media Player Classic 2009-01-11 09:21 . 2009-01-11 09:22 <REP> d-------- c:\program files\PhotoFiltre Studio 2009-01-11 09:21 . 2009-01-11 09:21 45 ---h----- c:\windows\dsys0008.dat 2009-01-11 09:17 . 2009-01-11 09:17 <REP> d-------- c:\program files\foobar2000 2009-01-11 09:17 . 2009-01-18 19:44 <REP> d-------- c:\documents and settings\Antares\Application Data\foobar2000 2009-01-11 09:15 . 2009-01-11 09:15 <REP> d-------- c:\program files\7-Zip 2009-01-11 09:12 . 2009-01-22 11:17 4,990,228 --a------ c:\windows\{00000005-00000000-00000000-00001102-00000004-10081102}.CDF 2009-01-11 09:12 . 2009-01-11 14:31 4,990,228 --------- c:\windows\{00000005-00000000-00000000-00001102-00000004-10081102}.BAK 2009-01-11 09:12 . 2009-01-22 11:17 10,432 --a------ c:\windows\system32\CTHELPER.RPT 2009-01-11 09:11 . 2009-01-22 11:02 31,724 --a------ c:\windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-10081102}.rfx 2009-01-11 09:11 . 2009-01-22 11:02 31,724 --a------ c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000004-10081102}.rfx 2009-01-11 09:11 . 2009-01-22 11:02 31,608 --a------ c:\windows\system32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-10081102}.rfx 2009-01-11 09:11 . 2009-01-22 11:02 31,608 --a------ c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-10081102}.rfx 2009-01-11 09:11 . 2009-01-22 11:02 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-01-11 09:11 . 2009-01-22 11:02 1,080 --a------ c:\windows\system32\settings.sfm 2009-01-11 09:11 . 2009-01-22 11:02 292 --a------ c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000004-10081102}.dat 2009-01-11 09:11 . 2009-01-22 11:02 292 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-10081102}.dat 2009-01-11 09:10 . 1999-10-11 02:00 41,984 --------- c:\windows\Ctregrun.exe 2009-01-11 09:06 . 2009-01-11 09:12 <REP> d-------- c:\documents and settings\Antares\Application Data\Creative 2009-01-11 09:06 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE 2009-01-11 09:06 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE 2009-01-11 09:04 . 2009-01-11 09:04 <REP> d-------- c:\windows\system32\Defaults 2009-01-11 09:04 . 1998-01-08 02:00 1,048,576 --------- c:\windows\system32\SFMAN.DAT 2009-01-11 09:04 . 1995-01-13 07:10 149,504 --------- c:\windows\system32\MFCANS32.DLL 2009-01-11 09:04 . 1995-01-13 07:10 108,032 --------- c:\windows\system32\MFCUIA32.DLL 2009-01-11 09:04 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE 2009-01-11 09:04 . 1998-06-05 03:00 84,992 --------- c:\windows\system32\SFCVRT32.DLL 2009-01-11 09:04 . 1995-08-30 03:02 82,432 --------- c:\windows\system32\CTWFLT32.DLL 2009-01-11 09:04 . 1998-10-20 09:05 54,784 --------- c:\windows\system32\INETWH32.DLL 2009-01-11 09:04 . 1994-12-05 04:11 53,552 --------- c:\windows\CTCCW.DLL 2009-01-11 09:04 . 1995-07-13 03:01 26,768 --------- c:\windows\system32\CTL3D.DLL 2009-01-11 09:04 . 1996-05-23 03:24 24,976 --------- c:\windows\CTRES.DLL 2009-01-11 09:04 . 1999-01-14 07:04 231 --------- c:\windows\AC3API.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 17:20 3,190,816 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-22 10:16 92,160 ----a-w c:\windows\Internet Logs\xDB6.tmp 2009-01-22 10:16 1,364,992 ----a-w c:\windows\Internet Logs\xDB7.tmp 2009-01-22 10:02 35,660 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-20 20:39 69,120 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-01-20 20:39 1,351,168 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-01-18 00:03 153,600 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-01-18 00:03 1,345,536 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-01-11 10:46 136,563 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_01_11_11_37_50_small.dmp.zip 2009-01-11 10:37 109,568 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-01-11 09:52 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-11 07:46 --------- d-----w c:\program files\ATI Technologies 2009-01-10 22:34 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-01-10 22:34 --------- d-----w c:\program files\Fichiers communs\ATI Technologies 2009-01-10 22:25 --------- d-----w c:\program files\ASUS 2009-01-10 22:22 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier 2009-01-10 22:21 --------- d-----w c:\program files\Zone Labs 2009-01-10 22:21 --------- d-----w c:\program files\Marvell 2009-01-10 22:19 315,392 ----a-w c:\windows\HideWin.exe 2009-01-10 22:19 --------- d-----w c:\program files\Realtek 2009-01-10 22:14 --------- d-----w c:\program files\Avira 2009-01-10 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-10 22:11 --------- d-----w c:\program files\Intel 2009-01-10 22:01 --------- d-----w c:\program files\microsoft frontpage 2009-01-10 22:00 --------- d-----w c:\program files\Services en ligne 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll 2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll 2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll 2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe 2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll 2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll 2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll 2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll 2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll 2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll 2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll 2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll 2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ------- Sigcheck ------- 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\tcpip.sys 2006-02-14 20:56 359808 667192a11db19f36624119c0dd4de4f2 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031] "Cache Cleaner"="c:\documents and settings\Antares\Application Data\Juniper Networks\Cache Cleaner 5.5.0\dsCacheCleaner.exe" [2007-08-24 193832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "iMON"="c:\program files\SOUNDGRAPH\iMON\iMON.exe" [2009-01-11 2605056] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-09-17 737408] "CTHelper"="CTHELPER.EXE" [2003-04-10 c:\windows\system32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Antares\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet] --a------ 2002-09-30 01:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2002-10-29 09:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet] --a------ 2002-12-03 18:06 45056 c:\program files\Creative\SB Drive Det\SBDrvDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg] --a------ 2003-04-11 07:33 118784 c:\windows\system32\CTASIO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2008-05-16 07:39 16862720 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-23 150568] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-01-10 89600] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-01-11 12160] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-01-10 36864] R4 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMSwissArmy [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3821cf1-e5f6-11dd-997b-00221588ac65}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com m: \Shell\Open\command - m:\resycled\ntldr.com m: . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s mSearchURL = hxxp://www.google.fr/keyword/%s IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 18:20:04 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-01-22 18:20:54 ComboFix-quarantined-files.txt 2009-01-22 17:20:51 Avant-CF: 473 800 704 octets libres Après-CF: 676,929,536 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 328 --- E O F --- 2009-01-15 19:45:10

Bonjour, je crois avoir ete infecte par quelquechose, hier j'ai eu pas mal d'alerte avec des fichier ARK2.tmp etc... Vous serait t'il possible de m'aider ?? Par avance un grand merci **** Rapport Avira **** Avira AntiVir Personal Report file date: jeudi 22 janvier 2009 14:55 Scanning for 1256864 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: XPSP2-558600154 Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/01/2009 07:36:40 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 07:36:42 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 19:47:28 ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 20/01/2009 21:44:33 ANTIVIR3.VDF : 7.1.1.167 308736 Bytes 22/01/2009 13:55:42 Engineversion : 8.2.0.57 AEVDF.DLL : 8.1.0.6 102772 Bytes 11/01/2009 07:36:44 AESCRIPT.DLL : 8.1.1.26 340347 Bytes 16/01/2009 19:45:36 AESCN.DLL : 8.1.1.5 123251 Bytes 11/01/2009 07:36:44 AERDL.DLL : 8.1.1.3 438645 Bytes 11/01/2009 07:36:44 AEPACK.DLL : 8.1.3.5 393588 Bytes 11/01/2009 07:36:44 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/01/2009 07:36:44 AEHEUR.DLL : 8.1.0.84 1540471 Bytes 16/01/2009 19:45:35 AEHELP.DLL : 8.1.2.0 119159 Bytes 11/01/2009 07:36:44 AEGEN.DLL : 8.1.1.10 323957 Bytes 16/01/2009 19:45:30 AEEMU.DLL : 8.1.0.9 393588 Bytes 11/01/2009 07:36:43 AECORE.DLL : 8.1.5.2 172405 Bytes 11/01/2009 07:36:43 AEBB.DLL : 8.1.0.3 53618 Bytes 11/01/2009 07:36:43 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 11/01/2009 07:36:43 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 22 janvier 2009 14:55 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\modules [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\start [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\type [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\imagepath [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\group [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\modules [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\start [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\type [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\imagepath [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys\group [iNFO] The registry entry is invisible. '43126' objects were checked, '10' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avnotify.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'dsCacheCleaner.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'fdm.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'PStrip.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'iMON.exe' - '1' Module(s) have been scanned Scan process 'SixEngine.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '49' files ). Starting the file scan: Begin scan in 'C:\' <System> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <FTP_RAID> Begin scan in 'E:\' <Media> E:\sauvegarde PC portable\Cle usb 1\Manu\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application Begin scan in 'F:\' <DD_Valerie> Begin scan in 'G:\' <DD_Manu> G:\FTP\Utils internet\Nettoyage Zebulon\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [WARNING] The file was ignored! End of the scan: jeudi 22 janvier 2009 15:32 Used time: 36:08 Minute(s) The scan has been done completely. 4142 Scanning directories 266820 Files were scanned 10 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 266809 Files not concerned 2999 Archives were scanned 9 Warnings 0 Notes 43126 Objects were scanned with rootkit scan 10 Hidden objects were found *** Rapport MAM*** Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1675 Windows 5.1.2600 Service Pack 2 22/01/2009 14:55:16 mbam-log-2009-01-22 (14-55-16).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 77854 Temps écoulé: 13 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) *** rapport Hijackthis *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:19:14, on 22/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe C:\Program Files\SOUNDGRAPH\iMON\iMON.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\program files\powerstrip\pstrip.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Antares\Application Data\Juniper Networks\Cache Cleaner 5.5.0\dsCacheCleaner.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe G:\FTP\Utils internet\Nettoyage Zebulon\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [Cache Cleaner] C:\Documents and Settings\Antares\Application Data\Juniper Networks\Cache Cleaner 5.5.0\dsCacheCleaner.exe -action delete O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231626614656 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6925 bytes Encore une fois merci de votre aide

Oui j'ai essaye, sans succes le boot normal bloque toujours au chenillard, je continue donc a sauvegarder les donnees de mon portable sur mon autre PC ( ce qui est long est fastidieux) apres je vais essayer de retrouver le CD de restauration, je pense que apres cela je vais creer un partition systeme, pour installer juste le systeme. J'ai plusieur question pour l'avenir, Peux t'on creer une partition system sans pour cela avoir besoin de reinstaller windows ? Peux t'on sauvegarder la base de registre pour eviter toute futur mesaventure Peux t'on sauvegarder une image de la partition system ? Merci de ton aide et de tes reponses. Une fois tout reinstalle, Xp + SP2 + SP3 + antivir & MBAM, je posterai un rapport hijacthis pour control final.

bon apres creation d'un nouvel utilisateur, reboot en mode normal masi j'ai toujours le meme porblem windows bloque sur le chenillard. Je voulais savoir si justement il n'y avait pas quelque chose qui allait s'ecrire a chaque fois dans le journal des evenements windows ?

bon j'ai regarde pour les peripheriques, il n'y a aucun conflits ou peripherique inconnu. Je vais essayer de creer un autre compte utilisateur, sachant que j'ai deja deux compte utilisateur en plus de celui de l'admnistrateur, masi je me pose la question sur l'interet de cette solution sachant le boot en mode normal bloque au cehnillard windows et que je n'ai pas acces au choix d'utilisateur ?

Je suis d'accord avec toi, mais qu'elle autre solution j'ai ? je pense que je n'ai que cette solution, je vais essayer de graver tout ce que je peux avant!!!

Ok je vais essayer de reparer windows xp, par contre comme le systeme d'exploitation etait pre-installe, je ne crois pas qu'il y avait le sp2. Je vais essayer de retrouver le CD de restauration... je te tiens au courant, mais je suis quasiment sur que le Sp2 ne sera pas inclus...

Toujours pas de redémarrage normal... dernier hijack d'il y a trente secondes: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01:08, on 24/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8800 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146498449093 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O16 - DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} - http://www.wininstall.4d.fr/Products/LastV...oppez/setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\USBDLM\USBDLM.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6878 bytes

Bon j'ai lancé Combofix qui a fait redémarrer le PC quand l'analyse a été terminée. Le redémarrage n'a pas fonctionné, donc mode sans echec.. Une fenêtre Find3M s'est ouverte avec ecrit: Compte rendu en cours de préparation. Ne lancez aucun programme tant que ComboFix n'est pas fini. Une fenetre log.txt -Bloc-bote s'est ouverte ayant le même contenu que dans le compte-rendu que voici: ComboFix 08-09-22.06 - Valerie 2008-09-24 14:58:46.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.343 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Valerie\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.dll C:\WINDOWS\system32\t.txt . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 )))))))))))))))))))))))))))))))))))) . 2008-09-24 10:46 . 2008-09-24 10:48 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2008-09-23 23:56 . 2008-09-24 00:02 <REP> d-------- C:\Program Files\Yahoo! 2008-09-23 23:55 . 2008-09-23 23:56 <REP> d-------- C:\Program Files\CCleaner 2008-09-23 19:07 . 2008-09-23 19:23 <REP> d-------- C:\fixwareout 2008-09-22 19:58 . 2008-09-24 13:46 <REP> d-------- C:\Hijack 2008-09-22 19:41 . 2008-09-22 19:41 <REP> d-------- C:\Program Files\Avira 2008-09-22 19:41 . 2008-09-22 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-22 19:29 . 2008-09-22 19:29 <REP> d-------- C:\Program Files\ToniArts 2008-09-21 23:22 . 2008-09-21 23:22 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-09-21 23:22 . 2008-09-21 23:22 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-09-21 23:02 . 2008-09-21 23:02 <REP> d-------- C:\Documents and Settings\Valerie\Application Data\Malwarebytes 2008-09-21 23:01 . 2008-09-21 23:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-21 23:01 . 2008-09-21 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-21 23:01 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-21 23:01 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-20 23:03 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-09-20 12:39 . 2008-09-20 12:39 <REP> d-------- C:\Documents and Settings\Manu\Application Data\Grisoft 2008-09-20 11:47 . 2008-09-20 11:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-09-20 11:30 . 2008-09-20 11:30 1,948 --a------ C:\WINDOWS\wininit.ini 2008-09-20 10:52 . 2008-09-20 23:04 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-09-20 10:52 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-09-20 10:52 . 2008-09-21 22:26 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-09-20 10:06 . 2008-09-20 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-20 10:05 . 2008-09-20 10:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-20 09:13 . 2008-09-20 10:03 <REP> d-------- C:\Program Files\Fichiers communs\Agnitum Shared 2008-09-20 09:13 . 2008-09-20 09:13 <REP> d-------- C:\Program Files\Agnitum 2008-09-20 00:03 . 2008-09-20 00:03 128,352 --a------ C:\WINDOWS\system32\b1c4.dll 2008-09-20 00:01 . 2008-09-20 00:01 2,335,270 --a------ C:\WINDOWS\system32\49e3.mht 2008-09-20 00:01 . 2008-09-20 00:01 54,624 --a------ C:\WINDOWS\system32\b1c4.sys 2008-09-19 23:16 . 2008-09-19 23:16 2,335,270 --a------ C:\WINDOWS\system32\4a11E.mht 2008-09-19 23:16 . 2008-09-19 23:16 54,624 --a------ C:\WINDOWS\system32\de823.sys 2008-09-15 18:08 . 2008-09-15 18:08 <REP> d-------- C:\Program Files\Sun 2008-09-14 13:00 . 2008-09-14 13:00 38 --a------ C:\WINDOWS\AviSplitter.INI 2008-09-12 18:58 . 2008-09-12 18:58 <REP> d-------- C:\Program Files\Fichiers communs\ST System Shared 2008-09-12 14:39 . 2008-09-12 14:39 <REP> d-------- C:\WINDOWS\WinAVI Video Converter 9.0 2008-09-12 14:12 . 2008-09-12 14:12 <REP> d-------- C:\Documents and Settings\Valerie\Application Data\STOIK 2008-09-12 14:12 . 2008-09-12 18:58 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-07 21:12 . 2008-09-07 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Reallusion 2008-09-07 21:10 . 2008-09-07 21:10 <REP> d-------- C:\Documents and Settings\Valerie\Application Data\InstallShield 2008-09-07 10:01 . 2008-09-07 10:01 <REP> d-------- C:\Documents and Settings\Valerie\Application Data\Reallusion 2008-09-07 09:58 . 2008-09-07 21:11 <REP> d-------- C:\Program Files\Reallusion 2008-09-07 09:58 . 2008-09-07 09:58 <REP> d-------- C:\Program Files\Fichiers communs\Reallusion 2008-09-06 18:49 . 2008-09-20 00:27 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-09-03 08:59 . 2008-09-03 08:59 <REP> d-------- C:\Documents and Settings\Valerie\Application Data\TomTom 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\TomTom HOME 2 2008-09-02 22:05 . 2008-09-02 22:05 29,277,915 --a------ C:\LoquendoTTS.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 06:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-24 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-23 22:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-09-22 18:17 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2008-09-22 17:44 --------- d-----w C:\Program Files\eMule 2008-09-22 17:44 --------- d-----w C:\Program Files\Anti-Blaxx 2008-09-22 17:42 --------- d-----w C:\Program Files\AtomixMP3 2008-09-22 17:41 --------- d-----w C:\Program Files\VirtualDJ 2008-09-22 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 11:35 38,472 ----a-w C:\Documents and Settings\Valerie\Application Data\wklnhst.dat 2008-09-20 23:17 --------- d-----w C:\Program Files\LogMeIn 2008-09-20 08:06 --------- d-----w C:\Program Files\Lavasoft 2008-09-20 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2008-09-15 16:08 --------- d-----w C:\Program Files\Java 2008-09-09 10:27 --------- d-----w C:\Program Files\Bible 2008-09-09 08:30 66,384 ----a-w C:\Documents and Settings\Valerie\Application Data\GDIPFONTCACHEV1.DAT 2008-09-03 06:58 --------- d-----w C:\Program Files\TomTom HOME 2008-08-19 10:11 --------- d-----w C:\Documents and Settings\Valerie\Application Data\GrabIt 2008-08-14 17:11 --------- d-----w C:\Program Files\Fichiers communs\Agfa 2008-08-14 17:11 --------- d-----w C:\Program Files\Agfa 2008-08-13 08:10 --------- d-----w C:\Documents and Settings\Valerie\Application Data\dvdcss 2008-08-10 12:05 --------- d-----w C:\Program Files\Sky 2008-08-10 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sky 2008-08-06 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-07-31 21:13 --------- d-----w C:\Program Files\Sky Broadband 2008-07-07 20:07 68,096 ----a-w C:\WINDOWS\ScUnin.exe 2005-08-12 21:00 140 ----a-w C:\Documents and Settings\Manu\Application Data\wklnhst.dat 2006-05-24 14:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-18 15:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 12:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-05-18 14:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 10:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 16:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 09:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 09:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 09:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 09:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 135168] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248] "EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8080:TCP"= 8080:TCP:freeplayer "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 54424] R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 78336] S0 hgypn;hgypn;C:\WINDOWS\system32\drivers\bkbe.sys [ ] S2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 54424] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] S2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-01-04 237635] S2 USBDLM;USBDLM;C:\Program Files\USBDLM\USBDLM.exe [2008-04-13 156160] S3 b1c4;b1c4;C:\WINDOWS\system32\b1c4.sys [2008-09-20 54624] S3 de823;de823;C:\WINDOWS\system32\de823.sys [2008-09-19 54624] S3 jfdcd;jfdcd;C:\DOCUME~1\Valerie\LOCALS~1\Temp\jfdcd.sys [ ] S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 15576] S4 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a0b852e-fdbd-11dc-8462-000e35ed947f}] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5794b4b-b737-11da-a14d-806d6172696f}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa2aeb25-7d1e-11da-8b88-806d6172696f}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b39925-90fe-11da-9413-806d6172696f}] \Shell\AutoRun\command - G:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4826465-44b5-11da-b9bd-000e35ed947f}] \Shell\AutoRun\command - G:\autorun.exe . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{500AFEEF-5829-C1B7-5827-D44724A72212} - AppMasterCenter.dll . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\z2kcz9h8.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 15:17:47 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe . ************************************************************************** . Heure de fin: 2008-09-24 15:22:39 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-24 13:22:33 Avant-CF: 25ÿ146ÿ507ÿ264 octets libres Après-CF: 25,037,910,016 octets libres 203 --- E O F --- 2008-09-19 22:04:50

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:49:29, on 24/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Hijack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8800 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {500AFEEF-5829-C1B7-5827-D44724A72212} - AppMasterCenter.dll (file missing) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146498449093 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O16 - DPF: {B49BC7A2-057F-4046-B03A-0586FE18834F} - http://www.wininstall.4d.fr/Products/LastV...oppez/setup.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\USBDLM\USBDLM.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7445 bytes

Bon j'ai pas du croiser les doigts assez fort... :/ Le demarrage "normal" ne marche toujours pas.. Y'a juste un truc qui me chiffonne, mais ça n'a probablement rien à voir: dans le rapport Highjack, il y a ça: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com Et je ne sais pas pourquoi.. sky est notre operateur internet et il s'etait mis tout seul en page de démarrage internet.. mais depuis, on l'a viré et on a mis google en page de démarrage.. Est-ce que c'est normal de l'avoir encore là? Bon voilà, pas plus.. Je crois que c'est sans espoir... Dois-je refaire un scan avec highjack? Merci