jaromil

le mode sans échec ne fonctionne plus ! je vais essayer tes manips (smitfraudfix etc...) Pear Merci !

je n'arrive pas à installer antivir message d'erreur : some files could not be created. please close applications, reboot windows and restart windows je vais tenter en mode sans échec avec prise en charge réseau.

OK, j'essaie mode sans échec récupéré avast désinstallé nettoyage ccleaner exécuté là j'ai du mal à installer antivir, et le wifi se désactive thanx

Lien de téléchargement du fichier txt généré par keyreg1.bat : http://www.sendspace.com/file/khcx4j Je vais tenter le mode sans échec et le reste Merci !

OK, tout à fait d'accord avec toi. je ne suis pas un familier des réseaux P2P... si je m'en sors bye bye emule ! Je vais essayer les manips.

Je m'absente pour l'après-midi, je reprends contact d'ici ce soir, en espérant quelques pistes de solutions Merci de votre aide

Pour Pear, donc : ComboFix 08-10-17.01 - DISCOBABEL 2008-10-19 13:12:51.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.81 [GMT 2:00] Commutateurs utilisés :: C:\Documents and Settings\DISCOBABEL\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\winfilse.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\DISCOBABEL\Application Data\m C:\Documents and Settings\DISCOBABEL\Application Data\m\data.oct C:\Documents and Settings\DISCOBABEL\Application Data\m\flec006.exe C:\Documents and Settings\DISCOBABEL\Application Data\m\list.oct C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\9L0-611 Practice Exam Testing Engine Software 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\A-one Video Joiner 4.97.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Advanced PDF Tools Command Line 2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Advanced_FretPro_2.00.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Age_of_Rifles_demo.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Alice_DVD_to_Pocket_PC_Converter_1.5.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Alt MP3 to WAV Converter 2.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Amara_Flash_News_Ticker_3.1_(Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Amethyst_CIPHER_1.05_(Key+Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Angels and Fairies Screensaver 2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Any@Mail_2.20.1219_Key+Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Ares_Galaxy_Turbo_Booster_4.7.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Assassin SE 5.1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Attachmore Lite 1.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Avast.Pro.v4.7.871.German.Incl.Keymaker-CORE.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Azure_Web_Log_1.51_Patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BidSolid_1.06.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BitPump_1.00.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BitTorrent Acceleration Patch 4.7.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Bookmarker Firefox Add-on 0.7.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Buensoft French 2004.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Buensoft_German_2004_[Patch].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BurnPad 2.2.0.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\c-Wall_3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Catalogo_Endereco_1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ChatChecker_Office_Edition_3.7.8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ChordWizard Silver 2.01a.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Commission_Magician_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CoolClock 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\COTCollector 1.0 [serial].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CrypTalk_1.1.0.32_KeyGen.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Daniusoft_DVD_Audio_Ripper_1.1.10_(With_Crack).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Device Seizure 1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Domain Name Finder 1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DynaPlot.Net 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Easy_Download_1.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\eBay Fee Calculator - Basic Edition 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Ewido.Anti-Spyware.4.0.0.172.By.eXtremeP2P.com.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Exeba-TAMS_3.0.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\EZ-AutoCam 1.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\FAQTool 1.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\fatManager_1.0_[Patch].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Fidyo_FLV_Player_2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\fireQuest.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Flash2Video_4.5_(Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Free_Customer_Management_System_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Garfield's Snowman Demo Screensaver 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\GiffyCutter 2.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Home of the Brave Visualization 1.0.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\honestech Photo DVD 3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Housenator 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\HP0-714 Practice Exam Testing Engine Software 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Infofac_User_Protector_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Informatik Image Driver 3.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Internet Access Manager 1.22.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Jason DVD and Video to MPEG Converter 5.00.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Karakan 4.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\kaspersky.interet.security.6.0.0.303.final.español.llave.17-7-2007.updated-fixed.12-2006.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Kernel Outlook PST Repair 7.05.01 With Crack.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\KRyLack Password Decryptor 2.10.01.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\LASTBID 2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\License4J_1.3_Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Lil'_HTTP_Server_2.20c.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Linspect_Commander_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Mail_Redirect_1.4.276.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\McAfee_VirusScan_Plus_2007_T_X_r_n_c_.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Memscope 1.10.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Midpoint_1.10.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Mini Calculator 1.4.5.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Mitec WMI Explorer 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MM3-WebAssistant Professional 2007.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Mom_Says_No_2.2.3.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MUSoSu 0.9.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MyMusicMachine_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\NetToolsPing 1.0.1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\New Mail Plus 1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Nucleus_Kernel_Digital_Media_Recovery_Software_4.02_[With_Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\O&O_MediaRecovery_4.1.1334_[Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\O&O_SafeErase_3.0_Build_1064_[Patch].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Orfeo Toolbox 1.2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\OutSite-In_Standard_Edition_2_revision_201.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Pad2Pad 1.7.9 build 3971.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Payroll Plus Lite 2007 3.07.0216.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Photo Re-Sizer 2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PicCut_2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PlaceCam 2.27 [Key+Serial].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Pop-a-Color_Value_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Portable.Kaspersky.Anti-Virus.6.0.1.334.Beta.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Power_MP3_WMA_Recorder_1.02.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Presto_Transfer_Firefox_and_Thunderbird_1.7_Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Print Image 0.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Prokeylogger 1.0.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Quick_AVI_MPEG_Joiner_2.0.8.79_Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Quiz Extreme 1.1.196.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\QuizMenu_1.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\QVCS 3.7 build 12.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Reallusion_Effect3D_Studio_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Remove It Permanently 1.0.6.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Reunion_Trakker_4.00_(Crack).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Rune_Vulcanorum_map.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SayRent_DIY_Property_management_software_1.07_(Cracked).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SeeData 1.00.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Shrink_It!_1.0_Beta_2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SLAE_Solver_1.2_Key+Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SmartCodeComponent2D Barcode 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Softany_Txt2Htm2Chm_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SpeedTouch510_traffic_meter_1.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Spirit_of_Forest_2.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\StopGame_Office_Edition_1.3.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Streetmap 1.0.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Symantec.Norton.Ghost.9.Recovery.Disk.En.(Partition.Magic.8.05).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Sysax FTP Automation 4.01.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SysGuard_1.5.8_(With_Crack).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Tagfile 0.05 Alpha.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The Atomic Screensaver 2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The_Sims_2_Zesty_Orange_Dress_skin.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ThreatSentry_3.0_Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TOEFL_Secrets_Study_Guide_Key.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Unreal_Tournament_2003_-_Whiplash_skin.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\VBA_Code_Profiler_2.2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Videora Apple TV Converter 2.15.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\VideoTyrant_0.5.3.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ViewKeys_Product_Key_Editor_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\VocProf Vocabulary Trainer 2.01.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\WorkSMART_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\XDir 1.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Yahoo! Notepad 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Yet Another DVD Player 2.0.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\srvlist.oct C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\155781.exe C:\WINDOWS\system32\drivers\downld\157921.exe C:\WINDOWS\system32\drivers\downld\164203.exe C:\WINDOWS\system32\drivers\downld\165984.exe C:\WINDOWS\system32\drivers\downld\175046.exe C:\WINDOWS\system32\drivers\downld\177156.exe C:\WINDOWS\system32\drivers\downld\177812.exe C:\WINDOWS\system32\drivers\downld\183234.exe C:\WINDOWS\system32\drivers\downld\183531.exe C:\WINDOWS\system32\drivers\downld\185062.exe C:\WINDOWS\system32\drivers\downld\188343.exe C:\WINDOWS\system32\drivers\downld\191546.exe C:\WINDOWS\system32\drivers\downld\194031.exe C:\WINDOWS\system32\drivers\downld\194218.exe C:\WINDOWS\system32\drivers\downld\195765.exe C:\WINDOWS\system32\drivers\downld\195906.exe C:\WINDOWS\system32\drivers\downld\205046.exe C:\WINDOWS\system32\drivers\downld\205937.exe C:\WINDOWS\system32\drivers\downld\210125.exe C:\WINDOWS\system32\drivers\downld\210968.exe C:\WINDOWS\system32\drivers\downld\214453.exe C:\WINDOWS\system32\drivers\downld\219171.exe C:\WINDOWS\system32\drivers\downld\224140.exe C:\WINDOWS\system32\drivers\downld\226046.exe C:\WINDOWS\system32\drivers\downld\230218.exe C:\WINDOWS\system32\drivers\downld\238000.exe C:\WINDOWS\system32\drivers\downld\239734.exe C:\WINDOWS\system32\drivers\downld\245531.exe C:\WINDOWS\system32\drivers\downld\247328.exe C:\WINDOWS\system32\drivers\downld\254359.exe C:\WINDOWS\system32\drivers\downld\254515.exe C:\WINDOWS\system32\drivers\downld\259890.exe C:\WINDOWS\system32\drivers\downld\261187.exe C:\WINDOWS\system32\drivers\downld\267312.exe C:\WINDOWS\system32\drivers\downld\269625.exe C:\WINDOWS\system32\drivers\downld\271515.exe C:\WINDOWS\system32\drivers\downld\279234.exe C:\WINDOWS\system32\drivers\downld\282437.exe C:\WINDOWS\system32\drivers\downld\283468.exe C:\WINDOWS\system32\drivers\downld\284562.exe C:\WINDOWS\system32\drivers\downld\293125.exe C:\WINDOWS\system32\drivers\downld\304890.exe C:\WINDOWS\system32\drivers\downld\310765.exe C:\WINDOWS\system32\drivers\downld\317968.exe C:\WINDOWS\system32\drivers\downld\324453.exe C:\WINDOWS\system32\drivers\downld\325218.exe C:\WINDOWS\system32\drivers\downld\329484.exe C:\WINDOWS\system32\drivers\downld\333203.exe C:\WINDOWS\system32\drivers\downld\384812.exe C:\WINDOWS\system32\drivers\downld\394265.exe C:\WINDOWS\system32\drivers\winfilse.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 )))))))))))))))))))))))))))))))))))) . 2008-10-19 12:39 . 2008-10-19 12:46 <REP> d-------- C:\karcher 2008-10-19 10:51 . 2008-10-19 10:51 <REP> d-------- C:\Program Files\CCleaner2.12 2008-10-15 10:31 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 10:29 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 10:29 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 11:01 . 2008-10-14 11:01 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\IndexEducation 2008-10-14 10:59 . 2008-10-14 10:59 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\InstallShield 2008-10-13 18:57 . 2008-10-13 18:57 <REP> d-------- C:\Program Files\Real Alternative 2008-09-26 08:55 . 2008-09-26 08:55 <REP> d-------- C:\Program Files\pdfsam . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 10:44 --------- d-----w C:\Program Files\Mozilla Firefox_3 2008-10-18 16:37 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\VMNTOOLBAR 2008-10-18 14:39 --------- d-----w C:\Program Files\eMule 2008-10-18 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-10-15 20:11 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\OpenOffice.org2 2008-10-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 13:18 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\SolidDocuments 2008-10-15 10:09 --------- d-----w C:\Program Files\Apple Software Update 2008-10-15 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 09:59 --------- d-----w C:\Program Files\EPSON 2008-10-15 08:20 --------- d-----w C:\Program Files\EasyBox 2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-01 10:43 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\FileZilla 2008-09-26 06:50 --------- d-----w C:\Program Files\GUIPDFTK 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-13 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek 2008-09-13 17:31 --------- d-----w C:\Program Files\Soulseek-Test 2008-09-11 18:11 --------- d-----w C:\Program Files\Ziepod 2008-09-10 11:45 --------- d-----w C:\Program Files\WinUAE_1.5.1_FR_Windows 2008-09-08 21:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-07 09:58 --------- d-----w C:\Program Files\Microsoft Works 2008-09-07 09:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-20 12:50 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\Mick@ël 2008-08-20 12:47 --------- d-----w C:\Program Files\QuickUpload 2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-08-11 10:46 79,080 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-04 13:06 13,682,792 ----a-w C:\Program Files\win_easybox_4.0.exe 2007-12-08 10:46 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe 2007-08-21 10:22 712,360 ----a-w C:\Program Files\Room_Arranger_3.26.exe 2007-07-26 08:49 55,068,209 ----a-w C:\Program Files\Bcdi3 Le Logiciel(Capes Documentation Cdi Bcdi Motbis Module Formation Iufm).rar 2007-07-10 09:06 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2007-03-20 09:47 1,010,688 ----a-w C:\Program Files\SnapKey_v2.0.2.1.exe 2007-02-28 12:21 126 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\wklnhst.dat 2005-07-01 12:49 352,320 ----a-w C:\Program Files\Memento.exe 2008-05-10 11:58 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-18_18.20.57.95 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-19 11:09:53 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-22 839688] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CheckMedi8or"="C:\Program Files\Mediator6\CheckNewUser.exe" [2000-10-25 36864] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\EasyBox\\vlc\\vlc.exe"= "C:\\Program Files\\EasyBox\\apache\\apache.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "C:\\Program Files\\Mozilla Firefox_3\\firefox.exe"= "C:\\Program Files\\Soulseek-Test\\slsk.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a33c83e-b163-11db-8acb-0014a524962d}] \Shell\AutoRun\command - F:\LaunchU3.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 13:17:18 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?5?2?3??????? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa] . Heure de fin: 2008-10-19 13:22:29 ComboFix-quarantined-files.txt 2008-10-19 11:22:23 ComboFix2.txt 2008-10-18 16:25:30 Avant-CF: 32,884,617,216 octets libres Après-CF: 32,863,191,040 octets libres 326 --- E O F --- 2008-10-15 14:30:33 Et pour Pear, encore ? ) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:26:34, on 19/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\karcher\karcher.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28809 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator6\CheckNewUser.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=laptop O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 8740 bytes

je n'oublie pas hijackthis mais je n'ai pas rèussi à le démarrer combofix tourne

désolé par de winfilse.exe dans drivers. je m'occupe de combofix

OK je fais ça

Je n'ai pas de dossier "drivers" dans system 32 il y a un dossier DRVSTORE en bleu, et vide je n'ai pas la possibilité d'afficher les fichiers et dossiers cachés

Oui Angélique, désolé si j'ai en,freint une règle (c'est mon premier pb viral !) je me suis excusé chez pcentraide, et je suis à fond la procédure de zébulon. merci !

Ca a marché après deux essais. Et maintenant, je tente le redémarrage en sans échec ? (je précise pour ma connexion internet en wifi que je dois à chaque fois changer une clé dans regedit comme suit : HKEY Local Machine" > "system" > "CurrentControlSet" > "Services" > "Ndisuio" puis "START", double clic dessus : changer "4" en "3" et je fais ça à chaque démarrage) Merci pour ta réactivité !

OK je tente, merci

Apparemment une erreur : Merci Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] ======================== SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. ~~\SafeBoot\Minimal\Base ~~\SafeBoot\Minimal\Boot Bus Extender ~~\SafeBoot\Minimal\Boot file system ~~\SafeBoot\Minimal\dmboot.sys ~~\SafeBoot\Minimal\dmio.sys ~~\SafeBoot\Minimal\dmload.sys ~~\SafeBoot\Minimal\dmserver ~~\SafeBoot\Minimal\File system ~~\SafeBoot\Minimal\Filter ~~\SafeBoot\Minimal\PCI Configuration ~~\SafeBoot\Minimal\Primary disk ~~\SafeBoot\Minimal\RpcSs ~~\SafeBoot\Minimal\SCSI Class ~~\SafeBoot\Minimal\sermouse.sys ~~\SafeBoot\Minimal\System Bus Extender ~~\SafeBoot\Minimal\vga.sys ~~\SafeBoot\Minimal\vgasave.sys ~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318} ~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F} ======================== Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist!

ok j'essaie merci

Je n'ai pas récupéré le mode sans échec. Du coup, je n'arrive pas à désinstaller avast (UC à 100%, ordi bloqué). Aïe !

OK merci, j'essaie Ccleaner + antivir , et je vous tiens au courant thanx !

Merci J'ai retrouvé ma connexion (enfin j'espère !) Par contre je ne saisis pas bien la marche à suivre : faire un scan avec CCleaner ? en mode sans échec ? puis désinstall d'avast (je n'ai pas de firewall) ? Thanx again !

OK voici le log Je dois m'absenter pour la soirée, je vous tiens au courant demain matin Merci encore pour le temps que vous passez à aider les autres ! C'est bon esprit ! ComboFix 08-10-17.01 - DISCOBABEL 2008-10-18 18:06:36.1 - NTFSx86 Lancé depuis: C:\Documents and Settings\DISCOBABEL\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\autorun.inf C:\WINDOWS\pack.epk C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\3617312.exe C:\WINDOWS\system32\drivers\downld\3618984.exe C:\WINDOWS\system32\drivers\downld\3653453.exe C:\WINDOWS\system32\drivers\downld\3658765.exe C:\WINDOWS\system32\drivers\downld\3662046.exe C:\WINDOWS\system32\drivers\downld\3716515.exe C:\WINDOWS\system32\drivers\downld\3724625.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-18 au 2008-10-18 )))))))))))))))))))))))))))))))))))) . 2008-10-18 18:11 . 2008-10-18 18:11 <REP> d-------- C:\WINDOWS\system32\drivers\downld 2008-10-18 16:39 . 2006-05-22 05:08 839,688 --------- C:\WINDOWS\system32\drivers\winfilse.exe 2008-10-15 10:31 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 10:29 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 10:29 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 11:01 . 2008-10-14 11:01 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\IndexEducation 2008-10-14 10:59 . 2008-10-14 10:59 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\InstallShield 2008-10-13 18:57 . 2008-10-13 18:57 <REP> d-------- C:\Program Files\Real Alternative 2008-10-05 18:17 . 2008-10-18 16:28 <REP> d-------- C:\Program Files\Tennis Elbow 2006 2008-09-26 08:55 . 2008-09-26 08:55 <REP> d-------- C:\Program Files\pdfsam . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 14:50 --------- d-----w C:\Program Files\Mozilla Firefox_3 2008-10-18 14:42 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\VMNTOOLBAR 2008-10-18 14:39 --------- d-----w C:\Program Files\eMule 2008-10-18 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-10-15 20:11 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\OpenOffice.org2 2008-10-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 13:18 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\SolidDocuments 2008-10-15 10:09 --------- d-----w C:\Program Files\Apple Software Update 2008-10-15 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 09:59 --------- d-----w C:\Program Files\EPSON 2008-10-15 08:20 --------- d-----w C:\Program Files\EasyBox 2008-10-01 10:43 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\FileZilla 2008-09-26 06:50 --------- d-----w C:\Program Files\GUIPDFTK 2008-09-13 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek 2008-09-13 17:31 --------- d-----w C:\Program Files\Soulseek-Test 2008-09-11 18:11 --------- d-----w C:\Program Files\Ziepod 2008-09-10 11:45 --------- d-----w C:\Program Files\WinUAE_1.5.1_FR_Windows 2008-09-08 21:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-07 09:58 --------- d-----w C:\Program Files\Microsoft Works 2008-09-07 09:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-20 12:50 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\Mick@ël 2008-08-20 12:47 --------- d-----w C:\Program Files\QuickUpload 2008-08-11 10:46 79,080 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-04 13:06 13,682,792 ----a-w C:\Program Files\win_easybox_4.0.exe 2007-12-08 10:46 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe 2007-08-21 10:22 712,360 ----a-w C:\Program Files\Room_Arranger_3.26.exe 2007-07-26 08:49 55,068,209 ----a-w C:\Program Files\Bcdi3 Le Logiciel(Capes Documentation Cdi Bcdi Motbis Module Formation Iufm).rar 2007-07-10 09:06 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2007-03-20 09:47 1,010,688 ----a-w C:\Program Files\SnapKey_v2.0.2.1.exe 2007-02-28 12:21 126 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\wklnhst.dat 2005-07-01 12:49 352,320 ----a-w C:\Program Files\Memento.exe 2008-05-10 11:58 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "drvsyskit"="C:\WINDOWS\system32\drivers\winfilse.exe" [2006-05-22 839688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-22 839688] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CheckMedi8or"="C:\Program Files\Mediator6\CheckNewUser.exe" [2000-10-25 36864] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\EasyBox\\vlc\\vlc.exe"= "C:\\Program Files\\EasyBox\\apache\\apache.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "C:\\Program Files\\Mozilla Firefox_3\\firefox.exe"= "C:\\Program Files\\Soulseek-Test\\slsk.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a33c83e-b163-11db-8acb-0014a524962d}] \Shell\AutoRun\command - F:\LaunchU3.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe HKLM-Run-EoEngine - (no file) HKLM-Run-EoWeather - (no file) MSConfigStartUp-Load - C:\WINDOWS\svchost.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\DISCOBABEL\Application Data\Mozilla\Firefox\Profiles\18lprl72.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#Accueil FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\NPOFF12.DLL FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\nppl3260.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-18 18:11:25 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?5?2?3??????? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Heure de fin: 2008-10-18 18:25:20 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-18 16:24:59 Avant-CF: 32 910 123 008 octets libres Après-CF: 33,039,314,944 octets libres 179 --- E O F --- 2008-10-15 14:30:33

Combofix a bien généré le rapport Par contre j'ai un petit souci pour le poster : mon ordi infecté est en Wifi, et la connection internet ne marche plus ni en wifi ni en ethernet (connectivité limitée etc...) je poste ce message à partir de mon 2e PC de bureau. j"hésite à mettre le log de combofix sur une clé usb, j'ai peur de contaminer mon pc sain. comment puis-je faire ? merci !

Merci pour la réponse rapide Je vais essayer eh oui, le P2p... moi qui ne l'utilise jamais (

Bonjour, je suis infecté par le Trojan Win32:Beagle-AAW Je suppose que cela vient d'un fichier trouvé sur emule Impossible de démarrer en mode sans échec Machine très très ralentie Le trojan tente à chaque démarrage d'interrompre Avast... Le Wifi est inutilisable config de mon PC : Windows XP SP2 (ou SP3 depuis maj récente) Quelle serait la procédure à suivre ? Merci d'avance pour votre aide !