philipemile

Salut les Zébuloniens, malgré la chaleur, je voudrais faire tourner ma machine MAIS..... j'allume et l'écran sur fond noir me donne comme indication : Erreur lecture disque Entrez Ctrl+Alt+Supp..... d'accord mais cela revient aussi vite après réallumage du pc j'ai mis un Cd avec Win, en ayant changer le démarrage(càd d'abord le cd) là il boote bien sur le cd pour une installation win........évidemment j'arrête l'essai. j'ai démonté le dd, je sens dans la main qu'il tourne ?...j'enlève son alimentation et effectivement cette sensation se termine.... QUE puis-je faire.... :-? Avez-vous une idée afin d'approfondir de mystère...... Merci avant de faire plouf dans la piscine et de vous rafraichir ......avec cette chaleur, salutations philipemile

ok j'en ai pris bonne note, on arrête là les frais...... merci à vous de m'avoir néanmoins sorti de cette mauvaise passe. à bientôt, le moins vite possible......pour d'autres aventures !!!!!!!!!! salut et salutations à tous, Philipemile :P :P

Mince alors,........ quand j'utilise Firefox, avec la recherche "Google" dans le coin supérieur gauche...... LA PAGE excate de notre ami Google s'ouvre directement.....sans cette..... Alors quoi qu'on fait et qu'en pense Mister Pear ? Mystère quand tu nous tiens ! salutations, ph petite précision...... j'ai vu dans Gestionnaire de tâches 2 x iexplorer avec l'un 19376Ko l'autre 18336 Ko

Bonsoir Pear, merci pour ta patience, le rapport est ci-dessus, le combofix s'est bien déroulé, j'ai remis en route les driver(je crois ) avec Defrog; j'ai fait un essai avec mon "Google" redirigé........hélas cettte "me..e" 'est toujours présente ! pas de chance.... on fait quoi ? salutations philipemile

ComboFix 10-05-11.06 - Administrateur 12/05/2010 19:22:09.3.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.697 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur.TITANIUM\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur.TITANIUM\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FILE :: "c:\documents and settings\Administrateur.TITANIUM\qrhdhujx.exe" "c:\windows\system32\qrhdhujx.exe" . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-12 au 2010-05-12 )))))))))))))))))))))))))))))))))))) . 2010-05-12 14:26 . 2010-05-12 14:26 -------- d-----w- C:\HelpAsst_backup 2010-05-11 15:54 . 2010-05-11 15:54 -------- d-----w- C:\rsit 2010-05-07 13:27 . 2010-05-11 21:18 -------- d-----w- c:\program files\ZHPDiag 2010-05-06 17:32 . 2010-05-06 17:32 1956808 ----a-w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-05-01 18:22 . 2010-05-01 18:22 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Avira 2010-05-01 18:18 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-01 18:18 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-01 18:18 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-01 18:18 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-01 18:18 . 2010-05-01 18:18 -------- d-----w- c:\program files\Avira 2010-05-01 18:18 . 2010-05-01 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2010-05-01 18:04 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService.AUTORITE NT\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-05-01 15:09 . 2010-05-01 15:09 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\MSCOZBE 2010-05-01 07:59 . 2010-05-01 16:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2010-04-30 21:16 . 2010-04-30 21:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-04-30 21:16 . 2010-04-30 21:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-30 19:04 . 2010-04-30 19:04 -------- d-sh--w- c:\documents and settings\LocalService.AUTORITE NT\PrivacIE 2010-04-30 19:04 . 2010-04-30 19:04 -------- d-----r- c:\documents and settings\LocalService.AUTORITE NT\Favoris 2010-04-30 17:11 . 2010-05-01 15:54 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll 2010-04-30 17:07 . 2010-04-30 17:07 -------- d-sh--w- c:\documents and settings\NetworkService.AUTORITE NT\IETldCache 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Flood Light Games 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Saved Games 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Flood Light Games 2010-04-23 20:42 . 2010-04-23 20:42 -------- d-----w- c:\program files\Duplicate Cleaner 2010-04-14 21:55 . 2010-05-12 16:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2010-04-14 21:55 . 2010-05-01 10:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-14 08:06 . 2010-04-14 08:06 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Frogwares 2010-04-13 19:07 . 2010-04-13 19:07 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Silverback Productions 2010-04-13 19:07 . 2010-04-13 19:07 4096 ----a-w- c:\windows\d3dx.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-11 20:44 . 2009-10-07 14:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2010-05-11 19:10 . 2009-08-16 15:57 -------- d-----w- c:\program files\Trend Micro 2010-05-10 16:00 . 2009-07-25 17:45 68992 ----a-w- c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-09 07:07 . 2009-07-24 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-08 22:33 . 2009-10-27 18:56 1477528 ----a-w- c:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-05-08 18:07 . 2009-10-27 19:16 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Corel 2010-05-08 16:36 . 2009-10-27 19:16 952 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys 2010-05-08 16:36 . 2009-10-27 19:16 952 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys 2010-05-07 18:43 . 2009-07-30 19:45 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\vlc 2010-05-07 18:43 . 2009-07-26 15:00 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\uTorrent 2010-05-07 14:08 . 2009-07-24 15:22 -------- d-----w- c:\program files\Fichiers communs\Softwin 2010-05-02 17:04 . 2009-07-26 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 15:54 . 2004-08-04 00:54 579584 ----a-w- c:\windows\system32\user32.dll 2010-05-01 15:29 . 2009-07-25 19:08 81984 ----a-w- c:\windows\system32\bdod.bin 2010-05-01 10:48 . 2004-08-22 22:35 1037824 ----a-w- c:\windows\explorer.exe 2010-04-29 13:39 . 2009-07-26 16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-07-26 16:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-11 14:30 . 2009-07-26 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2010-04-11 14:29 . 2010-04-11 14:29 -------- d-----w- c:\program files\Microsoft Works 2010-04-11 14:29 . 2009-10-27 18:55 -------- d-----w- c:\program files\MSBuild 2010-04-11 14:27 . 2010-04-11 14:27 -------- d-----w- c:\program files\Microsoft.NET 2010-04-11 14:24 . 2010-04-11 14:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-03-28 07:26 . 2001-08-24 14:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-28 07:26 . 2001-08-24 14:00 503628 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-16 07:51 . 2009-07-24 15:03 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-03-08 22:11 . 2010-03-08 22:11 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-03-08 21:00 . 2009-07-26 19:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "bdss"=2 (0x2) "LIVESRV"=2 (0x2) "ACDaemon"=2 (0x2) "XCOMM"=2 (0x2) "VSSERV"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Office Outlook"=c:\progra~1\MICROS~2\Office12\OUTLOOK.EXE /recycle "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "ArcSoft Connection Service"=c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe "CorelGadget"=Rundll32.exe "c:\program files\Fichiers communs\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget "Standby"="c:\program files\Fichiers communs\Corel\Standby\Standby.exe" -START [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [4/08/2009 10:36 11392] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/05/2010 20:18 135336] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/07/2009 21:08 691696] . Contenu du dossier 'Tâches planifiées' 2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{7E4C03D1-119E-48C6-868C-8D47818C3EE0}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.skynet.be/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dexia.be\directnet TCP: {24ABC56A-03AC-4489-8E26-E5CCA6FA89CB} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Administrateur.TITANIUM\Application Data\Mozilla\Firefox\Profiles\r3kivfuj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.skynet.be/|http://flvdirect.iamwired.net/ FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-12 19:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,0b,49,57,d4,97,15,45,b2,21,7e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,0b,49,57,d4,97,15,45,b2,21,7e,\ [HKEY_USERS\S-1-5-21-436374069-1343024091-1826246835-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,fd,c2,d3,78,df,76,44,be,c0,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,6e,da,81,35,d3,15,40,bf,b3,bf,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,dc,02,7d,b9,02,26,4e,ad,5d,6a,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3832) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe . ************************************************************************** . Heure de fin: 2010-05-12 19:29:00 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-12 17:28 ComboFix2.txt 2010-05-12 17:12 ComboFix3.txt 2010-05-01 16:08 Avant-CF: 72.379.744.256 octets libres Après-CF: 72.343.166.976 octets libres - - End Of File - - D0FF6AEE0C9D7191BBE75B5653311791

salut, j'ai fait ce qu'il fallait pour Spyboot, faut-il le démarrer, en ce qui concerne Defog , la machine ne s'éteint pas seule, faut -il la redémarrer , voici le radefogger_ disable by jpshortstuff (23.02.10.1) Log created at 18:17 on 12/05/2010 (Administrateur) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=-pport de dEfog

[ je travaille en parallèle avec un portable pour les instruction merci C:\Documents and Settings\Administrateur.TITANIUM\Bureau\HelpAsst_mebroot_fix.exe mer. 12/05/2010 at 16:26:38,30 HelpAssistant account is Active ~ attempting to de-activate Compteÿ: actif Oui Appartient aux groupes locaux *Administrateurs HelpAssistant successfully set Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! ~ attempting to remove Remove on reboot: C:\WINDOWS\system32\termsrv32.dll ~~ Checking firewall ports ~~ backing up DomainProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "4877:TCP"=- "8254:TCP"=- "3389:TCP"=- "4493:TCP"=- "7486:TCP"=- "3021:TCP"=- "4542:TCP"=- backing up StandardProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "4877:TCP"=- "8254:TCP"=- "3389:TCP"=- "4493:TCP"=- "7486:TCP"=- "3021:TCP"=- "4542:TCP"=- ~~ Checking profile list ~~ HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-436374069-1343024091-1826246835-1000 HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove ~ All C:\Documents and Settings\HelpAssistant files successfully removed ~ ~~ Checking mbr ~~ mbr infection detected! ~ running mbr -f Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\ACPI -> 0x864c6ea0 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> 0x8618c5c0 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 50 ! copy of MBR has been found in sector 0x0E4FBFE2 malicious code @ sector 0x0E4FBFE5 ! PE file found in sector at 0x0E4FBFFB ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. original MBR restored successfully ! Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\ACPI -> 0x864c6ea0 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> 0x8618c5c0 Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x0E4FBFE2 malicious code @ sector 0x0E4FBFE5 ! PE file found in sector at 0x0E4FBFFB ! Use "Recovery Console" command "fixmbr" to clear infection ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on mer. 12/05/2010 at 16:53:01,77 Compteÿ: actif Non Appartient aux groupes locaux ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0E4FBFE2 malicious code @ sector 0x0E4FBFE5 ! PE file found in sector at 0x0E4FBFFB ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~

voilà le rapport , excuse, mais d'autres occupations m'ont empêché de répondre de suite, merci C:\Documents and Settings\Administrateur.TITANIUM\Bureau\HAMeb_check.exe mer. 12/05/2010 at 16:05:08,44 Compteÿ: actif Oui Appartient aux groupes locaux *Administrateurs ~~ Checking profile list ~~ S-1-5-21-436374069-1343024091-1826246835-1000 %SystemDrive%\Documents and Settings\HelpAssistant ~~ Checking for HelpAssistant directories ~~ HelpAssistant ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864C6EA0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\ACPI -> 0x864c6ea0 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> 0x8618c5c0 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 50 ! copy of MBR has been found in sector 0x0E4FBFE2 malicious code @ sector 0x0E4FBFE5 ! PE file found in sector at 0x0E4FBFFB ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv32.dll ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] "65533:TCP"=65533:TCP:*:Enabled:Services "52344:TCP"=52344:TCP:*:Enabled:Services "4877:TCP"=4877:TCP:*:Enabled:Services "8254:TCP"=8254:TCP:*:Enabled:Services "3389:TCP"=3389:TCP:*:Enabled:Remote Desktop "4493:TCP"=4493:TCP:*:Enabled:Services "7486:TCP"=7486:TCP:*:Enabled:Services "3021:TCP"=3021:TCP:*:Enabled:Services "4542:TCP"=4542:TCP:*:Enabled:Services [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"=65533:TCP:*:Enabled:Services "52344:TCP"=52344:TCP:*:Enabled:Services "4877:TCP"=4877:TCP:*:Enabled:Services "8254:TCP"=8254:TCP:*:Enabled:Services "3389:TCP"=3389:TCP:*:Enabled:Remote Desktop "4493:TCP"=4493:TCP:*:Enabled:Services "7486:TCP"=7486:TCP:*:Enabled:Services "3021:TCP"=3021:TCP:*:Enabled:Services "4542:TCP"=4542:TCP:*:Enabled:Services ~~ EOF ~~

re bonjour, plus de nouvelles de mon problème... il est vrai hier il se faisait tard..... à bientot pour de nouvel éclircissement, salutations, philipemile

voila ce qui en est GMer [GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-11 20:44:25 Windows 5.1.2600 Service Pack 3 Running: mnfev3cu.exe; Driver: C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\axrcipow.sys ---- System - GMER 1.0.15 ---- SSDT F7E9E45E ZwCreateKey SSDT F7E9E454 ZwCreateThread SSDT F7E9E463 ZwDeleteKey SSDT F7E9E46D ZwDeleteValueKey SSDT F7E9E472 ZwLoadKey SSDT F7E9E440 ZwOpenProcess SSDT F7E9E445 ZwOpenThread SSDT F7E9E47C ZwReplaceKey SSDT F7E9E477 ZwRestoreKey SSDT F7E9E468 ZwSetValueKey ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[216] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01452862 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[216] WS2_32.dll!send 719F4C27 5 Bytes JMP 014526EE .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[216] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 014527E0 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[216] WS2_32.dll!recv 719F676F 5 Bytes JMP 01452726 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[216] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0145275E .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1372] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 013C2862 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1372] WS2_32.dll!send 719F4C27 5 Bytes JMP 013C26EE .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1372] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 013C27E0 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1372] WS2_32.dll!recv 719F676F 5 Bytes JMP 013C2726 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1372] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 013C275E .text C:\WINDOWS\Explorer.EXE[1608] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01902862 .text C:\WINDOWS\Explorer.EXE[1608] WS2_32.dll!send 719F4C27 5 Bytes JMP 019026EE .text C:\WINDOWS\Explorer.EXE[1608] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 019027E0 .text C:\WINDOWS\Explorer.EXE[1608] WS2_32.dll!recv 719F676F 5 Bytes JMP 01902726 .text C:\WINDOWS\Explorer.EXE[1608] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0190275E .text C:\WINDOWS\System32\alg.exe[3164] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00C32862 .text C:\WINDOWS\System32\alg.exe[3164] WS2_32.dll!send 719F4C27 5 Bytes JMP 00C326EE .text C:\WINDOWS\System32\alg.exe[3164] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00C327E0 .text C:\WINDOWS\System32\alg.exe[3164] WS2_32.dll!recv 719F676F 5 Bytes JMP 00C32726 .text C:\WINDOWS\System32\alg.exe[3164] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00C3275E ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI \Device\00000040 86548C88 Device \Driver\ACPI \Device\00000041 86548C88 Device \Driver\ACPI \Device\00000050 86548C88 Device \Driver\ACPI \Device\00000044 86548C88 Device \Driver\ACPI \Device\00000051 86548C88 Device \Driver\ACPI \Device\00000052 86548C88 Device \Driver\ACPI \Device\00000054 86548C88 Device \Driver\ACPI \Device\00000060 86548C88 Device \Driver\ACPI \Device\00000061 86548C88 Device \Driver\ACPI \Device\00000049 86548C88 Device \Driver\ACPI \Device\00000056 86548C88 Device \Driver\ACPI \Device\00000057 86548C88 Device \Driver\ACPI \Device\0000003e 86548C88 Device \Driver\ACPI \Device\0000003f 86548C88 Device \Driver\ACPI \Device\0000004c 86548C88 Device \Driver\ACPI \Device\0000005a 86548C88 Device \Driver\ACPI \Device\0000004d 86548C88 Device \Driver\ACPI \Device\0000005b 86548C88 Device \Driver\ACPI \Device\0000004e 86548C88 Device \Driver\ACPI \Device\0000004f 86548C88 Device \Driver\ACPI \Device\0000005e 86548C88 Device \Driver\ACPI \Device\0000005f 86548C88 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0x7B 0xDB 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0xE2 0x81 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xA8 0x78 0x7E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0x7B 0xDB 0xEF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0xE2 0x81 0xFD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xA8 0x78 0x7E ... Reg HKLM\SOFTWARE\Classes\.mgbnd\Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets@2010-05-11 21360|561738|102408 ---- EOF - GMER 1.0.15 ----

.merci de vous interesser à mon "truc" qui tracasse.... je répond avec un portable du voisin, le GMer tourne toujours.......10 minutes là y-a qqchose ? mais deligne rouge, j'ai récupéré via ma clé le rapport combofix salutations, philipémile ComboFix 10-04-30.03 - Administrateur 01/05/2010 17:49:15.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.548 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur.TITANIUM\Mes documents\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: My Security Engine *On-access scanning enabled* (Updated) {209B6D9C-3E5B-4C8F-ACEA-06FA76B303A1} FW: My Security Engine *enabled* {B7F7C04E-23BF-44C9-B84B-096D7FEC57E1} . ADS - explorer.exe: deleted 33792 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur.TITANIUM\Application Data\Bot.exe c:\documents and settings\Administrateur.TITANIUM\Recent\ANTIGEN.sys c:\documents and settings\Administrateur.TITANIUM\Recent\CLSV.dll c:\documents and settings\Administrateur.TITANIUM\Recent\ddv.sys c:\documents and settings\Administrateur.TITANIUM\Recent\eb.tmp c:\documents and settings\Administrateur.TITANIUM\Recent\energy.exe c:\documents and settings\Administrateur.TITANIUM\Recent\PE.sys c:\documents and settings\Administrateur.TITANIUM\Recent\ppal.dll c:\documents and settings\Administrateur.TITANIUM\Recent\ppal.tmp c:\documents and settings\Administrateur.TITANIUM\Recent\runddlkey.sys c:\documents and settings\Administrateur.TITANIUM\Recent\sld.drv c:\documents and settings\Administrateur.TITANIUM\Recent\sld.exe c:\documents and settings\Administrateur.TITANIUM\Recent\sld.sys c:\documents and settings\Administrateur.TITANIUM\Recent\SM.exe c:\documents and settings\Administrateur.TITANIUM\Recent\snl2w.dll c:\documents and settings\Administrateur.TITANIUM\Recent\snl2w.drv c:\documents and settings\All Users.WINDOWS\Application Data\f57d421 c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\11.mof c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\mozcrt19.dll c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\MSE.ico c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\MSESys\vd952342.bd c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\MSESys\VDAI.ntf c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\MSf57d.exe c:\documents and settings\All Users.WINDOWS\Application Data\f57d421\sqlite3.dll C:\lsass.exe c:\program files\WindowsUpdate c:\recycler\S-1-5-21-484763869-492894223-1343024091-1003 c:\recycler\S-1-5-21-484763869-492894223-1343024091-500 c:\windows\E88D4.exe c:\windows\system\lsm.exe c:\windows\system32\23rh46g.4e c:\windows\system32\bb52fkri.few c:\windows\system32\cooper.mine c:\windows\system32\crt.dat c:\windows\system32\crt4.dll c:\windows\system32\drivers\nd.sys c:\windows\system32\driVERs\yddcc.sys c:\windows\system32\kbddta.dll c:\windows\system32\kboem32.dat c:\windows\system32\kbsnd32.dll c:\windows\system32\keylog.txt c:\windows\system32\kzp.4e c:\windows\system32\msxsltsso.dll c:\windows\system32\nmklo.dll c:\windows\system32\rth.gde c:\windows\system32\userini.exe c:\windows\system32\winstartup.log c:\windows\TEMP\lwcn.exe Une copie infectée de c:\windows\system32\drivers\i8042prt.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty had a snack Une copie infectée de c:\windows\system32\drivers\ndis.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ndis.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DARKNESS -------\Legacy_ND -------\Legacy_SSHNAS -------\Service_darkness -------\Service_ND -------\Legacy_yddcc -------\Service_yddcc ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-01 au 2010-05-01 )))))))))))))))))))))))))))))))))))) . 2010-05-01 15:09 . 2010-05-01 15:10 -------- d-sh--w- c:\documents and settings\Administrateur.TITANIUM\Application Data\My Security Engine 2010-05-01 15:09 . 2010-05-01 15:09 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\MSCOZBE 2010-05-01 08:00 . 2010-05-01 08:00 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B} 2010-05-01 07:59 . 2010-05-01 08:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2010-05-01 07:59 . 2010-05-01 07:59 -------- d-----w- c:\program files\Lavasoft 2010-04-30 21:16 . 2010-04-30 21:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-04-30 21:16 . 2010-04-30 21:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-30 19:12 . 2010-04-30 19:12 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2010-04-30 19:12 . 2010-04-30 19:12 -------- d-----w- c:\documents and settings\HelpAssistant\Saved Games 2010-04-30 19:12 . 2010-04-30 19:12 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2010-04-30 19:12 . 2010-04-30 19:03 32256 ----a-w- c:\documents and settings\HelpAssistant\qrhdhujx.exe 2010-04-30 19:07 . 2010-04-30 19:07 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2010-04-30 19:07 . 2010-04-30 19:07 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2010-04-30 19:06 . 2010-04-30 19:06 -------- d-----w- c:\documents and settings\HelpAssistant\Corel 2010-04-30 19:04 . 2010-04-30 19:04 -------- d-sh--w- c:\documents and settings\LocalService.AUTORITE NT\PrivacIE 2010-04-30 19:04 . 2010-04-30 19:04 -------- d-----r- c:\documents and settings\LocalService.AUTORITE NT\Favoris 2010-04-30 19:02 . 2010-05-01 07:06 32256 ----a-w- c:\windows\system32\qrhdhujx.exe 2010-04-30 19:02 . 2010-05-01 07:06 32256 ----a-w- c:\documents and settings\Administrateur.TITANIUM\qrhdhujx.exe 2010-04-30 17:11 . 2010-05-01 15:54 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll 2010-04-30 17:07 . 2010-04-30 17:07 -------- d-sh--w- c:\documents and settings\NetworkService.AUTORITE NT\IETldCache 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Flood Light Games 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Saved Games 2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Flood Light Games 2010-04-23 20:42 . 2010-04-23 20:42 -------- d-----w- c:\program files\Duplicate Cleaner 2010-04-14 21:55 . 2010-05-01 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2010-04-14 21:55 . 2010-05-01 10:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-14 08:06 . 2010-04-14 08:06 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Frogwares 2010-04-13 19:07 . 2010-04-13 19:07 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Silverback Productions 2010-04-13 19:07 . 2010-04-13 19:07 4096 ----a-w- c:\windows\d3dx.dat 2010-04-11 14:29 . 2010-04-11 14:29 -------- d-----w- c:\program files\Microsoft Works 2010-04-11 14:27 . 2010-04-11 14:27 -------- d-----w- c:\program files\Microsoft.NET 2010-04-11 14:24 . 2010-04-11 14:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-04-11 14:23 . 2010-04-11 14:28 -------- d-----w- c:\windows\SHELLNEW 2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----r- C:\MSOCache 2010-04-10 13:27 . 2010-04-10 13:27 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 15:54 . 2004-08-04 00:54 579584 ----a-w- c:\windows\system32\user32.dll 2010-05-01 15:29 . 2009-07-25 19:08 81984 ----a-w- c:\windows\system32\bdod.bin 2010-05-01 15:28 . 2009-07-25 19:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender 2010-05-01 10:48 . 2004-08-22 22:35 1037824 ----a-w- c:\windows\explorer.exe 2010-04-30 17:03 . 2009-07-30 19:45 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\vlc 2010-04-30 16:30 . 2009-07-26 15:00 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\uTorrent 2010-04-25 19:04 . 2009-10-07 14:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2010-04-14 14:14 . 2009-07-25 17:45 81000 ----a-w- c:\documents and settings\Administrateur.TITANIUM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-11 14:30 . 2009-07-26 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2010-04-11 14:29 . 2009-10-27 18:55 -------- d-----w- c:\program files\MSBuild 2010-03-28 07:26 . 2001-08-24 14:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-28 07:26 . 2001-08-24 14:00 503628 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-16 07:51 . 2009-07-24 15:03 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-03-11 13:47 . 2009-08-01 18:58 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\dvdcss 2010-03-11 08:10 . 2010-03-11 08:10 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Atari 2010-03-10 22:30 . 2009-07-24 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-10 18:29 . 2010-03-10 18:29 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\casanova 2010-03-08 22:11 . 2010-03-08 22:11 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-03-08 22:04 . 2009-10-24 14:22 -------- d-----w- c:\program files\TuneUp Utilities 2008 2010-03-08 21:00 . 2010-03-08 21:00 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-03-08 21:00 . 2009-07-26 19:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-08 20:55 . 2009-07-26 19:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite 2010-03-08 07:54 . 2009-07-26 15:02 -------- d-----w- c:\program files\uTorrent 2010-03-07 09:20 . 2010-03-07 09:20 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\SevenSails 2010-03-03 11:45 . 2010-03-03 11:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AdventureChronicles1 2010-03-03 09:14 . 2010-03-03 09:14 -------- d-----w- c:\documents and settings\Administrateur.TITANIUM\Application Data\Dragon Altar Games . Infected c:\windows\system32\user32.dll hex repaired ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2009-08-29 11069440] [HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-13 1025024] "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8517632] [HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}] [HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Office Outlook"=c:\progra~1\MICROS~2\Office12\OUTLOOK.EXE /recycle "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "ArcSoft Connection Service"=c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe "CorelGadget"=Rundll32.exe "c:\program files\Fichiers communs\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget "Standby"="c:\program files\Fichiers communs\Corel\Standby\Standby.exe" -START [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "4877:TCP"= 4877:TCP:Services "8254:TCP"= 8254:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "4493:TCP"= 4493:TCP:Services "7486:TCP"= 7486:TCP:Services R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [4/08/2009 10:36 11392] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/02/2010 11:03 1229232] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/07/2009 21:08 691696] . Contenu du dossier 'Tâches planifiées' 2010-05-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 09:03] 2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{7E4C03D1-119E-48C6-868C-8D47818C3EE0}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dexia.be\directnet TCP: {24ABC56A-03AC-4489-8E26-E5CCA6FA89CB} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Administrateur.TITANIUM\Application Data\Mozilla\Firefox\Profiles\r3kivfuj.default\ FF - prefs.js: browser.startup.homepage - hxxp://flvdirect.iamwired.net/ FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: keyword.enabled - true FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://flvdirect.iamwired.net/ FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://flvdirect.iamwired.net/ ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-18457 - c:\windows\TEMP\lwcn.exe HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-01 17:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863CE0B0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7893f28 \Driver\ACPI -> 0x863ce0b0 \Driver\atapi -> atapi.sys @ 0xf7640852 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> 0x860a95c0 PacketIndicateHandler -> NDIS.sys @ 0xf7559a21 SendHandler -> NDIS.sys @ 0xf754dd44 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 50 ! copy of MBR has been found in sector 0x0E4FBFE2 malicious code @ sector 0x0E4FBFE5 ! PE file found in sector at 0x0E4FBFFB ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,0b,49,57,d4,97,15,45,b2,21,7e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,0b,49,57,d4,97,15,45,b2,21,7e,\ [HKEY_USERS\S-1-5-21-436374069-1343024091-1826246835-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,fd,c2,d3,78,df,76,44,be,c0,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,6e,da,81,35,d3,15,40,bf,b3,bf,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,fd,c2,d3,78,df,76,44,be,c0,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3808) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\HPZipm12.exe c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Heure de fin: 2010-05-01 18:08:17 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-01 16:08 Avant-CF: 69.394.198.528 octets libres Après-CF: 69.274.791.936 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 06F282CF0FA055D23810AF46C7647FAB

DaonolFix (15.04.09) by jpshortstuff Log created at 18:45 on 11/05/2010 by Administrateur Running from C:\Documents and Settings\Administrateur.TITANIUM\Bureau\DaonolFix.exe =====Find Daonol===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" "midi1"="wdmaud.drv" "midimapper"="midimap.dll" "mixer"="wdmaud.drv" "msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" "msacm.imaadpcm"="imaadp32.acm" "msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msaudio1"="msaud32.acm" "msacm.msg711"="msg711.acm" "msacm.msg723"="msg723.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.sl_anet"="sl_anet.acm" "msacm.trspch"="tssoft32.acm" "MSVideo8"="VfWWDM32.dll" "vidc.cvid"="iccvid.dll" "VIDC.I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "VIDC.IYUV"="iyuv_32.dll" "vidc.M261"="msh261.drv" "vidc.M263"="msh263.drv" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC.UYVY"="msyuv.dll" "VIDC.YUY2"="msyuv.dll" "VIDC.YVU9"="tsbyuv.dll" "VIDC.YVYU"="msyuv.dll" "wave"="wdmaud.drv" "wavemapper"="msacm32.drv" -=Daonol Files=- (none found) -=End Of File=-

[voici le 2ième rapport, merci de porter votre attention sur mon problème, salutations philipemile info.txt logfile of random's system information tool 1.06 2010-05-11 17:54:33 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft MediaConverter 2.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A72FC039-FE41-4BAD-B36E-64368EC54B54}\Setup.exe" -l0x40c ArcSoft ShowBiz DVD 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{996F79F5-2ABF-4B9D-A0C0-ACD046AA8008}\Setup.exe" -l0x40c ArcSoft TotalMedia Extreme-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC5E28DB-A496-415F-9BCF-374AE8E33AB5}\Setup.exe" -l0x40c Ashampoo Burning Studio 9.03-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 9\unins000.exe" Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe" AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Duplicate Cleaner 1.4.5-->"C:\Program Files\Duplicate Cleaner\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone Express-->MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B} HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1} HumBox v4.1 for Humax OAK series-->MsiExec.exe /I{1A672285-DA16-11D5-9240-00105AB28B4A} LoudMo Contextual Ad Assistant-->C:\WINDOWS\system32\B5Kf-2_v.exe MaestroList-->"C:\Program Files\MaestroList\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe SetEditXSat (remove only)-->"C:\Program Files\SetEditXSat\uninstall.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" ThiWeb Live 2.2-->C:\Program Files\ThiWeb Live 2\uninst.exe TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Ulead VideoStudio version 4.0 SE Basic-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Ulead Systems\Ulead VideoStudio 4.0 SE Basic\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead VideoStudio 4.0 SE Basic\IS32Inst.dll" USB Audio/Video Driver-->C:\Program Files\InstallShield Installation Information\{015C057F-D7B9-4D82-B266-FBCF0178F382}\setup.exe -runfromtemp -l0x040c Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe" ======Security center information====== AV: Bitdefender Antivirus AV: My Security Engine AV: AntiVir Desktop FW: My Security Engine ======System event log====== Computer Name: TITANIUM Event Code: 115 Message: Le suivi de la Restauration système a été activé sur tous les lecteurs. Record Number: 5 Source Name: SRService Time Written: 20100507181904.000000+120 Event Type: Informations User: Computer Name: TITANIUM Event Code: 7036 Message: Le service Service de restauration système est entré dans l'état : en cours d'exécution. Record Number: 4 Source Name: Service Control Manager Time Written: 20100507181858.000000+120 Event Type: Informations User: Computer Name: TITANIUM Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de restauration système. Record Number: 3 Source Name: Service Control Manager Time Written: 20100507181858.000000+120 Event Type: Informations User: TITANIUM\Administrateur Computer Name: TITANIUM Event Code: 7036 Message: Le service Service de restauration système est entré dans l'état : arrêté. Record Number: 2 Source Name: Service Control Manager Time Written: 20100507181836.000000+120 Event Type: Informations User: Computer Name: TITANIUM Event Code: 116 Message: Le suivi de la Restauration système a été désactivé sur tous les lecteurs. Record Number: 1 Source Name: SRService Time Written: 20100507181835.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: TITANIUM Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 5 Source Name: SecurityCenter Time Written: 20100508092639.000000+120 Event Type: Informations User: Computer Name: TITANIUM Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur TITANIUM\Administrateur alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 4 Source Name: Userenv Time Written: 20100507234142.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: TITANIUM Event Code: 1 Message: Mise à jour automatique du certificat racine tierce partie réussie : Objet : <CN=America Online Root Certification Authority 1, O=America Online Inc., C=US> Empreinte digitale Sha1 : <3921C115C15D0ECA5CCB5BC4F07D21D8050B566A> Record Number: 3 Source Name: crypt32 Time Written: 20100507205718.000000+120 Event Type: Informations User: Computer Name: TITANIUM Event Code: 4 Message: Récupération de la mise à jour automatique du certificat racine tierce partie réussie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> Record Number: 2 Source Name: crypt32 Time Written: 20100507205718.000000+120 Event Type: Informations User: Computer Name: TITANIUM Event Code: 1002 Message: Application bloquée firefox.exe, version 1.9.1.3523, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 1 Source Name: Application Hang Time Written: 20100507200812.000000+120 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

Logfile of random's system information tool 1.07 (written by random/random) Run by Administrateur at 2010-05-11 17:54:16 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 69 GB (59%) free of 117 GB Total RAM: 1023 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:54:31, on 11/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrateur.TITANIUM\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24ABC56A-03AC-4489-8E26-E5CCA6FA89CB}: NameServer = 192.168.1.1 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 4661 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\User_Feed_Synchronization-{7E4C03D1-119E-48C6-868C-8D47818C3EE0}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "bdss"=2 "LIVESRV"=2 "ACDaemon"=2 "XCOMM"=2 "VSSERV"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-05-11 17:54:16 ----D---- C:\rsit 2010-05-11 14:04:04 ----D---- C:\WINDOWS\pss 2010-05-07 15:27:34 ----D---- C:\Program Files\ZHPDiag 2010-05-02 19:04:52 ----A---- C:\mbam-error.txt 2010-05-01 20:22:31 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Avira 2010-05-01 20:18:32 ----D---- C:\Program Files\Avira 2010-05-01 20:18:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2010-05-01 18:10:48 ----SHD---- C:\RECYCLER 2010-05-01 18:08:18 ----A---- C:\ComboFix.txt 2010-05-01 17:55:58 ----D---- C:\WINDOWS\temp 2010-05-01 17:48:38 ----A---- C:\WINDOWS\sed.exe 2010-05-01 17:40:45 ----A---- C:\Boot.bak 2010-05-01 17:40:39 ----RASHD---- C:\cmdcons 2010-05-01 17:37:48 ----A---- C:\WINDOWS\zip.exe 2010-05-01 17:37:48 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-05-01 17:37:48 ----A---- C:\WINDOWS\SWSC.exe 2010-05-01 17:37:48 ----A---- C:\WINDOWS\SWREG.exe 2010-05-01 17:37:48 ----A---- C:\WINDOWS\NIRCMD.exe 2010-05-01 17:37:48 ----A---- C:\WINDOWS\MBR.exe 2010-05-01 17:37:48 ----A---- C:\WINDOWS\grep.exe 2010-05-01 17:37:15 ----D---- C:\WINDOWS\ERDNT 2010-05-01 17:09:48 ----SHD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSCOZBE 2010-05-01 09:59:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2010-04-30 22:26:47 ----A---- C:\WINDOWS\wininit.ini 2010-04-23 23:41:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games 2010-04-23 23:41:20 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Flood Light Games 2010-04-23 22:42:09 ----D---- C:\Program Files\Duplicate Cleaner 2010-04-14 23:55:32 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-04-14 23:55:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2010-04-14 10:06:37 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Frogwares 2010-04-13 21:07:54 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Silverback Productions ======List of files/folders modified in the last 1 months====== 2010-05-11 17:54:31 ----D---- C:\Program Files\Trend Micro 2010-05-11 17:54:29 ----D---- C:\WINDOWS\Prefetch 2010-05-11 14:39:41 ----D---- C:\WINDOWS 2010-05-11 14:33:45 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-11 14:31:51 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-05-11 14:31:30 ----ASH---- C:\boot.ini 2010-05-11 14:31:30 ----A---- C:\WINDOWS\win.ini 2010-05-11 14:31:30 ----A---- C:\WINDOWS\system.ini 2010-05-09 09:07:37 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-09 09:07:37 ----D---- C:\Config.Msi 2010-05-08 21:20:16 ----A---- C:\WINDOWS\vstudio.INI 2010-05-08 21:20:16 ----A---- C:\WINDOWS\Ulead32.ini 2010-05-08 21:16:54 ----D---- C:\WINDOWS\Help 2010-05-08 21:14:32 ----A---- C:\WINDOWS\dswplug.ini 2010-05-08 20:07:57 ----RD---- C:\Program Files 2010-05-08 20:07:57 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Corel 2010-05-08 20:07:53 ----SHD---- C:\WINDOWS\Installer 2010-05-08 20:00:29 ----D---- C:\Program Files\Fichiers communs 2010-05-08 19:59:17 ----RSD---- C:\WINDOWS\Fonts 2010-05-08 19:44:27 ----D---- C:\WINDOWS\system32 2010-05-08 18:33:46 ----SD---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Microsoft 2010-05-07 20:43:45 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\vlc 2010-05-07 20:43:00 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\uTorrent 2010-05-07 19:22:50 ----D---- C:\Program Files\Mozilla Firefox 2010-05-07 18:18:58 ----SHD---- C:\System Volume Information 2010-05-07 18:18:58 ----D---- C:\WINDOWS\system32\Restore 2010-05-07 18:12:49 ----D---- C:\WINDOWS\system32\config 2010-05-07 16:08:32 ----D---- C:\Program Files\Fichiers communs\Softwin 2010-05-04 18:51:56 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2010-05-03 22:31:26 ----D---- C:\WINDOWS\system32\drivers 2010-05-03 22:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$ 2010-05-02 19:32:13 ----SD---- C:\WINDOWS\Tasks 2010-05-02 19:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-05-02 19:04:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-02 16:39:23 ----D---- C:\WINDOWS\Registration 2010-05-01 20:35:34 ----D---- C:\WINDOWS\Debug 2010-05-01 20:16:36 ----D---- C:\WINDOWS\WinSxS 2010-05-01 17:55:26 ----D---- C:\WINDOWS\system 2010-05-01 17:55:17 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-01 17:54:17 ----A---- C:\WINDOWS\system32\user32.dll 2010-05-01 17:53:35 ----D---- C:\WINDOWS\AppPatch 2010-05-01 17:06:50 ----D---- C:\WINDOWS\Network Diagnostic 2010-05-01 12:48:02 ----A---- C:\WINDOWS\explorer.exe 2010-04-30 21:05:05 ----D---- C:\Documents and Settings ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856] R1 archlp;archlp; C:\WINDOWS\system32\drivers\archlp.sys [2008-01-29 11392] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688] R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-02-04 278908] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys [] S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [] S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB28xxBGA;USB 2863 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2008-05-14 535040] S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2008-05-14 286208] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-08 691696] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-03-09 354560] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056] S4 bdss;BitDefender Scan Server; C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service [] S4 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe /service [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-10-24 462848] S4 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service [] -----------------EOF-----------------

Bonjour la communauté, Je désèspère un peu car après maintes recherches et manipulations je ne parviens pas à éliminer une "cochonnerie" Je plante le décor : XP pro sp3, Ie 8 .... Voilà ce qui se passe : une page ouverte d'Internet,.....en haut à droite une petite fenêtre avec Google...une loupe et ^ j'écris qqchose à rechercher......une même fenetre( grandeur) s'ouvre en dessous....je clic sur rechercher......ET .... une grande page s'ouvre : Gala directory......son adresse est findgala.com... on m'y suggère des options de recherche et si je prend une de celle-ci ..... Je clicque dessus et HOP !!!!!!! une "mer..de" apparait en me faisant les louanges d'antivirus et....compagnie, tout en me disant que mon Pc est infecté, pas facile de foutre en l'air cette page mais bon...elle disparait quand m^me après de multiple clic à gauche et à droite, en ayant éviter de télécharger leur saloperie.... J'ai utilisé Malwarebyte, Spybot&Destroy......rien n'y fait pas moyen de m'en débarrasser. "Security Threat Analysis".... certainement un cadeau plus qu'empoisonné !!!!! Dans les options, en haut à gauche :Gérer les moteurs de recherche ....il se trouve sous Google avec son adresse http:// frindgala.com/xxxxxxx..........MAIS pas moyen de le supprimer, l'option reste en grisé. Bien foutu, imaginé ces Malware, Spyware ou autre Jenaiware ! D'avance un 1000 merci pour qui pourrait allumer ma bougie afin d'en voir clair. pHilippe