ciocciu

voici le dernier findykill... merci ############################## | FindyKill V5.050 | # User : lolo (Administrateurs) # LOLO-EEBF1AD74A # Update on 03/09/2010 by El Desaparecido # Start at: 17:18:10 | 11/09/2010 # Website : Bienvenue dans nos Pages Persos # Contact : FindyKill.Contact@gmail.com # Intel® Pentium® M processor 1.73GHz # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 # Internet Explorer 6.0.2900.2180 # Windows Firewall Status : Disabled # FW : ZoneAlarm Firewall[ Enabled ]7.0.462.000 # C:\ # Disque fixe local # 52,88 Go (17,52 Go free) # NTFS # D:\ # Disque CD-ROM # E:\ # Disque fixe local # 465,7 Go (308,98 Go free) # FAT32 ################## | Eléments infectieux | Supprimé ! E:\autorun.inf Supprimé ! C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf ################## | CRC32 ... | ################## | Registre | ################## | Etat | # Mode sans echec : OK # Affichage des fichiers cachés : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | Fichiers corrompus | Corrompu : C:\Program Files\Mozilla Firefox\uninstall\helper.exe [Offset = 000000E4 - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe [Offset = 000000FC - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\repair\vsmon.exe [Offset = 0000011C - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zatutor.exe [Offset = 000000F4 - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe [Offset = 000000CC - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [Offset = 0000010C - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [Offset = 000000E4 - Valeur = 0x0001] Corrompu : C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe [Offset = 000000FC - Valeur = 0x0001] Tentative de réparation... Sauvegarde : ScanningProcess.exe.REN [Offset = 000000FC - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. Corrompu : C:\WINDOWS\system32\ZoneLabs\updclient.exe [Offset = 0000010C - Valeur = 0x0001] Tentative de réparation... Sauvegarde : updclient.exe.REN [Offset = 0000010C - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. Corrompu : C:\WINDOWS\system32\ZoneLabs\vsmon.exe [Offset = 0000011C - Valeur = 0x0001] Tentative de réparation... Sauvegarde : vsmon.exe.REN [Offset = 0000011C - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. ################## | Upload | Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_LOLO-EEBF1AD74A.zip : Upload pour UsbFix, Ad-Remover & FindyKill Merci pour votre contribution . ################## | ! Fin du rapport # FindyKill V5.050 ! |

voici le dernier rapport FYK pour info ma connexion internet ne tient toujours pas plus de 5min merci encore ############################## | FindyKill V5.050 | # User : lolo (Administrateurs) # LOLO-EEBF1AD74A # Update on 03/09/2010 by El Desaparecido # Start at: 14:15:21 | 11/09/2010 # Website : Bienvenue dans nos Pages Persos # Contact : FindyKill.Contact@gmail.com # Intel® Pentium® M processor 1.73GHz # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 # Internet Explorer 6.0.2900.2180 # Windows Firewall Status : Disabled # FW : ZoneAlarm Firewall[ Enabled ]7.0.462.000 # C:\ # Disque fixe local # 52,88 Go (17,53 Go free) # NTFS # D:\ # Disque CD-ROM # E:\ # Disque fixe local # 465,7 Go (308,98 Go free) # FAT32 ################## | Eléments infectieux | E:\autorun.inf C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf ################## | Registre | ################## | Etat | # Affichage des fichiers cachés : OK # Mode sans echec : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | ! Fin du rapport # FindyKill V5.050 ! |

voici le rapport zipscan -- Report -- . C:\Documents and Settings\lolo\Mes documents\Téléchargements\vinyl_v700b.zip | Vinyl_V700b/Vinyl/CPL/vpatch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\32bit FTP v.p9.66.19.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\3D GraphSaver v2.0 by DBC.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\ABABALL 1.01 for PalmOS (Serial).zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\ACCESS Dictionary German Spanish 1.0 crack.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Acoustica v2.25a by Eminence.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Active XL Report 4.5 Build 125.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Album Generator and Viewer 2.2.0.0 (Serial).zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Allok Video Splitter v1.4.8 by BRD.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Amateur Contact Log v2.5.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Angel Video Converter v1.3 by FFF.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Apollotech No1 Video Converter v4.1.21 by EXPLOSiON.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Blue Cat's Widening Triple EQ 2.1.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Candy Cruncher v1.57 CRACKEDPANDEMiC.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Cell Racing 1.0.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Cheetah CD Burner v2.90 by NiTROUS.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Corel Draw Select Edition (Serial).zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Deutcher translator 2.0 (Serial).zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\DOLPHIN SOCGDS V5.6 SOLARIS64 by LND.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Ecatenate dbLockdown 2.0 Standard Edition for SQL Server 2005 by ZWT.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\EMailTrackerPro 2.0c build 428.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Emergency 2 v1.2 [ENGLISH] No-CD Patch.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\EZ MP3 Recorder v1.30 by CiM.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\FastFolders v3.2.1 by DiGERATi.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\FaxMail Network for Windows v.n9.70.01.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Febbs 1.9x.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\FIFA 2003 Universal Keygen and Key Changer.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Forge FreeForm 1.1.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\GameHouse Luxor Amun Rising Serial by BalCrNepal.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Golden ComPass for OS-2 (Serial).zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\graph 2.0 crack by REVENGE.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Handbase 3.0 for PalmOS.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Hermetic Stego v3.57.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\IconCool v1.62.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\ImTOO DVD to MP4 Converter v4.0.52.0630 by Lz0.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\IrfanView v3.85 by N-GeN.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Karapuzzz Tetris3D v1.10 for SymbianOS S60.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Knot 3.6 for Mac.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Label Magic v2.1.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Lecture Recorder v4.2 Winall Regged by iNFECTED.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Life Insurance Premium Calculator (LIPC) v2.0.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\LinkBuilder 3.0.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Miss Match v6.0.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\MOBILedit Lite 1.94 (Serial).zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\MSN and Google Talk Password Recovery 1.6.0.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\N.I Windows Games 100 1.0 (Serial).zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Nero 7 Premium ALL (Serial).zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Net Snippets 2.6.0.4.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Netfinder 2.0 for Mac.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Nullsoft Winamp Pro v5.21.497 Incl Keygen by Lz0.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Password Book 2.0 (Serial).zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\PGP Command Line v9.5.0 Linux Incl Patch and Keymaker by ACME.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Pocket Tunes 3.1.4 Deluxe for PalmOS (Serial).zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\ProChat 2.5.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\PromoSoft v1.24 WinALL Incl Keygen by ViRiLiTY.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Quickie Web Albums 2.3.0 (Serial).zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\QuikClean 11b.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Reference Game Launcher 2.0.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Registry Mechanic v6.0.0.780 by TBE.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\RES2DINV v3.55.35 by DiGERATi.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\SciTech Display Doctor 5.3.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\SiteLoad 1.01.002 Keygen.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\SoftBlue Visual Style.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\SuperSpeed SuperSpeed v7.0.1.015 WinXP Home Incl Keymaker by EMBRACE.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Syncro Knight 1.0.3.1.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\TAGG v1.34 Mac by diGERATi.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\The Holiday Story 95.2.5.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Tootoo X to PSP Video Converter v1.0 by AT4RE.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\UltraEdit v9.20a-9.x (Serial).zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Unreal 2 v1.1 by Unknown.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Visual Build 3.5b (Serial).zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\VuPic 3.2b.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Watermark Enterprise Series Server 3.02b (Serial).zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Will Rock v1.1 [GERMAN] Fixed EXE.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Windows System Optimizer v3.8.zip.FindyKill | keygen.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\WisBar Advance 2.0.1.1.zip.FindyKill | install_crack.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\World War 2 Sniper v1.0 +2 TRAINER.zip.FindyKill | install_patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Yaease iPhone Video Converter 1.0.1.0.zip.FindyKill | patch.exe <-- FOUND C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\shared\Zealot Photo to VCD SVCD DVD Converter v1.3 WinALL by TBE.zip.FindyKill | keygen.exe <-- FOUND . -- EOF --

merci pour le "ajouter une réponse"... c'est bizarre lorsque combofix m'affiche le rapport il ne propose pas de continuer à chercher les nuisibles.... bon je poste le rapport zip scan dès que c'est fini merci encore

bonjour merci pour votre réponse et votre aide voici le rapport combofix ComboFix 10-09-09.04 - lolo 11/09/2010 8:42.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.135 [GMT 2:00] Lancé depuis: c:\documents and settings\lolo\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\lolo\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-11 au 2010-09-11 )))))))))))))))))))))))))))))))))))) . 2010-09-10 17:12 . 2010-09-10 17:12 388096 ----a-r- c:\documents and settings\lolo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-08 20:17 . 2010-09-09 18:00 -------- d-----w- c:\documents and settings\lolo\Application Data\vlc 2010-09-08 20:05 . 2010-09-08 20:05 -------- d-----w- c:\program files\Windows Media Connect 2 2010-09-08 20:02 . 2010-09-08 20:03 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys 2010-09-08 18:33 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys 2010-09-08 17:45 . 2010-09-09 18:30 -------- d-----w- c:\program files\Fichiers communs\Common Share 2010-09-08 17:44 . 2010-09-08 17:52 -------- d-----w- c:\program files\Ripp-it_AM 2010-09-08 16:59 . 2010-09-08 17:11 -------- d-----w- c:\program files\WinAVI MP4 Converter 2010-09-08 16:42 . 2010-09-08 16:42 -------- d-----w- c:\program files\OJOsoft 2010-09-08 16:42 . 2008-12-18 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-09-08 16:42 . 2008-12-18 11:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-09-08 16:42 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-09-08 16:25 . 2010-09-08 16:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ 2010-09-08 15:38 . 2010-09-08 15:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2010-09-08 15:37 . 2010-09-08 15:38 -------- d-----w- c:\documents and settings\lolo\Application Data\Canon 2010-09-08 15:37 . 2010-09-08 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2010-09-08 15:35 . 2009-04-21 03:20 74752 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP270 series Printer\LanguageModules\040b\CNMsr9X.dll 2010-09-08 15:30 . 2010-09-08 15:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-09-08 15:29 . 2010-09-08 15:29 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2010-09-08 15:29 . 2009-02-04 13:17 90112 ----a-w- c:\windows\system32\CNC270O.dll 2010-09-08 15:29 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIU9X.DLL 2010-09-08 15:29 . 2010-09-08 15:29 -------- d--h--w- c:\program files\CanonBJ 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\lolo\Local Settings\Application Data\ATI 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\lolo\Application Data\ATI 2010-09-03 17:08 . 2010-09-04 14:59 -------- d-----w- c:\documents and settings\lolo\.moovida 2010-09-03 16:44 . 2010-09-03 16:44 -------- d-----w- c:\program files\MSXML 4.0 2010-09-01 17:11 . 2010-09-01 17:24 -------- d-----w- c:\documents and settings\lolo\Application Data\Nero 2010-09-01 16:08 . 2010-09-01 16:25 -------- d-----w- c:\program files\Nero 2010-09-01 16:07 . 2010-09-01 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2010-09-01 16:07 . 2010-09-01 16:26 -------- d-----w- c:\program files\Fichiers communs\Nero 2010-08-31 19:56 . 2010-08-31 20:58 -------- d-----w- c:\program files\SlySoft 2010-08-31 18:55 . 2010-08-31 18:55 -------- d-----w- c:\program files\MSECache 2010-08-31 18:42 . 2010-08-31 18:42 -------- d-----w- c:\program files\Alcohol Soft 2010-08-31 18:31 . 2010-08-31 18:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-30 22:22 . 2010-09-08 20:02 -------- d-----w- c:\windows\system32\LogFiles 2010-08-28 17:22 . 2010-08-28 17:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-08-28 17:22 . 2010-08-28 17:22 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-08-28 17:16 . 2010-09-01 17:16 64888 ----a-w- c:\documents and settings\lolo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-28 11:16 . 2010-08-28 11:17 -------- d-----w- c:\documents and settings\lolo\Application Data\Notepad++ 2010-08-28 11:16 . 2010-08-28 11:16 -------- d-----w- c:\program files\Notepad++ 2010-08-13 13:59 . 2004-03-22 13:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-08-13 13:59 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll 2010-08-13 13:59 . 2010-08-13 13:59 -------- d-----w- c:\program files\Microsoft.NET 2010-08-13 13:56 . 2010-08-13 13:58 -------- d-----w- c:\program files\Microsoft Office 2003 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 17:12 . 2010-09-10 17:12 -------- d-----w- c:\program files\Trend Micro 2010-09-10 16:51 . 2001-08-28 12:00 72564 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-10 16:51 . 2001-08-28 12:00 461642 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-10 16:32 . 2010-09-10 16:32 4067 ----a-w- C:\FindyKill_Upload_Me_LOLO-EEBF1AD74A.zip 2010-09-09 20:20 . 2010-06-10 16:22 -------- d-----w- c:\program files\AtomixMP3 2010-09-09 20:20 . 2010-05-15 17:24 -------- d-----w- c:\program files\IKEA HomePlanner 2010-09-09 20:11 . 2010-04-07 16:51 -------- d-----w- c:\documents and settings\lolo\Application Data\OfferBox 2010-09-09 18:31 . 2010-03-19 16:59 140852 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-09-09 18:31 . 2010-03-19 16:59 11927584 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-09-09 18:29 . 2010-03-28 11:35 -------- d-----w- c:\program files\ma-config.com 2010-09-09 18:29 . 2010-03-28 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-09-08 22:13 . 2010-03-19 21:41 -------- d-----w- c:\program files\eMule 2010-09-08 20:14 . 2010-04-07 16:30 -------- d-----w- c:\program files\VideoLAN 2010-09-08 19:56 . 2010-09-04 15:17 -------- d-----w- c:\program files\Fluendo 2010-09-08 19:55 . 2010-09-04 15:27 -------- d-----w- c:\documents and settings\lolo\Application Data\moovida-1 2010-09-08 16:24 . 2010-09-08 16:25 1412608 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-09-08 16:24 . 2010-09-08 16:25 4146688 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-09-08 15:37 . 2010-09-08 14:24 -------- d-----w- c:\program files\Canon 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-09-08 14:39 . 2010-09-08 14:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2010-09-03 17:09 . 2010-09-03 17:09 -------- d-----w- c:\documents and settings\lolo\Application Data\Python-Eggs 2010-08-30 22:09 . 2010-03-28 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-14 14:30 . 2010-03-18 14:38 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe . ------- Sigcheck ------- [-] 2008-05-02 . 3224132B659B0D36594BB686D144D9C0 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-10 919016] "HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-19 101888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] 2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-09-29 20:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Moovida\\moovida.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [08/09/2010 20:33 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [08/09/2010 20:34 25704] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/08/2010 20:31 697328] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\lolo\Application Data\Mozilla\Firefox\Profiles\qn1cnc91.default\ FF - prefs.js: browser.startup.homepage - yahoo.fr FF - component: c:\documents and settings\lolo\Application Data\Mozilla\Firefox\Profiles\qn1cnc91.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-11 08:47 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1788) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-09-11 08:49:50 ComboFix-quarantined-files.txt 2010-09-11 06:49 ComboFix2.txt 2010-09-10 20:47 Avant-CF: 14 403 338 240 octets libres Après-CF: 14 394 957 824 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - FAD4D3B18E44CE0B976FB405769D5F51

bonjour j'ai malencontreusement téléchargé un fichier infecté d'un bagle j'ai pris elibagla.exe qui me l'a détruit mais il semble que j'ai toujours des soucis connexion internet qui se coupe au boiut de qq minutes (délai dépassé) homeplayer qui marche plus impossible de lancer zonealarm (zlclient n'est pas une appli win32 valide) etc voici un log combofix et highjackthis ComboFix 10-09-09.04 - lolo 10/09/2010 22:34:11.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.192 [GMT 2:00] Lancé depuis: c:\documents and settings\lolo\Bureau\ComboFix.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\lolo\AUTORUN.INF c:\documents and settings\lolo\lolo.exe c:\windows\system32\Ijl11.dll c:\windows\system32\scrrnfr.dll c:\windows\system32\spool\prtprocs\w32x86\CNMPP5y.DLL . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-10 au 2010-09-10 )))))))))))))))))))))))))))))))))))) . 2010-09-08 20:17 . 2010-09-09 18:00 -------- d-----w- c:\documents and settings\lolo\Application Data\vlc 2010-09-08 20:05 . 2010-09-08 20:05 -------- d-----w- c:\program files\Windows Media Connect 2 2010-09-08 20:02 . 2010-09-08 20:03 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys 2010-09-08 18:33 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys 2010-09-08 17:45 . 2010-09-09 18:30 -------- d-----w- c:\program files\Fichiers communs\Common Share 2010-09-08 17:44 . 2010-09-08 17:52 -------- d-----w- c:\program files\Ripp-it_AM 2010-09-08 16:59 . 2010-09-08 17:11 -------- d-----w- c:\program files\WinAVI MP4 Converter 2010-09-08 16:42 . 2010-09-08 16:42 -------- d-----w- c:\program files\OJOsoft 2010-09-08 16:42 . 2008-12-18 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-09-08 16:42 . 2008-12-18 11:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-09-08 16:42 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-09-08 16:25 . 2010-09-08 16:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ 2010-09-08 15:38 . 2010-09-08 15:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2010-09-08 15:37 . 2010-09-08 15:38 -------- d-----w- c:\documents and settings\lolo\Application Data\Canon 2010-09-08 15:37 . 2010-09-08 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2010-09-08 15:35 . 2009-04-03 13:59 110592 ----a-w- c:\windows\system32\CNC270I.dll 2010-09-08 15:35 . 2009-03-11 09:34 303104 ----a-w- c:\windows\system32\CNC270L.dll 2010-09-08 15:35 . 2009-04-03 14:00 1310720 ----a-w- c:\windows\system32\CNC270C.dll 2010-09-08 15:35 . 2009-04-03 13:57 106496 ----a-w- c:\windows\system32\CNC270U.dll 2010-09-08 15:35 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2010-09-08 15:35 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-09-08 15:35 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-09-08 15:30 . 2010-09-08 15:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-09-08 15:29 . 2010-09-08 15:29 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2010-09-08 15:29 . 2009-02-04 13:17 90112 ----a-w- c:\windows\system32\CNC270O.dll 2010-09-08 15:29 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIU9X.DLL 2010-09-08 15:29 . 2010-09-08 15:29 -------- d--h--w- c:\program files\CanonBJ 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\lolo\Local Settings\Application Data\ATI 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\lolo\Application Data\ATI 2010-09-03 17:09 . 2010-09-03 17:09 -------- d-----w- c:\documents and settings\lolo\Application Data\Python-Eggs 2010-09-03 17:08 . 2010-09-04 14:59 -------- d-----w- c:\documents and settings\lolo\.moovida 2010-09-03 16:44 . 2010-09-03 16:44 -------- d-----w- c:\program files\MSXML 4.0 2010-09-01 17:11 . 2010-09-01 17:24 -------- d-----w- c:\documents and settings\lolo\Application Data\Nero 2010-09-01 16:08 . 2010-09-01 16:25 -------- d-----w- c:\program files\Nero 2010-09-01 16:07 . 2010-09-01 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2010-09-01 16:07 . 2010-09-01 16:26 -------- d-----w- c:\program files\Fichiers communs\Nero 2010-08-31 19:56 . 2010-08-31 20:58 -------- d-----w- c:\program files\SlySoft 2010-08-31 18:55 . 2010-08-31 18:55 -------- d-----w- c:\program files\MSECache 2010-08-31 18:42 . 2010-08-31 18:42 -------- d-----w- c:\program files\Alcohol Soft 2010-08-31 18:31 . 2010-08-31 18:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-30 22:22 . 2010-09-08 20:02 -------- d-----w- c:\windows\system32\LogFiles 2010-08-28 17:22 . 2010-08-28 17:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-08-28 17:22 . 2010-08-28 17:22 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-08-28 17:16 . 2010-09-01 17:16 64888 ----a-w- c:\documents and settings\lolo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-28 11:16 . 2010-08-28 11:17 -------- d-----w- c:\documents and settings\lolo\Application Data\Notepad++ 2010-08-28 11:16 . 2010-08-28 11:16 -------- d-----w- c:\program files\Notepad++ 2010-08-13 13:59 . 2004-03-22 13:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-08-13 13:59 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll 2010-08-13 13:59 . 2010-08-13 13:59 -------- d-----w- c:\program files\Microsoft.NET 2010-08-13 13:56 . 2010-08-13 13:58 -------- d-----w- c:\program files\Microsoft Office 2003 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 17:12 . 2010-09-10 17:12 388096 ----a-r- c:\documents and settings\lolo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-10 17:12 . 2010-09-10 17:12 -------- d-----w- c:\program files\Trend Micro 2010-09-10 16:51 . 2001-08-28 12:00 72564 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-10 16:51 . 2001-08-28 12:00 461642 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-10 16:32 . 2010-09-10 16:32 4067 ----a-w- C:\FindyKill_Upload_Me_LOLO-EEBF1AD74A.zip 2010-09-09 20:20 . 2010-06-10 16:22 -------- d-----w- c:\program files\AtomixMP3 2010-09-09 20:20 . 2010-05-15 17:24 -------- d-----w- c:\program files\IKEA HomePlanner 2010-09-09 20:11 . 2010-04-07 16:51 -------- d-----w- c:\documents and settings\lolo\Application Data\OfferBox 2010-09-09 18:31 . 2010-03-19 16:59 140852 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-09-09 18:31 . 2010-03-19 16:59 11927584 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-09-09 18:29 . 2010-03-28 11:35 -------- d-----w- c:\program files\ma-config.com 2010-09-09 18:29 . 2010-03-28 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-09-08 22:13 . 2010-03-19 21:41 -------- d-----w- c:\program files\eMule 2010-09-08 20:14 . 2010-04-07 16:30 -------- d-----w- c:\program files\VideoLAN 2010-09-08 19:56 . 2010-09-04 15:17 -------- d-----w- c:\program files\Fluendo 2010-09-08 19:55 . 2010-09-04 15:27 -------- d-----w- c:\documents and settings\lolo\Application Data\moovida-1 2010-09-08 16:24 . 2010-09-08 16:25 1412608 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-09-08 16:24 . 2010-09-08 16:25 4146688 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-09-08 15:37 . 2010-09-08 14:24 -------- d-----w- c:\program files\Canon 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-09-08 14:39 . 2010-09-08 14:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2010-08-30 22:09 . 2010-03-28 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-14 14:30 . 2010-03-18 14:38 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe . ------- Sigcheck ------- [-] 2008-05-02 . 3224132B659B0D36594BB686D144D9C0 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-10 919016] "HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-19 101888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] 2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-09-29 20:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Moovida\\moovida.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [08/09/2010 20:33 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [08/09/2010 20:34 25704] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/08/2010 20:31 697328] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\lolo\Application Data\Mozilla\Firefox\Profiles\qn1cnc91.default\ FF - prefs.js: browser.startup.homepage - yahoo.fr FF - component: c:\documents and settings\lolo\Application Data\Mozilla\Firefox\Profiles\qn1cnc91.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-10 22:42 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2264) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Heure de fin: 2010-09-10 22:47:03 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-10 20:47 Avant-CF: 14 373 044 224 octets libres Après-CF: 14 385 901 568 octets libres - - End Of File - - 74256CCD1966F4BB60EED273C4A3762C et highjackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:08:45, on 10/09/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\HomePlayer\HomePlayer.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe -autostart O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 5877 bytes merci à celui ou celle qui voudra bien m'aider lolotte