(Resolu) Securisation

[Titso]

Désolé, mais je ne comprends pas ce que tu me demandes. Peux-tu m'expliquer plus clairement, s'il te plait.

 

Merci

[Falkra]

Oki, désolé, pas de souci, voici un tuto illustré (partie sur les propriétés TCP-IP) :

http://www.libellules.ch/le_routeur_ne_repond_pas.php#TCP

 

C'est dans le champ DNS qu'il faudrait voir ce qui est écrit. Si c'est en automatique, passe en manuel et mets les deux IP des DNS de ton FAI, ou à défaut, celles d'Open DNS, dans la partie du bas ici (ne change rien en haut) :

Si tu as déjà les DNS d'un FAI entrées là dedans (partie du bas donc) note-les sur un papier, pour pouvoir corriger, en cas de besoin.

[Titso]

J'ai qu'une seule adresse DNS 192.168.1.1

[Falkra]

Ok, ça c'est l'adresse du routeur/modem.

 

Je te propose de laisser celle là en position n°1 et de placer 208.67.222.222 dans le deuxième emplacement, en dessous.

Valide, relance le navigateur, au besoin redémarre (normalement, pas besoin), et vois si internet revient.

 

Si ce n'est pas le cas, désactive (temporairement) McAfee, mais totalement, teste internet, puis redémarre la machine pour que ça le réactive.

[Titso]

Cooooooool, maintenant ça marche, je suis vraiment content.

 

Le pire c'est que je viens de me rendre compte que c'était McAfee le problème. Je n'avais pas activé le déverrouillage du pare-feu ce qui m'empêcher d'accéder a Internet. Action entreprise lorsque j'ai utilisé combofix.

Ridicule, non?

 

Ensuite j'ai retiré les adresses DNS et mis tout en automatique. Pour être sure. Maintenant c'est ok.

 

Merci pour ton aide c'est vraiment sympa et je suis désolé d'avoir pris de ton temps pour une erreur stupide.

[Falkra]

Ridicule, non?

Mais non. L'essentiel, c'est d'avoir trouvé, et que ça marche.

 

Ensuite j'ai retiré les adresses DNS et mis tout en automatique. Pour être sure. Maintenant c'est ok.

Parfait, remets ta config originale.

 

On va faire les dernières vérifications, poste un dernier rapport HijackThis stp, et je te fais supprimer combofix proprement, etc.

[Titso]

Salut,

 

Voici le rapport log :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Abi at 2009-06-07 22:10:35

Microsoft Windows XP Professional Service Pack 2

System drive C: has 144 GB (95%) free of 153 GB

Total RAM: 1014 MB (49% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:10:40, on 07/06/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Abi\Desktop\RSIT.exe

C:\Program Files\trend micro\Abi.exe

 

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 6092 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-31 312928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-31 198160]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24267560]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

 

C:\Documents and Settings\Abi\Start Menu\Programs\Startup

Notification de cadeaux MSN.lnk - C:\Documents and Settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-06-07 16:52:16 ----SHD---- C:\RECYCLER

2009-06-07 16:07:18 ----D---- C:\Documents and Settings\Abi\Application Data\InstallShield

2009-06-06 22:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2009-06-06 22:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-06-06 22:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-06-06 22:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-06-06 22:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2009-06-06 22:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$

2009-06-06 22:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-06-06 22:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$

2009-06-06 22:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-06-06 22:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2009-06-06 22:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-06-06 22:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-06-06 22:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-06-06 22:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-06-06 22:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-06-06 22:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-06-06 22:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB942830$

2009-06-06 22:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$

2009-06-06 22:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-06-06 22:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-06-06 22:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-06-06 22:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-06-06 22:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-06-06 22:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-06-06 22:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2009-06-06 22:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-06-06 22:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-06-06 22:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB939373$

2009-06-06 22:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-06-06 22:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-06-06 22:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-06-06 22:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-06-06 22:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-06-06 22:22:07 ----SHD---- C:\Config.Msi

2009-06-06 22:22:07 ----D---- C:\Program Files\MSXML 4.0

2009-06-06 22:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$

2009-06-06 22:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

2009-06-06 22:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2009-06-06 22:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB942831$

2009-06-06 22:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926247$

2009-06-06 22:15:36 ----A---- C:\ComboFix.txt

2009-06-06 22:12:22 ----D---- C:\WINDOWS\temp

2009-06-06 22:09:27 ----A---- C:\Boot.bak

2009-06-06 22:09:09 ----RASHD---- C:\cmdcons

2009-06-06 21:53:21 ----D---- C:\WINDOWS\system32\CatRoot_bak

2009-06-06 20:07:58 ----A---- C:\WINDOWS\zip.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\SWSC.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\SWREG.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\sed.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\PEV.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\NIRCMD.exe

2009-06-06 20:07:58 ----A---- C:\WINDOWS\grep.exe

2009-06-06 20:07:23 ----D---- C:\WINDOWS\ERDNT

2009-06-06 20:03:39 ----D---- C:\Qoobox

2009-06-06 19:34:44 ----A---- C:\WINDOWS\system32\xpsp3res.dll

2009-06-06 19:32:40 ----D---- C:\WINDOWS\system32\PreInstall

2009-06-06 19:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

2009-06-06 19:32:38 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-06 19:06:44 ----N---- C:\WINDOWS\system32\tzchange.exe

2009-06-06 18:46:03 ----D---- C:\Documents and Settings\Abi\Application Data\Malwarebytes

2009-06-06 18:45:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-06-06 18:45:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-06-06 17:04:24 ----D---- C:\Program Files\trend micro

2009-06-06 17:04:23 ----D---- C:\rsit

2009-06-06 14:45:37 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-06-03 20:35:21 ----D---- C:\Program Files\Easy MEMOry

2009-06-02 14:31:53 ----D---- C:\Program Files\SiteAdvisor

2009-05-31 21:54:46 ----D---- C:\Program Files\Microsoft

2009-05-31 21:54:32 ----D---- C:\Program Files\Windows Live SkyDrive

2009-05-31 21:54:11 ----D---- C:\Program Files\Windows Live

2009-05-31 21:09:20 ----D---- C:\Program Files\Common Files\Windows Live

2009-05-31 18:41:30 ----D---- C:\Documents and Settings\Abi\Application Data\Google

2009-05-31 18:30:18 ----D---- C:\Program Files\Common Files\xing shared

2009-05-31 18:30:14 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2009-05-31 18:30:02 ----A---- C:\WINDOWS\system32\pndx5032.dll

2009-05-31 18:30:02 ----A---- C:\WINDOWS\system32\pndx5016.dll

2009-05-31 18:30:01 ----D---- C:\Program Files\Real

2009-05-31 18:30:01 ----A---- C:\WINDOWS\system32\pncrt.dll

2009-05-31 18:29:59 ----D---- C:\Program Files\Common Files\Real

2009-05-31 18:29:57 ----D---- C:\Documents and Settings\Abi\Application Data\Real

2009-05-31 18:28:14 ----D---- C:\Program Files\Google

2009-05-30 17:02:22 ----D---- C:\Documents and Settings\Abi\Application Data\Skype

2009-05-30 17:02:12 ----RD---- C:\Program Files\Skype

2009-05-30 17:02:11 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

2009-05-29 23:47:05 ----D---- C:\Documents and Settings\Abi\Application Data\Macromedia

2009-05-29 23:44:10 ----D---- C:\Documents and Settings\Abi\Application Data\MSNInstaller

2009-05-29 23:22:23 ----RH---- C:\WINDOWS\system32\NTIMPEG2.dll

2009-05-29 23:22:23 ----RH---- C:\WINDOWS\system32\NTIMP3.dll

2009-05-29 23:22:23 ----RH---- C:\WINDOWS\system32\NTICDMK7.dll

2009-05-29 23:13:42 ----A---- C:\WINDOWS\system32\dunzip32.dll

2009-05-29 23:11:55 ----D---- C:\Program Files\McAfee.com

2009-05-29 23:11:53 ----D---- C:\Program Files\Common Files\McAfee

2009-05-29 23:11:42 ----D---- C:\Program Files\McAfee

2009-05-29 23:08:46 ----D---- C:\WINDOWS\IIS Temporary Compressed Files

 

======List of files/folders modified in the last 1 months======

 

2009-06-07 20:40:03 ----D---- C:\WINDOWS\system32\inetsrv

2009-06-07 19:22:17 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-07 19:22:17 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-07 19:22:15 ----HD---- C:\WINDOWS\inf

2009-06-07 19:12:53 ----D---- C:\WINDOWS

2009-06-07 19:11:42 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-07 16:47:50 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-07 16:47:49 ----D---- C:\WINDOWS\system32

2009-06-07 16:46:50 ----D---- C:\WINDOWS\system32\drivers

2009-06-07 16:07:55 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-06-07 15:43:46 ----D---- C:\WINDOWS\Help

2009-06-07 00:36:43 ----SHD---- C:\WINDOWS\Installer

2009-06-06 22:40:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-06 22:38:24 ----SD---- C:\WINDOWS\Tasks

2009-06-06 22:32:11 ----D---- C:\WINDOWS\system32\wbem

2009-06-06 22:32:10 ----D---- C:\WINDOWS\AppPatch

2009-06-06 22:25:32 ----A---- C:\WINDOWS\imsins.BAK

2009-06-06 22:25:15 ----D---- C:\Program Files\Messenger

2009-06-06 22:24:00 ----D---- C:\WINDOWS\WinSxS

2009-06-06 22:22:07 ----RD---- C:\Program Files

2009-06-06 22:21:36 ----D---- C:\Program Files\Internet Explorer

2009-06-06 22:15:07 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt

2009-06-06 22:14:23 ----A---- C:\WINDOWS\system.ini

2009-06-06 22:12:33 ----D---- C:\WINDOWS\system32\config

2009-06-06 22:12:02 ----D---- C:\Program Files\Common Files

2009-06-06 22:09:27 ----RASH---- C:\boot.ini

2009-06-06 21:53:20 ----D---- C:\WINDOWS\Debug

2009-06-06 19:12:30 ----D---- C:\Documents and Settings\Abi\Application Data\Adobe

2009-06-06 19:12:28 ----D---- C:\Program Files\Common Files\Adobe

2009-06-06 14:45:55 ----D---- C:\WINDOWS\SoftwareDistribution

2009-06-04 20:51:28 ----SD---- C:\Documents and Settings\Abi\Application Data\Microsoft

2009-06-04 20:46:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-06-02 14:54:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2009-06-01 14:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2009-05-31 21:55:18 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-05-31 21:54:36 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-05-31 21:54:16 ----RSD---- C:\WINDOWS\Fonts

2009-05-31 21:53:57 ----D---- C:\WINDOWS\pchealth

2009-05-31 18:30:01 ----A---- C:\WINDOWS\system32\msvcr71.dll

2009-05-31 18:30:01 ----A---- C:\WINDOWS\system32\msvcp71.dll

2009-05-31 15:54:37 ----D---- C:\Documents and Settings\Abi\Application Data\Help

2009-05-31 13:33:38 ----D---- C:\WINDOWS\Minidump

2009-05-30 15:30:37 ----D---- C:\Program Files\Zahra Coloring Game

2009-05-30 00:47:54 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-05 9600]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-05 12160]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-05 5888]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-02 94592]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-08 303104]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]

R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]

R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-05 19456]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2006-11-20 33280]

R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]

 

-----------------EOF-----------------

 

 

 

 

Et INFO :

 

 

info.txt logfile of random's system information tool 1.06 2009-06-06 17:06:23

 

======Uninstall list======

 

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini

Canon MP140 series User Registration-->C:\Program Files\Canon\IJEREG\MP140 series\UNINST.EXE

Canon MP140 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009

Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Drawing for Children 2.2-->C:\Program Files\Drawing for Children\Uninstal.exe

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.0.10)-->C:\Documents and Settings\Abi\My Documents\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MyPlayCity Toolbar-->C:\PROGRA~1\MYPLAY~1\UNWISE.EXE /U C:\PROGRA~1\MYPLAY~1\INSTALL.LOG

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Ringed Racing Fun-->"C:\Program Files\MyPlayCity.com\Ringed Racing Fun\unins000.exe"

Sammy Suricate Demo-->C:\PROGRA~1\SAMMYS~1\UNWISE.EXE C:\PROGRA~1\SAMMYS~1\INSTALL.LOG

ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype™ 4.0-->MsiExec.exe /I{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Zahra Coloring Game-->"C:\WINDOWS\Zahra Coloring Game\uninstall.exe" "/U:C:\Program Files\Zahra Coloring Game\Uninstall\uninstall.xml"

 

======Security center information======

 

AV: AntiVir Desktop (disabled) (outdated)

AV: McAfee VirusScan

FW: McAfee Personal Firewall

 

======System event log======

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7000

Message: The crd service failed to start due to the following error:

The system cannot find the path specified.

 

 

Record Number: 6059

Source Name: Service Control Manager

Time Written: 20090318125643.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7023

Message: The Security Image service terminated with the following error:

A dynamic link library (DLL) initialization routine failed.

 

 

Record Number: 6036

Source Name: Service Control Manager

Time Written: 20090318113245.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7000

Message: The crd service failed to start due to the following error:

The system cannot find the path specified.

 

 

Record Number: 6035

Source Name: Service Control Manager

Time Written: 20090318113245.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7023

Message: The Security Image service terminated with the following error:

A dynamic link library (DLL) initialization routine failed.

 

 

Record Number: 6013

Source Name: Service Control Manager

Time Written: 20090318001004.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7000

Message: The crd service failed to start due to the following error:

The system cannot find the path specified.

 

 

Record Number: 6012

Source Name: Service Control Manager

Time Written: 20090318001004.000000+180

Event Type: error

User:

 

=====Application event log=====

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1002

Message: Hanging application HorseLand.exe, version 11.0.0.426, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Record Number: 456

Source Name: Application Hang

Time Written: 20090121223345.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1002

Message: Hanging application HorseLand.exe, version 11.0.0.426, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Record Number: 455

Source Name: Application Hang

Time Written: 20090121222402.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1517

Message: Windows saved user FAMILY-3DBCF2DE\Omi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 445

Source Name: Userenv

Time Written: 20090121202508.000000+180

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1517

Message: Windows saved user FAMILY-3DBCF2DE\Omi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 429

Source Name: Userenv

Time Written: 20090121172826.000000+180

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1517

Message: Windows saved user FAMILY-3DBCF2DE\Abi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 419

Source Name: Userenv

Time Written: 20090121011026.000000+180

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[Falkra]

------[Nettoyage]

 

Désinstalle combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ce dossier s'il existe encore.

C:\QooBox

 

Supprime RSIT, et le dossier c:\RSIT

 

Tu peux garder MBAM, il t'a été utile, et c'est un outil tout public, contrairement à certains utilisés pour nettoyer les machines.

Le module résident (qui tourne à l'arrière plan) est payant, mais le programme fonctionne en mode gratuit, ce module ne s'active simplement pas. Du coup dans sa version gratuite il cohabite avec tout, en tant que scanneur à la demande.

Spybot et Ad-aware sont de conception obsolète, le modèle de MBAM est bien plus pertinent face aux infections actuelles, et donne d'excellents résultats.

 

------[Mises à jour critiques]

 

Il faut passer au SP3 de windows XP. (lien)

Puis passer par windows updates régulièrement.

 

Tu peux passer à IE8 :

http://www.microsoft.com/windows/internet-...er/default.aspx

Il faut mettre Internet Explorer à jour, là tu as IE6, qui est très vulnérable. Même si on ne l'utilise pas, son moteur peut être utilisé par d'autres logiciels et IE6 n'est plus suffisant côté sécurité. On trouve encore des failles, qui ne seront pas corrigées : il suffit d'aller sur une page piégée pour télécharger et installer automatiquement un malware, sans ton accord.

 

 

Il faut bien garder ton système et les logiciels à jour pour éviter les vulnérabilités.

PSI de Secunia peut t'y aider. https://psi.secunia.com/

JavaRa peut t'y aider pour Java : http://raproducts.org/

Tuto JavaRa : http://www.libellules.ch/tuto_javara.php

 

Rends toi sur cette page de configuration du plugin Flash.

Coche la case "M'avertir de la disponibilité d'une mise à jour de Adobe Flash Player", et règle l'intervalle de recherche sur le minimum, ici 7 jours.

Ferme le navigateur et retourne sur la page pour confirmer la prise en compte du réglage.

 

 

Un petit point sur les risques du P2P en matière de sécurité logicielle (par Ogu) :

(clique sur l'image).

 

N'hésite pas à poser des questions, cette partie est aussi importante que la désinfection.

 

Tu peux marquer résolu dans le titre, (en éditant le premier post, le titre devient modifiable).

[Titso]

Salut,

Impossible d'éditer le premier post.

Ensuite concernant le laptop, j'aimerais aussi le nettoyer. C'est possible?

 

Merci

[Titso]

Ok , c'est fait.