sujet de nino1974

[nino1974]

Bonjour, une ligne jaune oui mais pas "Unknown boot code"

 

le rapport combofix;

 

ComboFix 10-08-21.06 - ptit scarabé 22/08/2010 16:58:39.2.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.1076 [GMT 2:00]

Lancé depuis: c:\documents and settings\ptit scarabé\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-22 au 2010-08-22 ))))))))))))))))))))))))))))))))))))

.

 

2010-08-19 12:04 . 2010-08-19 12:04 -------- d--h--w- c:\windows\PIF

2010-08-19 11:20 . 2010-08-19 11:20 -------- d-----w- C:\_OTM

2010-08-17 22:00 . 2010-08-17 22:00 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys

2010-08-08 18:42 . 2010-08-08 18:42 -------- d-----w- c:\windows\Downloaded Installations

2010-08-03 15:33 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-08-03 15:33 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-08-03 15:33 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-08-03 15:33 . 2010-08-03 15:33 -------- d-----w- c:\program files\Avira

2010-08-03 15:33 . 2010-08-03 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-08-03 09:26 . 2010-08-16 21:49 -------- d-----w- c:\program files\ZHPDiag

2010-08-02 15:13 . 2010-08-02 15:14 -------- d-----w- c:\program files\aMSN

2010-08-01 23:42 . 2010-08-03 22:57 -------- d-----w- c:\program files\VLC

2010-08-01 19:08 . 2010-08-01 19:17 -------- d-----w- C:\WORT

2010-07-31 16:35 . 2010-07-31 16:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-30 15:17 . 2010-07-30 15:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-07-30 13:39 . 2010-08-16 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-30 13:39 . 2010-07-30 13:42 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-30 10:35 . 2010-07-30 10:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMNQIYAV

2010-07-29 10:23 . 2010-07-29 10:23 -------- d-----w- c:\documents and settings\NetworkService\Bureau

2010-07-29 08:51 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-07-29 08:36 . 2010-07-29 08:36 -------- d-----w- c:\windows\system32\fr

2010-07-29 08:36 . 2010-07-29 08:36 -------- d-----w- c:\windows\l2schemas

2010-07-29 06:20 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-07-28 18:52 . 2010-07-28 18:52 -------- d-----w- C:\found.000

2010-07-28 16:42 . 2010-07-28 16:42 -------- d-----w- c:\documents and settings\LocalService\Bureau

2010-07-28 16:34 . 2010-07-28 16:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-28 16:05 . 2010-07-28 16:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-28 16:00 . 2010-07-28 16:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-28 16:00 . 2010-07-29 12:05 -------- d-----w- c:\program files\Google

2010-07-28 15:59 . 2010-08-02 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-28 13:42 . 2010-07-28 13:42 -------- d-----w- c:\program files\Zone Labs

2010-07-28 13:41 . 2010-07-28 13:44 -------- d-----w- c:\windows\Internet Logs

2010-07-28 10:17 . 2010-07-28 10:17 -------- d-----w- C:\VritualRoot

2010-07-28 10:16 . 2010-07-28 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

2010-07-28 09:48 . 2010-07-28 10:17 -------- d-----w- c:\program files\Microsoft Silverlight

2010-07-27 23:48 . 2010-07-28 10:17 -------- d-----w- c:\windows\BDOSCAN8

2010-07-26 13:04 . 2010-07-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-01 23:35 . 2010-05-26 21:03 -------- d-----w- c:\program files\VideoLAN

2010-07-30 13:35 . 2001-08-28 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat

2010-07-30 13:35 . 2001-08-28 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat

2010-07-29 08:58 . 2010-05-24 13:25 -------- d-----w- c:\program files\MSN Messenger

2010-07-29 08:39 . 2010-05-23 23:25 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat

2010-07-29 07:40 . 2010-05-25 21:24 -------- d-----w- c:\program files\trend micro

2010-07-29 07:24 . 2010-05-25 12:05 -------- d-----w- c:\program files\CCleaner

2010-07-21 15:12 . 2010-07-21 15:12 0 ----a-w- c:\windows\nsreg.dat

2010-07-11 13:11 . 2010-07-11 13:11 -------- d-----w- c:\program files\Fichiers communs\Java

2010-07-11 13:09 . 2010-07-06 18:56 -------- d-----w- c:\program files\Java

2010-07-04 12:35 . 2010-05-25 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-07-04 12:24 . 2010-06-23 19:11 562858 ----a-w- c:\windows\hpoins21.dat

2010-07-03 17:25 . 2010-07-03 17:17 -------- d-----w- c:\program files\Fichiers communs\Nero

2010-07-03 17:24 . 2010-07-03 17:18 -------- d-----w- c:\program files\Nero

2010-07-03 17:21 . 2010-07-03 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2010-06-30 12:32 . 2002-08-29 09:44 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-25 12:00 . 2010-06-25 11:57 19580 ----a-w- c:\windows\hpqins13.dat

2010-06-25 11:55 . 2010-06-23 13:39 -------- d-----w- c:\program files\HP

2010-06-24 12:25 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2002-08-29 09:32 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-24 01:00 . 2010-06-24 01:00 -------- d-----w- c:\program files\MSXML 4.0

2010-06-23 23:02 . 2010-06-23 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2010-06-23 23:00 . 2010-06-23 22:56 78312 ----a-w- c:\windows\hpqins05.dat

2010-06-23 22:58 . 2010-06-23 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2010-06-23 20:04 . 2010-06-23 20:04 -------- d-----w- c:\program files\Hewlett-Packard

2010-06-23 20:04 . 2010-06-23 20:04 -------- d-----w- c:\program files\Fichiers communs\HP

2010-06-23 19:26 . 2010-06-23 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY

2010-06-23 12:09 . 2010-06-23 12:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-06-21 15:27 . 2001-08-28 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2001-08-28 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2010-05-29 16:11 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe

2010-06-14 07:42 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-05-29 16:12 . 2010-05-29 16:12 558142 ----a-w- c:\windows\java\Packages\ZF3HBXVR.ZIP

2010-05-29 16:12 . 2010-05-29 16:12 2678 ----a-w- c:\windows\java\Packages\Data\NNDV7HZ7.DAT

2010-05-29 16:12 . 2010-05-29 16:12 2678 ----a-w- c:\windows\java\Packages\Data\7TBR3P3N.DAT

2010-05-29 16:12 . 2010-05-29 16:12 2678 ----a-w- c:\windows\java\Packages\Data\X71F3XJJ.DAT

2010-05-29 16:12 . 2010-05-29 16:12 2678 ----a-w- c:\windows\java\Packages\Data\B31RBVLV.DAT

2010-05-29 16:12 . 2010-05-29 16:12 155995 ----a-w- c:\windows\java\Packages\UST7N5Z5.ZIP

2010-05-29 16:12 . 2010-05-29 16:12 2678 ----a-w- c:\windows\java\Packages\Data\8PF93DF7.DAT

2010-05-29 16:10 . 2010-05-23 23:22 23032 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-08-02_22.24.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-22 14:56 . 2010-08-22 14:56 16384 c:\windows\Temp\Perflib_Perfdata_2ec.dat

+ 2010-08-22 14:55 . 2010-08-22 14:55 16384 c:\windows\Temp\Perflib_Perfdata_1c8.dat

+ 2009-03-08 02:31 . 2010-06-24 12:25 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 02:31 . 2010-05-06 10:33 55296 c:\windows\system32\msfeedsbs.dll

+ 2001-08-28 10:00 . 2010-06-24 12:25 25600 c:\windows\system32\jsproxy.dll

- 2001-08-28 10:00 . 2010-05-06 10:33 25600 c:\windows\system32\jsproxy.dll

+ 2010-08-03 15:33 . 2009-05-11 08:11 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2010-05-31 19:14 . 2010-05-06 10:33 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-05-31 19:14 . 2010-06-24 12:25 12800 c:\windows\system32\dllcache\xpshims.dll

- 2010-05-31 19:14 . 2010-05-06 10:33 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2010-05-31 19:14 . 2010-06-24 12:25 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-03-08 02:33 . 2010-05-06 10:33 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-03-08 02:33 . 2010-06-24 12:25 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll

- 2001-08-28 10:00 . 2010-05-06 10:33 206848 c:\windows\system32\occache.dll

+ 2001-08-28 10:00 . 2010-06-24 12:25 206848 c:\windows\system32\occache.dll

+ 2002-08-29 09:44 . 2010-06-24 12:25 611840 c:\windows\system32\mstime.dll

- 2002-08-29 09:44 . 2010-05-06 10:33 611840 c:\windows\system32\mstime.dll

+ 2009-03-08 02:32 . 2010-06-24 12:25 599040 c:\windows\system32\msfeeds.dll

- 2009-03-08 02:32 . 2010-05-06 10:33 599040 c:\windows\system32\msfeeds.dll

+ 2010-08-16 14:06 . 2010-08-16 14:06 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe

+ 2010-08-16 14:06 . 2010-08-16 14:06 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll

+ 2002-08-29 09:44 . 2010-06-24 12:25 184320 c:\windows\system32\iepeers.dll

- 2002-08-29 09:44 . 2010-05-06 10:33 184320 c:\windows\system32\iepeers.dll

+ 2002-08-29 09:44 . 2010-06-24 12:25 387584 c:\windows\system32\iedkcs32.dll

- 2002-08-29 09:44 . 2010-05-06 10:33 387584 c:\windows\system32\iedkcs32.dll

+ 2002-08-29 09:45 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe

- 2002-08-29 09:45 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe

+ 2010-05-24 00:12 . 2010-08-12 09:26 231184 c:\windows\system32\FNTCACHE.DAT

- 2010-05-24 00:12 . 2010-07-29 08:50 231184 c:\windows\system32\FNTCACHE.DAT

+ 2009-03-08 02:34 . 2010-06-24 12:25 916480 c:\windows\system32\dllcache\wininet.dll

- 2009-03-08 02:34 . 2010-05-06 10:33 916480 c:\windows\system32\dllcache\wininet.dll

+ 2010-06-01 11:29 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys

+ 2008-12-05 06:57 . 2010-06-30 12:32 149504 c:\windows\system32\dllcache\schannel.dll

- 2009-03-08 02:34 . 2010-05-06 10:33 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 02:34 . 2010-06-24 12:25 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 02:32 . 2010-06-24 12:25 611840 c:\windows\system32\dllcache\mstime.dll

- 2009-03-08 02:32 . 2010-05-06 10:33 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-05-31 19:14 . 2010-05-06 10:33 599040 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-05-31 19:14 . 2010-06-24 12:25 599040 c:\windows\system32\dllcache\msfeeds.dll

- 2010-05-31 19:14 . 2010-05-06 10:33 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2010-05-31 19:14 . 2010-06-24 12:25 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-03-08 02:31 . 2010-05-06 10:33 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2009-03-08 02:31 . 2010-06-24 12:25 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-09 23:45 . 2010-05-06 10:33 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-09 23:45 . 2010-06-24 12:25 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2009-03-08 12:09 . 2010-05-06 10:33 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 12:09 . 2010-06-24 12:25 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-03-08 02:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-03-08 02:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-08-12 09:24 . 2010-05-06 10:33 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll

+ 2010-08-12 09:24 . 2010-02-22 14:25 406392 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll

+ 2010-08-12 09:24 . 2009-05-26 09:01 234872 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe

+ 2010-08-12 09:24 . 2010-05-06 10:33 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll

+ 2010-08-12 09:24 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe

+ 2006-08-31 05:56 . 2010-06-24 12:25 1210368 c:\windows\system32\urlmon.dll

+ 2006-07-13 13:52 . 2010-07-27 06:30 8518656 c:\windows\system32\shell32.dll

- 2002-08-29 09:42 . 2010-02-17 12:07 2192000 c:\windows\system32\ntoskrnl.exe

+ 2002-08-29 09:42 . 2010-04-28 18:13 2192000 c:\windows\system32\ntoskrnl.exe

- 2002-08-29 11:42 . 2010-02-16 19:07 2068864 c:\windows\system32\ntkrnlpa.exe

+ 2002-08-29 11:42 . 2010-04-28 05:43 2068864 c:\windows\system32\ntkrnlpa.exe

+ 2006-06-30 08:52 . 2010-06-24 12:25 5951488 c:\windows\system32\mshtml.dll

+ 2009-03-08 02:32 . 2010-06-24 12:25 1986560 c:\windows\system32\iertutil.dll

+ 2009-08-14 15:13 . 2010-06-24 09:02 1852032 c:\windows\system32\dllcache\win32k.sys

+ 2009-03-08 02:34 . 2010-06-24 12:25 1210368 c:\windows\system32\dllcache\urlmon.dll

+ 2008-06-17 19:02 . 2010-07-27 06:30 8518656 c:\windows\system32\dllcache\shell32.dll

- 2010-06-01 11:27 . 2010-02-17 12:07 2192000 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2010-06-01 11:27 . 2010-04-28 18:13 2192000 c:\windows\system32\dllcache\ntoskrnl.exe

- 2010-06-01 11:27 . 2010-02-16 19:06 2026496 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2010-06-01 11:27 . 2010-04-28 05:43 2026496 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-10 17:06 . 2010-04-28 05:43 2068864 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2009-02-10 17:06 . 2010-02-16 19:07 2068864 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2010-06-01 11:27 . 2010-04-28 05:43 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2010-06-01 11:27 . 2010-02-16 19:06 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2002-08-29 09:44 . 2010-06-14 07:42 1172480 c:\windows\system32\dllcache\msxml3.dll

- 2002-08-29 09:44 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2009-03-08 02:41 . 2010-06-24 12:25 5951488 c:\windows\system32\dllcache\mshtml.dll

- 2010-06-01 11:26 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2010-06-01 11:26 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2010-05-31 19:14 . 2010-06-24 12:25 1986560 c:\windows\system32\dllcache\iertutil.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll

+ 2010-08-12 09:24 . 2010-05-06 10:33 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll

- 2010-06-01 11:27 . 2010-02-17 12:07 2192000 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2010-06-01 11:27 . 2010-04-28 18:13 2192000 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2010-06-01 11:27 . 2010-02-16 19:06 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2010-06-01 11:27 . 2010-04-28 05:43 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-02-10 17:06 . 2010-02-16 19:07 2068864 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-02-10 17:06 . 2010-04-28 05:43 2068864 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2010-06-01 11:27 . 2010-04-28 05:43 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2010-06-01 11:27 . 2010-02-16 19:06 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-08-08 18:42 . 2010-08-08 18:43 5101056 c:\windows\Downloaded Installations\{66B63C9F-1408-4501-84DA-A8370B6736C1}\USB to IDE Bridge Driver.msi

+ 2010-05-25 11:27 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe

+ 2009-03-08 02:39 . 2010-06-24 15:55 11077120 c:\windows\system32\ieframe.dll

+ 2010-02-25 09:47 . 2010-06-24 15:55 11077120 c:\windows\system32\dllcache\ieframe.dll

+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\443e0.msp

+ 2010-08-12 09:24 . 2010-05-06 10:33 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-07-23 1755960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vcdplayx"="c:\windows\vcdplayx.exe" [2002-03-18 57344]

"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]

"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]

"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2010-6-23 241664]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PC Alert 4.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PC Alert 4.lnk

backup=c:\windows\pss\PC Alert 4.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SecureDoc.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SecureDoc.lnk

backup=c:\windows\pss\SecureDoc.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^ptit scarabé^Menu Démarrer^Programmes^Démarrage^3DNA Auto-Update.lnk]

path=c:\documents and settings\ptit scarabé\Menu Démarrer\Programmes\Démarrage\3DNA Auto-Update.lnk

backup=c:\windows\pss\3DNA Auto-Update.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^ptit scarabé^Menu Démarrer^Programmes^Démarrage^3DNA Desktop.lnk]

path=c:\documents and settings\ptit scarabé\Menu Démarrer\Programmes\Démarrage\3DNA Desktop.lnk

backup=c:\windows\pss\3DNA Desktop.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BboxUpdate]

2008-08-06 17:44 103936 ----a-w- c:\program files\BboxUpdate\BTLiveUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]

2002-07-16 13:24 245760 ----a-w- c:\program files\FarStone\VirtualDrive\vdtask.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\aMSN\\bin\\wish.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4661:TCP"= 4661:TCP:tcp e mule

"4665:UDP"= 4665:UDP:udp e mule

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"8126:TCP"= 8126:TCP:Services

"4813:TCP"= 4813:TCP:Services

"6942:TCP"= 6942:TCP:Services

"6943:TCP"= 6943:TCP:Services

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [03/08/2010 17:33 108289]

S1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [24/01/2002 15:25 46735]

S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [18/08/2010 00:00 12552]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/05/2010 11:34 271728]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [23/06/2010 16:43 8576]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

S3 SmartCd;SmartCd;c:\windows\system32\drivers\SmartCd.sys [19/01/2002 18:00 6356]

S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [23/06/2010 16:43 461056]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/05/2010 11:32 642560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

Trusted Zone: chat-land.org

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

 

SafeBoot-HDDirect

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-22 17:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D5F78A]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28

\Driver\ACPI -> ACPI.sys @ 0xf75adcb8

\Driver\atapi -> ntoskrnl.exe @ 0x805c7abe

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615

ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615

ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

copy of MBR has been found in sector 0x012A18AC1

malicious code @ sector 0x012A18AC4 !

PE file found in sector at 0x012A18ADA !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Heure de fin: 2010-08-22 17:07:44

ComboFix-quarantined-files.txt 2010-08-22 15:07

ComboFix2.txt 2010-08-02 22:31

 

Avant-CF: 8 645 382 656 octets libres

Après-CF: 8 623 116 288 octets libres

 

Current=4 Default=4 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - E7902A66938884C74BEB018B3098B373

[nardino]

Bonsoir,

Tu n'as pas passé Bootkit Remover ?

Il faut le faire.

@+

[nino1974]

Si biensur, mais il m'affiche "press any key to quit..." rien ne se passe de plus...??????

[nardino]

Bonjour,

Je répète :

Dans le dossier bootkit_remover, clique sur remover.exe.

Si tu vois en jaune afficher Unknown boot code, dis-moi ce qui est inscrit avant :

\\.\PhysicalDrive et le numéro que tu tu lis.

@+

[nino1974]

bonjour oops ok

 

System volume is \\.C:

\\.\C: -> \\.\Physicaldrive0

[nardino]

Bonsoir

Tu as bien vu Unknown boot code ?

@+

[nino1974]

Bonsoir,

apparemment non, en jaune c'est écrit;

"Boot code on some of your physical disks is hidden by a rootkit"

il n'y a pas Unknown boot code en jaune, désolé!

[nardino]

Bonsoir,

Télécharge DeFogger de Jpshortstuff sur le bureau.

 

Double clic sur DeFogger

Sous Vista et Sept, clique droit e sur l'icône et sur "Exécuter en tant qu'administrateur".

Clique sur le bouton Disable pour désactiver les drivers d'émulateurs CD.

Clique sur Yes pour continuer.

Un message 'Finished!' apparaîtra, clique sur OK.

Il sera demander de redémarrer la machine, OK accepte.

 

Relance Bootkit Remover et si tu vois encore ce message orange et seulement dans ce cas, dans un bloc-note, copie-colle :

@ECHO OFF

START remover.exe fix \\.\PhysicalDrive0

EXIT

 

Enregistre dans le dossier bootkit_remover, en le nommant fix.bat dans Tous types de fichiers

Clique sur fix.bat

Relance remover.exe et cette fois en vert tu dois lire OK <DOS/Win32 Boot code found>

Informe-moi sur la réussite de l'opération ou non.

 

@+

[nino1974]

Bonjour nardino, merci de ton suivi,

 

tu vas me prendre pour une bille informatique a force...mais c'est le cas!

 

J'ai bien lancé DeFogger,jusqu'a finished, mais il ne m'a pas proposé de redémarrer, donc je l'ai fait moi meme...

 

suite; comme indiqué j'ai encore le meme message cité dans mon dernier message, je suppose que c'est celui ci dont tu me parlais, donc j'ai copier coller ton message dans un bloc note et renommé comme cité fix.bat,(ce que je n'ai pas copris par contre c'est ou trouves tu "tous types de fichiers"), puis couper coller ce fichier dans le dossier bootkit remover comme indiqué...

j'ai toujours la meme chose, je commence a me demander si j'ai bien fait les choses...

 

Bonne journée, a+tard

[nardino]

Bonjour,

 

Voici comment faire pour Bootkit Remover.

 

bootkit partagé sur ZimageZ

 

bootkit2 partagé sur ZimageZ

 

bootkit3 partagé sur ZimageZ

 

Et tu enchaines avec la suite

Clique sur fix.bat

Relance remover.exe et cette fois en vert tu dois lire OK <DOS/Win32 Boot code found>

Informe-moi sur la réussite de l'opération ou non.

 

@+