Forum Clubic

Hihjackthis inutilisable mode normal et sans echec

Bonjour a tous

J ai une grosse galere, mon pc fixe avec xp se bloque au demarrage ( en mode normal et sans echec) de temps en temps il arrive a demarrer Kaspersky 2009 m averti de la presence de trojans j essaie de lancer hijackthis et spybot mais rien a faire, ils se ferment tout seul ( mode normal et sans echec)… meme depuis le poste quand je tappe hijackthis sur google ca ferme la fenetre!!!

c est vraiment de la folie j ai jamais vu ca

Si il vous plait aidez moi!

merci
Edité le 06/12/2008 à 13:44

:hello: T’as essayé de renommer l’exécutable “Hijackthis.exe” avant de le lancer?

merci de prendre du temps pour me repondre

Rien a faire il se ferme direct! j ai execute toolbar s&d en desespoir de cause
sinon le trojan detecte trojan.win32.monderd.gen

Voila le rapport Tool bar sd

-----------\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 4300 @ 1.80GHz )
BIOS : BIOS Date: 02/10/07 10:35:53 Ver: 08.00.12
USER : Administrateur ( Administrator )
BOOT : Fail-safe boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:2 Go)
D:\ (Local Disk) - NTFS - Total:240 Go (Free:23 Go)
E:\ (Local Disk) - NTFS - Total:152 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT - Total:1919 Mo (Free:0 Go)
H:\ (CD or DVD)
I:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)

“C:\ToolBar SD” ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 06/12/2008|13:36 )

-----------\ Recherche de Fichiers / Dossiers …

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.files-ftp.com/~unicorni/phpBB2/index.php
“Search Bar”=“http://www.google.fr

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157

--------------------\ Recherche d’autres infections

C:\WINDOWS\system32\qsrtsBeg.ini
C:\WINDOWS\system32\qsrtsBeg.ini2
C:\WINDOWS\system32\geBstrsq.dll
==> VUNDO <==

--------------------\ ROOTKIT !!

Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
Rootkit Tibs ! … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

1 - “C:\ToolBar SD\TB_1.txt” - 06/12/2008|13:40 - Option : [1]

-----------\ Fin du rapport a 13:40:31,48
Edité le 06/12/2008 à 14:04

Salut

Utilise [RSIT de Random/Random[/url] puis colle les rapports [url=http://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm]b[/b]](http://images.malwareremoval.com/random/RSIT.exe)

Tu a un infection Vundo:
Fait un scan complet avec [MBAM,[/url] supprime les détections et post le rapport. url=http://guigui14100.web.officelive.com/tutorialmbam.aspx](http://www.malwarebytes.org/mbam/program/mbam-setup.exe)

Apres passe un coup de vundofix pour supprimer si il y a des reste qu’il detecte.

merci je fais ca tout de suite

Voila le rapport RSIT par contre MBAM ne tourne pas en mode normal il ne s installe pas j essaie en mode sans echec

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Antoine at 2008-12-06 14:36:22
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 6 GB (16%) free of 40 GB
Total RAM: 1535 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\vmkwmrwn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{4701F5DF-E0A8-4477-9927-7D8B2B5CF0DB}]
C:\WINDOWS\system32\geBstrsq.dll [2008-12-05 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\byXQKdDt.dll [2008-12-05 38400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C5BF49A2-94F3-42BD-F434-3604812C897D}]
C:\WINDOWS\system32\jsdf8j3dgf.dll - C:\WINDOWS\system32\jsdf8j3dgf.dll [2008-12-05 15000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AWWFSPU”=C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe [2006-12-18 712781]
“DAEMON Tools”=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
“xsjfn83jkemfofght”=C:\WINDOWS\TEMP\winlogin.exe [2008-12-05 15000]
“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
“AVP”=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
“WinampAgent”=C:\Program Files\Winamp\Winampa.exe [2003-04-02 12288]
“SkyTel”=C:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE [2006-10-12 16267776]
“RemoteControl”=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
“PMCRemote”=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2005-10-31 73728]
“PinnacleDriverCheck”=C:\WINDOWS\system32\PSDrvCheck.exe [2003-11-10 406016]
“nwiz”=nwiz.exe /install []
“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
“Alcmtr”=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“H/PC Connection Agent”=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
“xsjfn83jkemfofght”=C:\WINDOWS\TEMP\winlogin.exe [2008-12-05 15000]
“Jnskdfmf9eldfd”=C:\DOCUME~1\Antoine\LOCALS~1\Temp\csrssc.exe [2008-12-06 21505]
“Steam”=C:\Program Files\Steam\Steam.exe [2008-11-07 1410296]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancement rapide d’Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\abcceee]
C:\WINDOWS\system32\abcceee.dll [2002-08-18 313871]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXQKdDt]
C:\WINDOWS\system32\byXQKdDt.dll [2008-12-05 38400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\edbebbed]
C:\WINDOWS\system32\edbebbed.dll [2002-08-08 312847]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\notifyc]
C:\WINDOWS\system32\ccc.dll [2008-12-05 140288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsdf8j3dgf.dll [2008-12-05 15000]
{AF0BE91A-D92D-44F5-9581-64F629762E5A} - C:\WINDOWS\system32\ccc.dll [2008-12-05 140288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}”=C:\WINDOWS\system32\byXQKdDt.dll [2008-12-05 38400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“authentication packages”=msv1_0
C:\WINDOWS\system32\geBstrsq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableRegistryTools”=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145
“NoFolderOptions”=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Messenger\msmsgs.exe”="C:\Program Files\Messenger\msmsgs.exe:
:Enabled:Windows Messenger"
“C:\Program Files\Pinnacle\MediaCenter\PMC.exe”=“C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe”
“C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe”=“C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Enabled:PMC.Service.Main.exe”
“C:\Program Files\Pinnacle\MediaCenter\PSST.exe”=“C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe”
“C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe”=“C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe”
“C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe”=“C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe”
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
“C:\Program Files\Moldflow\Plastics Insight 6.1\bin\synergy.exe”="C:\Program Files\Moldflow\Plastics Insight 6.1\bin\synergy.exe:
:Disabled:Moldflow Synergy Application”
“C:\Program Files\Moldflow\Product Security\mpiedashboard.exe”=“C:\Program Files\Moldflow\Product Security\mpiedashboard.exe::Disabled:Moldflow Enterprise Dashboard"
“C:\Program Files\BitLord\BitLord.exe”="C:\Program Files\BitLord\BitLord.exe:
:Enabled:BitLord”
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”=“C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”=“C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00c8d6c2-9ed0-11dd-a36a-0015af183da3}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00c8d6c3-9ed0-11dd-a36a-0015af183da3}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{14acb476-8d78-11dd-a35d-0015af183da3}]
shell\AutoRun\command - vva0hc0p.cmd
shell\explore\command - vva0hc0p.cmd
shell\open\command - vva0hc0p.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2a73427d-8bae-11dd-a35b-0015af183da3}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{36b651ed-9ae2-11dd-a364-0015af183da3}]
shell\AutoRun\command - pv6mxu.bat
shell\explore\command - pv6mxu.bat
shell\open\command - pv6mxu.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9042c940-8983-11dd-a356-0015af183da3}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f6c8f2f0-8595-11dd-a349-0015af183da3}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\m.exe /s

======List of files/folders created in the last 1 months======

2008-12-06 14:36:24 ----D---- C:\Program Files\trend micro
2008-12-06 14:36:22 ----D---- C:\rsit
2008-12-06 13:36:46 ----A---- C:\TB.txt
2008-12-06 13:36:19 ----D---- C:\ToolBar SD
2008-12-06 13:10:29 ----D---- C:\VundoFix Backups
2008-12-06 13:10:29 ----A---- C:\VundoFix.txt
2008-12-06 12:41:21 ----D---- C:\Program Files\Hijackthis
2008-12-06 12:41:18 ----A---- C:\hello.exe
2008-12-05 23:52:41 ----A---- C:\WINDOWS\system32\f6e6be0874ea7f2a2d94225963fc1154.exe
2008-12-05 23:33:17 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-12-05 22:13:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-05 22:13:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 21:54:28 ----D---- C:\WINDOWS\AU_Temp
2008-12-05 20:37:31 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-05 19:00:37 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-05 18:06:55 ----A---- C:\WINDOWS\system32\ccc.dll
2008-12-05 18:04:23 ----A---- C:\WINDOWS\system32\03ab8658-.txt
2008-12-05 18:03:56 ----ASH---- C:\WINDOWS\system32\qsrtsBeg.ini2
2008-12-05 18:03:52 ----ASH---- C:\WINDOWS\system32\qsrtsBeg.ini
2008-12-05 18:03:46 ----A---- C:\WINDOWS\system32\geBstrsq.dll
2008-12-05 09:41:22 ----A---- C:\WINDOWS\system32\odbcad32.dll
2008-12-05 09:41:12 ----SHD---- C:\WINDOWS\CSC
2008-12-05 09:41:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 09:30:22 ----A---- C:\kxhvehm.exe
2008-12-05 09:30:10 ----A---- C:\WINDOWS\system32\jsdf8j3dgf.dll
2008-12-05 09:30:07 ----A---- C:\WINDOWS\system32\byXQKdDt.dll
2008-12-05 09:29:29 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-05 05:38:56 ----H---- C:\WINDOWS\system32\BITA.tmp
2008-12-05 05:38:56 ----H---- C:\WINDOWS\system32\BIT9.tmp
2008-11-21 16:49:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-21 11:57:56 ----A---- C:\ASLog.txt
2008-11-16 19:07:10 ----D---- C:\Documents and Settings\Antoine\Application Data\Canon
2008-11-16 19:06:55 ----D---- C:\Documents and Settings\Antoine\Application Data\ArcSoft
2008-11-16 19:03:00 ----D---- C:\Program Files\ArcSoft
2008-11-16 19:03:00 ----A---- C:\WINDOWS\PS_setup.ini
2008-11-16 19:02:59 ----A---- C:\WINDOWS\pcdlib32.dll
2008-11-16 19:02:20 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2008-11-16 19:02:19 ----HD---- C:\CanoScan
2008-11-16 19:02:19 ----A---- C:\WINDOWS\system32\CNQU77.DLL
2008-11-16 19:02:19 ----A---- C:\WINDOWS\system32\CNQL1208.dll
2008-11-16 15:54:26 ----A---- C:\WINDOWS\system32\PSCLE119.dll
2008-11-16 15:54:26 ----A---- C:\WINDOWS\system32\CNDUE119.dll
2008-11-16 15:54:26 ----A---- C:\WINDOWS\system32\CNDNDlg.exe
2008-11-16 15:54:25 ----A---- C:\WINDOWS\system32\CNDCE119.dll
2008-11-16 15:54:24 ----D---- C:\Program Files\Canon
2008-11-14 23:37:59 ----D---- C:\Program Files\Viewpoint
2008-11-14 23:37:59 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-13 03:00:37 ----HDC---- C:\WINDOWS$NtUninstallKB957097$
2008-11-13 03:00:32 ----HDC---- C:\WINDOWS$NtUninstallKB954459$
2008-11-13 03:00:24 ----HDC---- C:\WINDOWS$NtUninstallKB955069$
2008-11-11 20:00:04 ----A---- C:\WINDOWS\system32\klogon.dll

======List of files/folders modified in the last 1 months======

2008-12-06 14:36:24 ----RD---- C:\Program Files
2008-12-06 14:33:39 ----D---- C:\WINDOWS\Temp
2008-12-06 14:22:26 ----D---- C:\Program Files\Steam
2008-12-06 14:21:37 ----D---- C:\WINDOWS\system32
2008-12-06 13:41:46 ----D---- C:\Program Files\BitLord
2008-12-06 13:02:34 ----SHD---- C:\RECYCLER
2008-12-06 12:30:46 ----D---- C:\WINDOWS
2008-12-06 12:29:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 07:32:54 ----D---- C:\WINDOWS\Prefetch
2008-12-06 01:49:13 ----RASH---- C:\boot.ini
2008-12-06 01:49:13 ----A---- C:\WINDOWS\win.ini
2008-12-06 01:49:13 ----A---- C:\WINDOWS\system.ini
2008-12-06 01:35:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 23:35:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-05 23:34:58 ----SHD---- C:\WINDOWS\Installer
2008-12-05 23:34:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 23:33:56 ----HD---- C:\WINDOWS\inf
2008-12-05 23:33:17 ----D---- C:\Program Files\Kaspersky Lab
2008-12-05 23:03:45 ----A---- C:\xscan.txt
2008-12-05 21:55:22 ----A---- C:\WINDOWS\TSC.INI
2008-12-05 21:54:42 ----A---- C:\WINDOWS\vsapi32.dll
2008-12-05 21:54:42 ----A---- C:\WINDOWS\BPMNT.dll
2008-12-05 21:54:30 ----A---- C:\WINDOWS\GetServer.ini
2008-12-05 20:26:59 ----D---- C:\Program Files\Eidos
2008-12-05 20:18:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-05 18:28:49 ----D---- C:\WINDOWS\report
2008-12-05 10:17:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-05 10:17:10 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-05 09:41:18 ----D---- C:\Documents and Settings
2008-12-05 09:30:24 ----A---- C:\WINDOWS\explorer.exe
2008-12-05 09:30:09 ----SD---- C:\WINDOWS\Tasks
2008-12-04 22:01:04 ----A---- C:\WINDOWS\winamp.ini
2008-12-04 19:54:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-29 23:53:47 ----D---- C:\Program Files\eMule
2008-11-27 08:49:37 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-21 16:49:28 ----D---- C:\Documents and Settings\Antoine\Application Data\AdobeUM
2008-11-21 16:47:46 ----D---- C:\Program Files\Adobe
2008-11-17 21:38:38 ----SD---- C:\Documents and Settings\Antoine\Application Data\Microsoft
2008-11-16 19:05:59 ----D---- C:\WINDOWS\Media
2008-11-16 19:05:55 ----D---- C:\WINDOWS\twain_32
2008-11-16 19:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 15:54:04 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-11-13 03:00:37 ----HD---- C:\WINDOWS$hf_mig$
2008-11-13 03:00:35 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-12-05 227344]
R1 LUMDriver;LUMDriver; ??\C:\WINDOWS\system32\drivers\LUMDriver.sys []
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-24 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-24 55936]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-05-26 11264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-11-01 35840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-10-13 4387328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ajx2m4ux;ajx2m4ux; C:\WINDOWS\system32\drivers\ajx2m4ux.sys []
S3 AR2425;AzureWave AR5006 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\aw5006.sys [2006-12-18 556832]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2002-12-17 26120]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
R2 BBDemon;Backbone Service; C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Edité le 06/12/2008 à 14:40

Rien a faire pour MBAM il veut pas s installer
meme en copiant deja une installation faite sur un autre PC il veut pas lancer l exe… comme si y avait quelque chose qui le bloquait
et Vundofix ne detecte rien ca craint!
Edité le 06/12/2008 à 14:57

Désactive ton antivirus
Enregistre Combofix sur le bureau puis lance le, laisse travailler et post le rapport.

j ai deja essaye cumbofix et c est pareil il veut rien entendre il refuse de se lancer meme avec l antivirus desactive
Comment on peut penser a un truc aussi vicelar…
Edité le 06/12/2008 à 15:04

Essaye un scan complet avec drcureit ftp.drweb.com…

Bonjour,

Grosse galère !

Guigui14100, j’ai cliqué sur ton lien et il me propose l’enregistrement (que j’ai refusé puisqu’en n’ayant pas besoin). Serait-il possible que tu fournisses le lien vers la page web ? Là je vais faire une recherche sur le net pour voir à quoi il coorespond.

Bon courage tonio 2052 !

Au passage, j’ai vu que si MBAM ne veut pas s’installer, dés fois il accepte si on le renomme (comme pour HiJackThis).
Edité le 06/12/2008 à 16:20

www.freedrweb.com…

En fait je t’ai pas demander a tu essayer d’installer MBAM en mode sans échec?

Re,

Merci ! (bien qu’une recherche su rle net m’a permi de le trouver ;))