mon pc se fige UC à 100% après ouverture IE7 !!??

[dudu57]

Bonjour,
QQn pourrait-il m'aider à solutionner mon pb que j'expose ci-après :
depuis quelques jours, à l'ouverture IE7, une page blanche s'ouvre en auto. avec retour intempestif lors de la navigation..!!
quid ??
http://cjoint.com/?egiNB7Dtom
@++
cldt
ps. je postes log_Hijack..
******************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:59, on 05/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Garmin\gstart .exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://go.divx.com
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: Garmin Internet Explorer Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _0_4_0.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurig ... 0908082415
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Games ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11331 bytes

[nardino]

Bonjour,

Tu vas désactiver le contrôle des comptes d'utilisateurs.
Dans le Panneau de configuration, Affichage classique, Comptes d'utilisateurs, clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
Clique sur Continuer.
Dans la fenêtre suivante, décoche Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.

Il te sera demandé de redémarrer.
Il est important de ne pas oublier de le réactiver en fin de désinfection.

Télécharge Smitfraud.fix de S!Ri :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Première phase
--------------

Lance-le en cliquant sur SmitfraudFix.exe

Dans la fenêtre bleue, choisis l'option 1 et Entrée
Pour fermer l'outil clique sur Q
Fais un copier coller du rapport qui s'ouvre dans ta prochaine réponse.
Ce rapport sera enregistré comme suit : C:\rapport.txt
@+

[dudu57]

re_bjr Nardino
de te relire et merci pour tes diligences
comme suite à tes instructions, voici le log demandé :
SmitFraudFix v2.406

Scan done at 15:35:48,25, 05/04/2009
Run from C:\Users\MARIE\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Garmin\gstart .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\MARIE


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\MARIE\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\MARIE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\MARIE\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2EED8D60-1CC7-4D36-BAED-97601448AD96}: DhcpNameServer=163.244.4.254 163.244.76.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D585DD83-733D-4765-914D-FAFFEC27A49B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2EED8D60-1CC7-4D36-BAED-97601448AD96}: DhcpNameServer=163.244.4.254 163.244.76.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D585DD83-733D-4765-914D-FAFFEC27A49B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2EED8D60-1CC7-4D36-BAED-97601448AD96}: DhcpNameServer=163.244.4.254 163.244.76.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D585DD83-733D-4765-914D-FAFFEC27A49B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2EED8D60-1CC7-4D36-BAED-97601448AD96}: DhcpNameServer=163.244.4.254 163.244.76.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D585DD83-733D-4765-914D-FAFFEC27A49B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

ps.: le probléme étant tjrs persisitant, j'ai pensé à faire un scan avec Antimalwarebytes v.1.35
post rapport*txt :
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1940
Windows 6.0.6001 Service Pack 1

05/04/2009 15:15:28
mbam-log-2009-04-05 (15-15-28).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 205143
Temps écoulé: 45 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

[nardino]

Bonjour.

Tu peux supprimer Smitfraudfix et son rapport.

Télécharge Combofix
IMPORTANT. Enregistre ComboFix.exe sur le Bureau.
Désactive les applications antivirus et anti-malware, en général via un clic droit sur l'icône de la Zone de notification.
Sinon, elles risquent d'interférer avec l'outil.
Lorsque l'outil aura terminé, il affichera un rapport.
Copie le contenu de C:\ComboFix.txt dans ta prochaine réponse.

@+

[dudu57]

re_bjr
1ooo excuses x le retard mais pbs connexion FAI...pour ne pas changer!!
je précise que j'ai tjrs cette page "douteuse" de démarrage d'IE7 et j'ai des doutes que l'URL incriminé soit en réalité un virus...sauf meilleur avis...quoiqu'il en soit, en réponse à ton dernier post, ci-joint log*txt édité par ComboFix :
ComboFix 09-04-04.01 - MARIE 2009-04-06 8:59:56.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1039 [GMT 2:00]
Lancé depuis: c:\users\MARIE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-06 au 2009-04-06 ))))))))))))))))))))))))))))))))))))
.

2009-04-05 17:09 . 2009-04-05 17:09 <REP> d-------- c:\windows\System32\Kaspersky Lab
2009-04-05 10:11 . 2009-04-05 10:11 <REP> d-------- c:\users\MARIE\AppData\Roaming\vlc
2009-04-05 09:04 . 2009-04-05 09:04 <REP> d-------- c:\program files\CaptEcran
2009-04-05 09:04 . 2006-05-03 20:14 372,736 --a------ c:\windows\System32\ijl15.dll
2009-04-05 09:04 . 2006-05-03 20:13 119,568 --a------ c:\windows\System32\vb6fr.DLL
2009-04-04 10:22 . 2009-04-04 10:22 <REP> d-------- c:\program files\IrfanView
2009-04-04 10:11 . 2009-04-04 10:20 <REP> d-------- c:\users\MARIE\AppData\Roaming\Ethereal
2009-04-04 10:09 . 2009-04-04 10:09 <REP> d-------- C:\Temp
2009-04-04 10:09 . 2009-04-04 10:09 <REP> d-------- c:\program files\WinPcap
2009-04-03 15:46 . 2008-04-14 04:12 1,384,479 --a------ c:\windows\System32\temp.00C
2009-04-03 15:46 . 2008-05-09 14:53 172,032 --a------ c:\windows\System32\temp.00B
2009-04-03 15:46 . 2008-04-13 19:42 16,896 --a------ c:\windows\System32\temp.00A
2009-04-03 15:39 . 2009-04-03 15:41 <REP> d--h----- c:\users\MARIE\AppData\Roaming\User Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
2009-04-03 15:37 . 2008-04-14 04:12 1,384,479 --a------ c:\windows\System32\temp.009
2009-04-03 15:37 . 2008-05-09 14:53 172,032 --a------ c:\windows\System32\temp.008
2009-04-03 15:37 . 2008-04-13 19:42 16,896 --a------ c:\windows\System32\temp.007
2009-04-03 15:36 . 2009-04-04 09:11 <REP> d-------- c:\users\MARIE\AppData\Roaming\SEDE
2009-04-03 15:36 . 2009-04-03 15:46 <REP> d-------- c:\program files\Secret Disk
2009-04-03 15:36 . 2008-04-14 04:12 1,384,479 --a------ c:\windows\System32\temp.006
2009-04-03 15:36 . 2008-04-14 04:12 1,384,479 --a------ c:\windows\System32\temp.003
2009-04-03 15:36 . 2008-05-09 14:53 172,032 --a------ c:\windows\System32\temp.005
2009-04-03 15:36 . 2008-05-09 14:53 172,032 --a------ c:\windows\System32\temp.002
2009-04-03 15:36 . 2008-04-13 19:42 16,896 --a------ c:\windows\System32\temp.004
2009-04-03 15:36 . 2008-04-13 19:42 16,896 --a------ c:\windows\System32\temp.001
2009-04-03 14:05 . 2009-04-03 14:05 <REP> d-------- c:\users\MARIE\AppData\Roaming\BinarySense
2009-04-03 14:05 . 2009-04-03 14:05 <REP> d-------- c:\program files\Common Files\BinarySense
2009-04-03 14:05 . 2009-04-03 14:05 <REP> d-------- c:\program files\BinarySense
2009-04-03 13:54 . 2001-11-27 18:27 210,200 --a------ c:\windows\System32\TWNPRO3.DLL
2009-03-31 18:01 . 2009-03-31 18:01 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-03-31 18:01 . 2009-03-31 18:01 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-31 18:01 . 2008-12-11 14:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-03-31 18:01 . 2008-12-11 14:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-03-31 10:35 . 2009-03-31 10:35 <REP> d-------- c:\users\MARIE\AppData\Roaming\TuneUp Software
2009-03-31 10:34 . 2009-03-31 10:34 <REP> d-------- c:\users\All Users\TuneUp Software
2009-03-31 10:34 . 2009-03-31 10:34 <REP> d-------- c:\programdata\TuneUp Software
2009-03-31 10:34 . 2009-03-31 18:01 <REP> d-------- c:\program files\TuneUp Utilities 2009
2009-03-31 10:33 . 2009-03-31 10:33 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-31 10:33 . 2009-03-31 10:33 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-28 17:37 . 2009-03-28 17:37 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-03-28 17:37 . 2009-03-28 17:37 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-03-24 11:09 . 2009-03-24 11:09 <REP> d-------- c:\users\All Users\My Music
2009-03-24 11:09 . 2009-03-24 11:09 <REP> d-------- c:\programdata\My Music
2009-03-24 11:08 . 2009-03-24 11:08 1,365,584 --a------ c:\users\All Users\pswi_preloaded.exe
2009-03-24 11:08 . 2009-03-24 11:08 1,365,584 --a------ c:\programdata\pswi_preloaded.exe
2009-03-23 10:14 . 2009-03-23 14:40 <REP> d-------- c:\program files\TomTom HOME 2
2009-03-21 09:35 . 2009-03-21 09:35 <REP> d-------- c:\program files\TomTom International B.V
2009-03-13 10:40 . 2009-03-17 17:12 <REP> d-------- C:\GarminPOIUpdater
2009-03-12 10:43 . 2009-03-12 10:43 <REP> d-------- C:\WebUpdater
2009-03-11 09:35 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 09:35 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:35 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 09:35 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 09:35 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 09:35 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-08 18:40 . 2009-03-08 18:40 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-08 13:46 . 2009-03-08 13:46 <REP> d-------- c:\users\All Users\GARMIN
2009-03-08 13:46 . 2009-03-08 13:46 <REP> d-------- c:\programdata\GARMIN
2009-03-08 13:24 . 2009-03-08 13:24 <REP> d-------- c:\users\MARIE\{cb5f830b-d414-46ae-a27d-28e5e7544ff1}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 06:43 --------- d---a-w c:\programdata\TEMP
2009-04-05 11:56 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 11:52 --------- d-----w c:\program files\Trend Micro
2009-04-04 08:33 --------- d-----w c:\users\MARIE\AppData\Roaming\uTorrent
2009-04-04 07:59 --------- d-----w c:\users\MARIE\AppData\Roaming\IrfanView
2009-04-03 14:57 5,324 ----a-w c:\users\MARIE\AppData\Roaming\wklnhst.dat
2009-04-02 07:27 --------- d-----w c:\program files\SpywareBlaster
2009-03-31 15:37 --------- d-----w c:\program files\Windows Live
2009-03-31 15:34 --------- d-----w c:\program files\Dell Support Center
2009-03-31 15:25 --------- d-----w c:\programdata\SupportSoft
2009-03-30 13:27 --------- d-----w c:\users\MARIE\AppData\Roaming\Corel
2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 13:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 07:25 --------- d-----w c:\program files\Java
2009-03-25 07:10 --------- d-----w c:\program files\McAfee
2009-03-24 09:05 --------- d-----w c:\program files\Corel
2009-03-14 15:41 --------- d-----w c:\users\MARIE\AppData\Roaming\Nokia
2009-03-12 12:31 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 07:07 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:58 --------- d-----w c:\users\MARIE\AppData\Roaming\GARMIN
2009-03-05 16:07 --------- d-----w c:\users\MARIE\AppData\Roaming\Megaupload
2009-03-05 16:06 --------- d-----w c:\users\MARIE\AppData\Roaming\MegauploadToolbar
2009-03-05 16:06 --------- d-----w c:\programdata\Megaupload
2009-03-05 16:06 --------- d-----w c:\programdata\EmailNotifier
2009-03-05 16:06 --------- d-----w c:\program files\MegauploadToolbar
2009-03-05 16:05 --------- d-----w c:\program files\Megaupload
2009-03-05 16:04 --------- d-----w c:\users\MARIE\AppData\Roaming\InstallShield
2009-03-05 11:59 --------- d-----w c:\programdata\McAfee
2009-03-03 14:12 --------- d-----w c:\program files\Flash 32
2009-03-03 12:42 --------- d-----w c:\program files\Microsoft
2009-03-03 12:41 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-27 07:12 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 07:45 --------- d-----w c:\program files\Simple PDF
2009-02-25 15:48 --------- d--h--w c:\programdata\CanonBJ
2009-02-25 15:35 --------- d-----w c:\programdata\metier2000Apps
2009-02-24 12:46 --------- d-----w c:\users\MARIE\AppData\Roaming\Snapter Images
2009-02-23 11:57 --------- d-----w c:\users\MARIE\AppData\Roaming\Azureus
2009-02-23 11:46 --------- d-----w c:\programdata\Azureus
2009-02-20 08:22 --------- d-----w c:\program files\Secunia
2009-02-20 08:15 --------- d-----w c:\program files\Pictomio
2009-02-20 08:08 --------- d-----w c:\users\MARIE\AppData\Roaming\KC Softwares
2009-02-20 08:08 --------- d-----w c:\program files\KC Softwares
2009-02-15 16:06 --------- d-----w c:\program files\Resco
2009-02-15 11:57 --------- d-----w c:\program files\MagicSS
2009-02-15 10:45 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-02-10 10:26 --------- d-----w c:\users\MARIE\AppData\Roaming\dvdcss
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-26 13:17 695,642 ----a-w c:\windows\unins000.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-17 16:14 174 --sha-w c:\program files\desktop.ini
2008-09-17 08:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-17 08:19 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-17 08:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_ 8.53.45,38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-06 06:53:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-06 06:55:46 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-06 06:53:01 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-06 06:55:46 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-06 06:53:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-06 06:55:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2009-04-06 23052]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 23052]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-06 23052]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]

c:\users\MARIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [2008-02-15 2278648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-07-11 18:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 12:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2006-11-17 23:13 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-29 08:33 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 12:37 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 16:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 13:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2006-11-02 11:45 215552 c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-02-08 07:11 303104 c:\windows\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1549740449-2313478069-2629033981-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6AE93875-2274-4977-B867-4126C877A2C3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{75111A90-EE04-407A-B293-00A966F140C6}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2340E488-8EF6-454F-9A50-3DBF211A00C1}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E55647FF-4DE6-49A1-B801-409908F3E612}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{15E1A816-1225-4839-9B1C-C964DBB8A861}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{88321D30-DAE5-4E0E-B960-354AE1269215}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D85D5B18-3C2A-498E-83B9-EDF4F327472F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B304C1A5-2436-443C-A4F1-3AAF6B1C7303}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9FE39B4B-9C3C-4809-B42D-8E1C2D43171E}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{711C1F36-7668-4D61-B37D-8C5CB43AA677}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{44051520-22E7-4F24-82E4-4E93D5845DF4}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{995B049D-06D3-4EFA-92DC-DFDD12D60269}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E183E357-1F34-4656-AB2F-F1B0138BDE23}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{89F6DC5D-A11C-46D2-BB0B-990F062E6AE7}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{147204E0-478E-4CEE-96FB-74FD492351F5}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{82426D94-8695-4979-9C3B-9E4B482E2CFB}"= UDP:5721:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{56BAA04B-F4B7-49FD-8886-1F7EE389A1D3}"= UDPLocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{107C363C-AF67-4792-9BE6-1860EFA41130}"= UDP:5678:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{62D73315-C03D-4207-851E-A59820C5B49C}"= UDP:999:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{97C9C766-EAD7-437A-A47F-803F31D13532}"= UDPLocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{5ABBD0A7-C1EF-4988-9379-D045B1E6474A}"= UDP:990:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{20E218E4-EF05-46A6-B0AE-07DA19FFC35C}"= UDP:5721:LocalSubnet:LocalSubnet|IF={3E2B244E-6983-48CF-A66B-590BE6C66475}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{1EA318D4-DCB8-4B68-BDBA-A221766AC69E}"= UDPLocalSubnet:LocalSubnet|IF={3E2B244E-6983-48CF-A66B-590BE6C66475}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{BD59A982-AA61-42CF-9A81-73C0B12EE0D8}"= UDP:5678:LocalSubnet:LocalSubnet|IF={3E2B244E-6983-48CF-A66B-590BE6C66475}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{89F56D50-7C15-411D-8A55-BE729A165BB1}"= UDP:999:LocalSubnet:LocalSubnet|IF={3E2B244E-6983-48CF-A66B-590BE6C66475}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{44088F30-8B41-40EE-9EBE-9B86CEA1826F}"= UDPLocalSubnet:LocalSubnet|IF={3E2B244E-6983-48CF-A66B-590BE6C66475}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{0088A1CD-C61C-4FEB-BDA4-368A86B525BC}"= UDP:990:LocalSubnet:LocalSubnet|IF={3E2B244E-6983-48CF-A66B-590BE6C66475}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{24F6D7D1-3479-430F-ACDA-1669E9F951B1}"= UDP:5721:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{117BE3E9-5F6D-4CB9-AA2C-9B5CEE34DAEF}"= UDPLocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{10D555ED-A515-44D8-B192-62CDCAD130D7}"= UDP:5678:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{6A012E3D-B3E4-473A-AB3A-2076EF59C2E2}"= UDP:999:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{2D2BB76A-4A5E-47F3-A9B2-805CECDCCC96}"= UDPLocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{8A208EDF-7586-4AD2-9879-52E31DF6C86B}"= UDP:990:LocalSubnet:LocalSubnet|IF={925F752D-78F0-46A0-9A8B-4DA12CC3EACD}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-21 179856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-14 210216]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-31 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2008-10-21 15504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-08-29 3664384]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\System32\drivers\SCRCAMDRV.sys [2009-03-03 225536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-05-31 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\System32\drivers\NANMp50.sys [2009-01-21 28224]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\System32\drivers\NANSp50.sys [2009-01-21 27072]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-02 32512]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-20 28224]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-11-18 7808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{913f391e-5bdf-11dd-bf51-00188bd030e4}]
\shell\AutoRun\command - F:\Setup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 16:04]

2008-10-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]

2008-10-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
Trusted Zone: divx.com\go
Trusted Zone: orange.fr\www
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
DPF: Garmin Internet Explorer Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080908082415
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 09:01:59
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1549740449-2313478069-2629033981-1000_Classes\CLSID\{5937c266-45ed-4aa5-85bf-7c60d7b1daf9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ee
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,7a,4a,a8,7e,24,0e,49,5a,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\

[HKEY_USERS\S-1-5-21-1549740449-2313478069-2629033981-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a0,f7,15,9b,3a,31,98,14,54,4b,7d,2e,1e,8a,06,51,b3,f5,16,b5,a7,
c3,0d,d0,85,de,44,bc,1f,93,89,16,4a,d9,ad,0d,0b,93,71,ae,00,00,00,00,00,00,\
.
Heure de fin: 2009-04-06 9:04:24
ComboFix-quarantined-files.txt 2009-04-06 07:04:19
ComboFix2.txt 2009-04-06 06:55:32

Avant-CF: 79 145 062 400 octets libres
Après-CF: 79,094,591,488 octets libres

304 --- E O F --- 2009-04-03 06:23:06
@++

[nardino]

Bonjour.

Télécharge OtMoveIt3 de OldTimer :
http://download.bleepingcomputer.com/ol ... oveIt3.exe

Enregistres-le sur le Bureau.
Double-clique sur OTMoveIt2.exe pour lancer l'outil.
Note :
Sous Vista, clic droit sur le fichier et Exécuter en tant qu'administrateur.
Copie toutes les lignes ci-dessous en citation par CTRL+C dans le presse-papier.

nettoyage

:files
c:\windows\System32\temp.00C
c:\windows\System32\temp.00B
c:\windows\System32\temp.00A
c:\windows\System32\temp.009
c:\windows\System32\temp.008
c:\windows\System32\temp.007
c:\windows\System32\temp.006
c:\windows\System32\temp.003
c:\windows\System32\temp.005
c:\windows\System32\temp.002
c:\windows\System32\temp.004
c:\windows\System32\temp.001
c:\users\MARIE\{cb5f830b-d414-46ae-a27d-28e5e7544ff1}

:commands
[purity]
[emptytemp]
[reboot]

Dans OtMoveIt3, place le curseur dans la la fenêtre "Paste List Of Files/Folders to Move" et tu cliques sur CTRL+V pour coller le contenu du presse-papier.
Clique sur le bouton MoveIt!, le rouge.
http://i75.servimg.com/u/f75/11/05/93/83/otmove11.jpg
Ferme l'outil.
Poste le contenu du rapport C:\_OTMoveIt\MovedFiles\********_******.log
Les * représentent Mois/Jour/Année_Heure/Minutes/Secondes

Avec des nouvelles sur l'évolution ou non de la situation.
@+

[dudu57]

re_
voici log. demandé :
Error: Unable to interpret <nettoyage> in the current context!
========== FILES ==========
c:\windows\System32\temp.00C moved successfully.
c:\windows\System32\temp.00B moved successfully.
c:\windows\System32\temp.00A moved successfully.
c:\windows\System32\temp.009 moved successfully.
c:\windows\System32\temp.008 moved successfully.
c:\windows\System32\temp.007 moved successfully.
c:\windows\System32\temp.006 moved successfully.
c:\windows\System32\temp.003 moved successfully.
c:\windows\System32\temp.005 moved successfully.
c:\windows\System32\temp.002 moved successfully.
c:\windows\System32\temp.004 moved successfully.
c:\windows\System32\temp.001 moved successfully.
c:\users\MARIE\{cb5f830b-d414-46ae-a27d-28e5e7544ff1} moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\JETACB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcafee_GLA4zw7ba0UyN20 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_5qeSkdZU7d4onY9 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_F3degZrnORK6aTu scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_4boFbCJTKqCt4wr scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_bCEJ5VQXlmbpkEe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_kz3yjLR7FjMTiiv scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_QlyFQO8AOdnRY4w scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_umPV7IH8bRqNVqU scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_xuTMHTXKebbabTT scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_YbeqBiF0VXBlKsk scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04062009_192341

Files moved on Reboot...
C:\Windows\temp\JETACB2.tmp moved successfully.
File C:\Windows\temp\mcafee_GLA4zw7ba0UyN20 not found!
File C:\Windows\temp\mcmsc_5qeSkdZU7d4onY9 not found!
File C:\Windows\temp\mcmsc_F3degZrnORK6aTu not found!
C:\Windows\temp\sqlite_4boFbCJTKqCt4wr moved successfully.
C:\Windows\temp\sqlite_bCEJ5VQXlmbpkEe moved successfully.
File C:\Windows\temp\sqlite_kz3yjLR7FjMTiiv not found!
File C:\Windows\temp\sqlite_QlyFQO8AOdnRY4w not found!
C:\Windows\temp\sqlite_umPV7IH8bRqNVqU moved successfully.
File C:\Windows\temp\sqlite_xuTMHTXKebbabTT not found!
File C:\Windows\temp\sqlite_YbeqBiF0VXBlKsk not found!

ps.: url "suspect" tjrs présent au démarrage pc/ ouverture auto. IE7

[nardino]

Bonsoir.

Télécharge Gmer.zip :
http://www.gmer.net/files.php

Décompresse le fichier gmer.zip
Dans le dossier gmer obtenu, clique droit sur gmer.exe (792ko) et Exécuter en tant qu'administrateur.
Dans la fenêtre qui s'ouvre, coche tout et surtout la partition C ou le disque C, c'est pareil.
Puis tu cliques sur Scan.

Quand ce dernier est terminé, tu cliques sur Save et nommes-le gmer.log.
Par défaut le rapport sera sauvegardé dans C:\Windows\gmer.log avec les fichiers gmer.dll, gmer.exe, gmer.ini et gmer_uninstall.cmd
Tu héberges le rapport ici :
http://cjoint.com/
Tu pointes sur C:\Windows\gmer.log et sur créer le lien Cjoint, puis tu me communiques le lien créé.

@+

[dudu57]

re_nardino
url hebergeur inaccessible pour l'instant...un autre site à me renseigner pour post log demandé...sinon essai + tard à++

[nardino]

Re,
Essaie celui-ci
http://rapidshare.de/
@+

[dudu57]

c'est bon url fonctionne maintenant...id. log demandé :
http://cjoint.com/?ejcCXQaVyq
p.s.
après scan terminé, mon fond d'écran a changé ensemble ma page de démarrgae iE7...ne sais pas si cause à effet ??
@+

[nardino]

Bonjour.
Il semble y avoir une incompatibilité entre DaemonTools et McAfee.
http://forum.zebulon.fr/erreur-avec-le- ... 19361.html

Renomme ce fichier C:\system32\drivers\mfehidk.sys en ajoutant .VIR à la fin
Ne supprime pas les clés de registre comme indiqué sur le lien, nous y regarderons ensuite.
Donne des nouvelles.

[dudu57]

re_
ok effectué...renomer comme conseillé :
http://cjoint.com/?ejdqjx3RSM
dans l'attente de tes nouvelles @++

[nardino]

Bonjour.

Notes-tu une amélioration depuis ?
@+

[dudu57]

Bsr_Nardino
Dsl mais l'url litigieuse du début du thread est revenue c'ead + exactement au démarrage du pc, la page IE s'ouvre tte seule à la seule différence qu'elle n'est + intempestive comme originairement !!
Qu'en penses-tu ??
@++