ta dernière question m'a fait

Passons, mais pour y revenir sérieusement par la suite ; j'ai notamment vu les conseils que tu as donnés à lolo4u il y a une semaine ...
Bon, et maintenant le résultat de la procédure :
f-sasser : rien ! pas de message, je suppose donc que ce n'est pas ce qui empoisonne ma machine.
Combofix a tourné alors que SpyGuard et Pestpatrol n'étaient pas complètement arrêtés (d'où la question de SG : est-ce que tu veux que je modifie telle valeur concernant IE ?
Voici le rapport BlackLight :
01/30/07 21:32:00 [Info]: BlackLight Engine 1.0.55 initialized
01/30/07 21:32:00 [Info]: OS: 5.0 build 2195 (Service Pack 4)
01/30/07 21:32:00 [Note]: 7019 4
01/30/07 21:32:00 [Note]: 7005 0
01/30/07 21:32:40 [Note]: 7006 0
01/30/07 21:32:40 [Note]: 7011 884
01/30/07 21:32:40 [Note]: 7026 0
01/30/07 21:32:41 [Note]: 7026 0
01/30/07 21:32:47 [Note]: FSRAW library version 1.7.1021
01/30/07 21:35:22 [Note]: 7007 0
Pas de rapport HiJackThis, il n'y avait rien !
Maintenant Autoruns - il y avait une imprécision dans la manip, j'en ai déduit qu'elle se devait se faire avec des droits admin :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ !AVG Anti-Spyware AVG Anti-Spyware Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
+ BDMCon BitDefender Management Console SOFTWIN S.R.L. c:\program files\softwin\bitdefender9\bdmcon.exe
+ BDNewsAgent BitDefender News Agent SOFTWIN S.R.L c:\program files\softwin\bitdefender9\bdnagent.exe
+ BDOESRV bdoesrv application SOFTWIN SRL c:\program files\softwin\bitdefender9\bdoesrv.exe
+ CaISSDT CA ISS Dashboard Tray Computer Associates International, Inc. c:\program files\ca\etrust internet security suite\caissdt.exe
+ eTrustPPAP eTrust PestPatrol background protection application Computer Associates c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\ppactivedetection.exe
+ NeroCheck NeroCheck Ahead Software Gmbh c:\winnt\system32\nerocheck.exe
+ Outpost Firewall Outpost Firewall main module Agnitum c:\program files\agnitum\outpost firewall 1.0\outpost.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
+ OpenOffice.org 2.0.lnk c:\program files\openoffice.org 2.0\program\quickstart.exe
+ SpywareGuard.lnk SpywareGuard c:\program files\spywareguard\sgmain.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
+ spywareguard.dll SpywareGuard Protection c:\program files\spywareguard\spywareguard.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ BitDefender Antivirus v9 BDShellExt Module c:\program files\softwin\bitdefender9\bdshelxt.dll
+ Extension Affichage Panorama du Panneau de configuration File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\winnt\system32\hticons.dll
+ OpenOffice.org Column Handler Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Infotip Handler Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Property Sheet Handler Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ OpenOffice.org Thumbnail Viewer Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
+ Outpost Shell Extension Outpost Shell Handler Agnitum Ltd. c:\program files\agnitum\outpost firewall 1.0\oshdlr.dll
+ QCD IconHandler QCDShellExt Module c:\program files\quintessential player\qcdicons.dll
+ spywareguard.dll SpywareGuard Protection c:\program files\spywareguard\spywareguard.dll
+ XnView Shell Extension XnViewShellExt Module c:\program files\xnview\xnviewshellext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Sun Microsystems, Inc. c:\program files\openoffice.org 2.0\program\shlxthdl.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ SpywareGuardDLBLOCK.CBrowserHelper SpywareGuard Download Protection c:\program files\spywareguard\dlprotect.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\ssv.dll
HKLM\System\CurrentControlSet\Services
+ AVG Anti-Spyware Guard AVG Anti-Spyware guard Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
+ bdss Analyse contre les virus et autres menaces c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe
+ Diskeeper Controls the Diskeeper Service Executive Software International, Inc. c:\program files\executive software\diskeeperlite\dkservice.exe
+ dmserver Service de surveillance du Gestionnaire de disque logique VERITAS Software Corp. c:\winnt\system32\dmserver.dll
+ LIVESRV Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet SOFTWIN S.R.L. c:\program files\fichiers communs\softwin\bitdefender update service\livesrv.exe
+ OutpostFirewall Outpost Firewall main module Agnitum c:\program files\agnitum\outpost firewall 1.0\outpost.exe
+ VSSERV Analyse contre les virus et autres menaces SOFTWIN S.R.L. c:\program files\softwin\bitdefender9\vsserv.exe
+ XCOMM Assure la communication efficace entre les composants BitDefender Softwin c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe
HKLM\System\CurrentControlSet\Services
+ ADBLOCK.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\adblock.dll
+ AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
+ AvgAsCln AVG7 Clean Driver GRISOFT, s.r.o. c:\winnt\system32\drivers\avgascln.sys
+ bdfdll c:\program files\softwin\bitdefender9\bdfdll.sys
+ BDFsDrv c:\program files\softwin\bitdefender9\bdfsdrv.sys
+ BDRsDrv c:\program files\softwin\bitdefender9\bdrsdrv.sys
+ CDRPDACC CD Device Access Arrowkey c:\program files\quintessential player\cdrpdacc.sys
+ CONTENT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\content.dll
+ dmio Pilote E/S du Gestionnaire de disques NT VERITAS Software Corp. c:\winnt\system32\drivers\dmio.sys
+ dmload NT Disk Manager Startup Driver VERITAS Software Corp. c:\winnt\system32\drivers\dmload.sys
+ DNSCACHE.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\dnscache.dll
+ fbxusb FreeBox USB to NDIS Miniport Driver FreeBox SA c:\winnt\system32\drivers\fbxusb.sys
+ FTPFILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\ftpfilt.dll
+ HTMLFILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\htmlfilt.dll
+ HTTPFILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\httpfilt.dll
+ IMAPFILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\imapfilt.dll
+ MAILFILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\mailfilt.dll
+ NNTPFILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\nntpfilt.dll
+ POP3FILT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\pop3filt.dll
+ PROTECT.DLL Outpost Firewall kernel mode plugin Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\protect.dll
+ Ptilink Pilote de liaison parallèle directe Parallel Technologies, Inc. c:\winnt\system32\drivers\ptilink.sys
+ VFILT Virtual Firewall driver Agnitum c:\program files\agnitum\outpost firewall 1.0\kernel\2000\filtnt.sys
+ VIAudio VIA AC'97 Audio WDM Driver VIA Technologies, Inc. c:\winnt\system32\drivers\viaudio.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ sockspy.dll c:\winnt\system32\sockspy.dll
Et pour finir le rapport Combofix :
"Administrateur" - mar. 30/01/2007 21:25:00 Service Pack 4
ComboFix 07-01-24.2 - Running from: "C:\Documents and Settings\Administrateur\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))
2007-01-24 22:39 612 --a------ C:\Combo.bat
2007-01-24 21:49 <DIR> d-------- C:\Autoruns
2007-01-20 21:29 853 --a------ C:\reboot.cmd
2007-01-20 21:29 68,096 --a------ C:\diff.exe
2007-01-20 21:29 103,424 --a------ C:\grep.exe
2007-01-18 20:47 <DIR> d-------- C:\SDFix
2007-01-16 22:03 <DIR> d-------- C:\RegSearch
2007-01-13 15:52 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-01-13 15:52 <DIR> d-------- C:\Program Files\Grisoft
2007-01-04 20:58 <DIR> d-------- C:\HijackThis
2007-01-04 20:24 <DIR> d-------- C:\ResHacker
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-30 21:23 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\openoffice.org2
2007-01-24 23:32 -------- d-------- C:\Program Files\mozilla firefox
2007-01-13 15:52 -------- d-------- C:\Program Files\total uninstall
2007-01-05 12:23 -------- d-------- C:\Program Files\spywareguard
2007-01-05 12:12 -------- d-------- C:\Program Files\spywareblaster
2006-12-21 12:06 -------- d-------- C:\Program Files\openoffice.org 2.0
2006-12-14 11:31 76437 ---hs---- C:\WINNT\system32\mmopcvm.exe
2006-12-08 22:18 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\quintessential player
2006-12-07 11:55 -------- d-------- C:\Program Files\audacity
2006-12-05 01:13 -------- d-------- C:\Program Files\photofiltre
2006-12-04 23:03 -------- d-------- C:\Program Files\Fichiers communs\agfa
2006-12-04 23:03 -------- d-------- C:\Program Files\agfa
2006-12-04 22:43 -------- d-------- C:\Program Files\quintessential player
2006-12-04 20:54 -------- d-------- C:\Program Files\cdex_170b2
2006-11-20 09:55 77824 --a------ C:\WINNT\system32\xcomm.dll
2006-11-20 09:55 73728 --a------ C:\WINNT\system32\sockspy.dll
2006-11-13 21:54 0 --a------ C:\WINNT\system32\bitcomet.exe
2006-10-30 10:37 38 --a------ C:\Program Files\lic-en-ce_anti_espions.txt
2006-10-28 22:31 1077 --a------ C:\DOCUME~1\ADMINI~1\Application Data\adobedlm.log
2006-10-28 22:31 0 --a------ C:\DOCUME~1\ADMINI~1\Application Data\dm.ini
2006-10-08 13:41 271 ---h----- C:\Program Files\desktop.ini
2006-10-08 13:41 22115 ---h----- C:\Program Files\folder.htt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"Outpost Firewall"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\outpost.exe /waitservice"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroCheck"="C:\\WINNT\\system32\\\\NeroCheck.exe"
"CaISSDT"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
"BDMCon"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdnagent.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMMyDocs"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=dword:00000001
"NoFavoritesMenu"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoSMMyDocs"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0
Completion time: Tue 2007-01-30 21:28:33
C:\ComboFix2.txt ... 07-01-24 22:49
C:\ComboFix3.txt ... 07-01-24 22:39
Voilà ! Comme tu le vois j'avais déjà lancé la procédure le 24, mais à cause d'un problème + manque de temps, j'avais dû l'interrompre. Entre-temps, machine au repos.
Que révèlent donc ces logs ? Jusque-là - 2 connexions, 10 minutes en tout depuis la manip - le problème ne s'est plus manifesté ... Je croise les doigts, en attendant quelque manip réputée plus efficace ...
Merci et à bientôt.
Kwadonc