François-Joseph

Rapport OtMoveit3: Error: Unable to interpret <First> in the current context! ========== FILES ========== c:\windows\system32\csrcs.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\csrcs deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\F-J\LOCALS~1\Temp\etilqs_mRB9zBLInAAOnGkRr2xQ scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\ZLT05532.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT05535.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\F-J\Local Settings\Application Data\Mozilla\Firefox\Profiles\wjt6bsif.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\F-J\Local Settings\Application Data\Mozilla\Firefox\Profiles\wjt6bsif.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\F-J\Local Settings\Application Data\Mozilla\Firefox\Profiles\wjt6bsif.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\F-J\Local Settings\Application Data\Mozilla\Firefox\Profiles\wjt6bsif.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\F-J\Local Settings\Application Data\Mozilla\Firefox\Profiles\wjt6bsif.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_205105 Salutations F-J

Bonjour, Me revoilà, avec mes infections qui reviennent. Enlever après le passage de Mbam, après elles reviennent ci joint mon rapport Hijackthis. Merci de vous pencher sur mon problème. PROBLEMES RESOLUS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:10:25, on 22/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\csrcs.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: (no name) - {FC907671-A480-49CF-8953-F5E5CA145228} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171042786343 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: NameServer = 212.27.53.252,212.27.54.252 O21 - SSODL: mgxfebsq - {9849E03C-854F-4CC3-B8F1-0297289D59B2} - (no file) O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\APPLICATION\a-squared Free\a2service.exe (file missing) O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7582 bytes

Voici mon rapport HijackThis, merci pour l'aide apportée. F-J. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:58:27, on 14/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ma-config.com\maconfservice.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: (no name) - {FC907671-A480-49CF-8953-F5E5CA145228} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171042786343 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: NameServer = 212.27.53.252,212.27.54.252 O21 - SSODL: mgxfebsq - {9849E03C-854F-4CC3-B8F1-0297289D59B2} - (no file) O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\APPLICATION\a-squared Free\a2service.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6856 bytes

Désolé, il m'a semblé l'avoir envoyé avec mes remerciements, j'ai du faire une mauvaise manip. Je suis satisfait du résultat je joins le rapport. Bonne fin de W-E. F-J Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1496 Windows 5.1.2600 Service Pack 3 13/12/2008 13:05:35 mbam-log-2008-12-13 (13-05-35).txt Type de recherche: Examen rapide Eléments examinés: 51413 Temps écoulé: 6 minute(s), 7 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c80b7ff6-ce60-4079-935e-520c045c30a6} (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xdvoflr_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xdvoflr_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully Après le passage de mbam: Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1496 Windows 5.1.2600 Service Pack 3 13/12/2008 13:22:34 mbam-log-2008-12-13 (13-22-34).txt Type de recherche: Examen rapide Eléments examinés: 51359 Temps écoulé: 6 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Salutations, voici mon rapport: Zeb Help Process v2.33 by Nicolas Coolman - Rapport Général du 13/12/2008 00:41:55 Rapport de ZHPDiag v1.1.3.7 par Nicolas Coolman Enregistré le 13/12/2008 00:41:17 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v7.0.5730.11 MFIE: Mozilla Firefox (3.0.4) ---\\ Processus lancés C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\APPLICATION\a-squared Free\a2service.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\services.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\lsass.exe slserv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe ---\\ Modification d'une valeur System.ini (F2) F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - {FC907671-A480-49CF-8953-F5E5CA145228} - ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/prot...b?1171038804327 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171042786343 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ---\\ Piratage de domaine (Lop.com) (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS3\Services\Tcpip\..\{1D66FAE5-E1DD-4E11-A712-E3E4B9CC79FF}: 212.27.53.252,212.27.54.252 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL ---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20) O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll ---\\ Services NT non Microsoft et non désactivés (O23) O23 - Service: a-squared Free Service (a2free) - D:\APPLICATION\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Google Updater Service (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDScheduler (PDSched) - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SmartLinkService (SLService) - slserv.exe O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service ---\\ Enumération des composants Active Desktop (O24) O24 - Desktop Component 0: Ma page d'accueil - file:About:Home Lignes traitées 60/61 Merci de se pencher sur cet imbroglio.

Salutations cordiales à tous, Je pense que mon ordi est infecté suite au passage de ZHP et ZHDiag. Je suis un peu perdu dans vos forums pourtant cela fait belle lurette que je consulte Zebulon. Retraité des mines de potasse d'Alsace, mineur de fond pendant 35 ans, j'ai pris plaisir à utiliser l'informatique pour rester en contact avec mes amis, malheureusement avec des risques. Où puis-je joindre mes rapports ZHP et ZHdiag? et comment faire. Merci de me répondre et me dépanner. PS. A l'ouverture du bureau il y a une fenêtre "L'application csrcs.exe ne peut être éxécutée en mode Win 32"