xts31

salut thanos , merci de ton aide. desole j' ai pas pu me connecter hier . sinon j' ai fait la premiere etape avec CFScript je vais y mettre le rapport ; par contre le site avec Kaspersky bloque a la 1ere etape ( pe etre un conflit avec mon antivirus ) . mais j' ai lance " housecall" antivirus en ligne ca a nettoye un pe mais j' ai pas pu enregistrer le rapport ou alors j' ai du merdé quelque part . je vais essayer avec un autre site en ligne et y ajouter le rapport ( style bitdefender , panda ... ) bonne aprem' . @ + rapport combofix : ComboFix 08-05-01.3 - User 2008-05-08 6:21:47.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.731 [GMT 2:00] Endroit: C:\Documents and Settings\User\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))))))) . 2008-05-07 02:19 . 2008-05-07 02:19 <REP> d-------- C:\WINDOWS\ERUNT 2008-05-07 00:05 . 2008-05-07 00:05 <REP> d-------- C:\Program Files\Java 2008-05-07 00:05 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-05-07 00:04 . 2008-05-07 00:04 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-05-06 23:19 . 2008-05-06 23:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-06 23:19 . 2008-05-06 23:19 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes 2008-05-06 23:19 . 2008-05-06 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-06 23:19 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 23:19 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-04-25 19:38 . 2008-04-25 19:38 <REP> d-------- C:\Program Files\CCleaner 2008-04-25 19:26 . 2008-04-25 19:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-25 19:25 . 2007-02-07 16:05 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-25 19:25 . 2007-02-07 16:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-25 19:25 . 2008-04-25 19:25 <REP> d-------- C:\Documents and Settings\Administrateur 2008-04-25 19:25 . 2008-05-08 05:53 1,024 --ah----- C:\Documents and Settings\Administrateur\NtUser.dat.LOG 2008-04-25 19:01 . 2008-04-25 19:01 <REP> d-------- C:\ERDNT 2008-04-25 18:45 . 2008-04-25 18:45 <REP> d-------- C:\Program Files\Panda Security 2008-04-25 18:45 . 2008-04-25 18:45 1,835 --a------ C:\WINDOWS\mozver.dat 2008-04-22 02:35 . 2008-04-22 02:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 02:14 . 2008-04-22 02:14 <REP> d-------- C:\Program Files\Neuf . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 04:12 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-05-08 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-07 00:11 --------- d-----w C:\Documents and Settings\User\Application Data\U3 2008-04-25 16:42 --------- d-----w C:\Documents and Settings\User\Application Data\Lavasoft 2008-04-23 17:29 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-22 01:13 --------- d-----w C:\Program Files\Picasa2 2008-04-22 00:34 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-04-21 22:57 --------- d-----w C:\Program Files\Google 2008-04-15 16:38 --------- d-----w C:\Program Files\eMule 2008-03-22 16:00 --------- d-----w C:\Program Files\AxBx 2008-03-16 13:59 --------- d-----w C:\Program Files\comptes 2008-03-09 17:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-07_ 2.41.58.93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-07 00:39:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-08 04:24:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-08 04:24:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_448.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 16:03 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 20:25 1961984] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19 729088] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 11:29 7700480] "nwiz"="nwiz.exe" [2006-11-17 11:29 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 11:29 86016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-08 16:20 98304] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-22 07:33 1836544] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 02:34 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [ ] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAMS] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669927b8-e78c-11db-a68b-0007cb0000ff}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 06:24:25 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 16 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\ATL.DLL -> ?:\WINDOWS\system32\ATL.DLL -> ?:\WINDOWS\system32\ATL.DLL . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.bin C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-08 6:26:59 - machine was rebooted [user] ComboFix-quarantined-files.txt 2008-05-08 04:26:55 ComboFix2.txt 2008-05-07 00:42:10 Pre-Run: 62,212,116,480 octets libres Post-Run: 62,201,896,960 octets libres 137 --- E O F --- 2008-04-23 01:01:13

salut Thanos , et merci pour ton aide . je vais te poster les 2 rapports et je me reconnecterais cet apres midi . bonne nuit . rapport sdfix : SDFix: Version 1.180 Run by User on 07/05/2008 at 02:21 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\User\Bureau\SDFIX\SDFix Checking Services : Name : Windos Service Protocol Line Path : "C:\WINDOWS\wspl.exe" Windos Service Protocol Line - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp Found C:\WINDOWS\system32\Microsoft\backup.tftp Found Checking files: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp Dummy: C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Files copied to SDFix\Backups Restoring files if backups are found Final Check: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\cecceebcfbc.dll - Deleted C:\PROGRA~1\COMPLU~1\LAVUG - Deleted C:\Program Files\.autoreg - Deleted C:\WINDOWS\schedhlp.exe - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted C:\WINDOWS\system32\plms.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-07 02:25:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 16 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\DOCUME~1\User\Bureau\SDFIX\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 22 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe" Thu 22 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 15 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! et voici le rapport combo fix . allez je vais dormir et je reviendrais apres le boulot ds l' apres midi . @+ ComboFix 08-05-01.3 - User 2008-05-07 2:36:52.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.720 [GMT 2:00] Endroit: C:\Documents and Settings\User\Bureau\KELK PTITS LOGICIELS\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\LocalService\Menu Démarrer\Programmes\Outerinfo C:\Documents and Settings\LocalService\Menu Démarrer\Programmes\Outerinfo\Terms.lnk C:\Documents and Settings\LocalService\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk C:\Program Files\racle~1 C:\WINDOWS\sstem~1 C:\WINDOWS\sstem~1\s?stem\ . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWSAPAGENT -------\Service_NwSapAgent ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))))))) . 2008-05-07 02:19 . 2008-05-07 02:19 <REP> d-------- C:\WINDOWS\ERUNT 2008-05-07 00:05 . 2008-05-07 00:05 <REP> d-------- C:\Program Files\Java 2008-05-07 00:05 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-05-07 00:04 . 2008-05-07 00:04 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-05-06 23:19 . 2008-05-06 23:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-06 23:19 . 2008-05-06 23:19 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes 2008-05-06 23:19 . 2008-05-06 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-06 23:19 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 23:19 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-04-25 19:38 . 2008-04-25 19:38 <REP> d-------- C:\Program Files\CCleaner 2008-04-25 19:26 . 2008-04-25 19:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-25 19:25 . 2007-02-07 16:05 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-25 19:25 . 2007-02-07 16:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-04-25 19:25 . 2007-02-07 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-25 19:25 . 2008-04-25 19:25 <REP> d-------- C:\Documents and Settings\Administrateur 2008-04-25 19:25 . 2008-05-07 02:36 1,024 --ah----- C:\Documents and Settings\Administrateur\NtUser.dat.LOG 2008-04-25 19:01 . 2008-04-25 19:01 <REP> d-------- C:\ERDNT 2008-04-25 18:45 . 2008-04-25 18:45 <REP> d-------- C:\Program Files\Panda Security 2008-04-25 18:45 . 2008-04-25 18:45 1,835 --a------ C:\WINDOWS\mozver.dat 2008-04-22 02:35 . 2008-04-22 02:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 02:14 . 2008-04-22 02:14 <REP> d-------- C:\Program Files\Neuf . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-07 00:35 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-05-07 00:11 --------- d-----w C:\Documents and Settings\User\Application Data\U3 2008-05-06 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-25 16:42 --------- d-----w C:\Documents and Settings\User\Application Data\Lavasoft 2008-04-23 17:29 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-22 01:13 --------- d-----w C:\Program Files\Picasa2 2008-04-22 00:34 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-04-21 22:57 --------- d-----w C:\Program Files\Google 2008-04-15 16:38 --------- d-----w C:\Program Files\eMule 2008-03-22 16:00 --------- d-----w C:\Program Files\AxBx 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-16 13:59 --------- d-----w C:\Program Files\comptes 2008-03-09 17:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{141FDC3C-15FB-11DD-B723-9EF855D89593}] 2003-07-17 07:01 65041 --a------ C:\WINDOWS\system32\bsm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{454692C6-5302-24AF-0413-5A00BFCE8DE9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75E0FB50-E6B3-4CD4-ACD0-F0625BE2F118}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB37127E-9824-4837-B5B0-1C0A8BA2A79C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC3FA103-7E98-4F1A-9B1D-01DB055FA6D5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FlyAway"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 16:03 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 20:25 1961984] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19 729088] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 11:29 7700480] "nwiz"="nwiz.exe" [2006-11-17 11:29 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 11:29 86016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-08 16:20 98304] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-22 07:33 1836544] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 02:34 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [ ] "Teoa"="C:\WINDOWS\SSTEM~1\msconfig.exe" [ ] "Jivtq"="C:\Program Files\?racle\?hkntfs.exe" [ ] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352] "NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [ ] "nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAMS] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669927b8-e78c-11db-a68b-0007cb0000ff}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeceb13e-12e8-11dd-a905-0018f30827fe}] \Shell\AutoRun\command - F:\LaunchU3.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-07 02:39:40 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 16 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.bin . ************************************************************************** . Temps d'accomplissement: 2008-05-07 2:42:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-07 00:42:06 Pre-Run: 63,057,993,728 octets libres Post-Run: 62,999,711,744 octets libres 153 --- E O F --- 2008-04-23 01:01:13

Runscanner logfile * = signed file - = file not found 000 General info ---------------- Computer name : USER-61BA7E4780 Creation time : 05/05/2008 21:37:31 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 7.0.5730.13 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 2 RunScanner Version : 1.6.3.0 User Language : Français (France) User rights : Administrator Windows folder : C:\WINDOWS 001 Running processes --------------------- * c:\windows\system32\winlogon.exe (Microsoft Corporation) * c:\windows\system32\alg.exe (Microsoft Corporation) * c:\windows\system32\services.exe (Microsoft Corporation) c:\program files\analog devices\soundmax\smax4.exe (Analog Devices, Inc.) * c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software) * c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software) * c:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software) * c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software) * c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software) * c:\windows\system32\csrss.exe (Microsoft Corporation) * c:\windows\system32\ctfmon.exe (Microsoft Corporation) * c:\windows\explorer.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\smss.exe (Microsoft Corporation) * c:\program files\google\common\google updater\googleupdaterservice.exe (Google) * c:\windows\system32\lsass.exe (Microsoft Corporation) c:\program files\fichiers communs\lightscribe\lssrvc.exe (Hewlett-Packard Company) * c:\windows\system32\nvsvc32.exe (NVIDIA Corporation) c:\program files\openoffice.org 2.0\program\soffice.exe (OpenOffice.org) c:\program files\openoffice.org 2.0\program\soffice.bin (OpenOffice.org) * c:\program files\fichiers communs\real\update_ob\realsched.exe (RealNetworks, Inc.) * c:\documents and settings\user\bureau\runscanner\runscanner.exe (Runscanner.net) * c:\program files\analog devices\core\smax4pnp.exe (Analog Devices, Inc.) * c:\windows\system32\spoolsv.exe (Microsoft Corporation) * c:\program files\messenger\msmsgs.exe (Microsoft Corporation) * c:\windows\system32\wuauclt.exe (Microsoft Corporation) * c:\windows\system32\wuauclt.exe (Microsoft Corporation) 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- * c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software) c:\program files\google\google desktop search\googledesktop.exe (Google) c:\windows\system32\jmraidtool.exe (JMicron Technology Corp.) c:\windows\system32\nerocheck.exe (Nero AG) C:\WINDOWS\system32\nwiz.exe c:\program files\quicktime\qttask.exe (Apple Computer, Inc.) c:\program files\analog devices\soundmax\smax4.exe (Analog Devices, Inc.) * c:\program files\fichiers communs\real\update_ob\realsched.exe (RealNetworks, Inc.) 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\program files\ahead\nero backitup\nbj.exe (Ahead Software AG) 004 C:\Documents and Settings\User\Menu Démarrer\Programmes\Démarrage --------------------------------------------------------------------- c:\progra~1\openof~1.0\program\quicks~1.exe 005 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -------------------------------------------------------------------------- * c:\progra~1\google\google~1\google~1.exe (Google) 008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys) -------------------------------------------------------------------------- - c:\program files\javacore\javacore.exe - c:\program files\?racle\?hkntfs.exe - c:\program files\\nodns\\nodns.exe - c:\program files\nvcoi\nvcoi.exe - c:\windows\sstem~1\msconfig.exe c:\program files\xinside\xinside.exe 009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys) ------------------------------------------------------------------------ - c:\program files\javacore\javacore.exe - c:\program files\?racle\?hkntfs.exe - c:\program files\\nodns\\nodns.exe - c:\program files\nvcoi\nvcoi.exe - c:\windows\sstem~1\msconfig.exe c:\program files\xinside\xinside.exe 010 HKLM\SYSTEM\CurrentControlSet\Services (Services) ----------------------------------------------------- * c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus) * c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service) * c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner) * c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner) c:\program files\fichiers communs\lightscribe\lssrvc.exe (LightScribeService Direct Disc Labeling Service) - c:\windows\wspl.exe (Windos Service Protocol Line) 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) ---------------------------------------------------- C:\WINDOWS\system32\drivers\alcaudsl.sys (Alcatel Speed Touch ADSL Modem ATM Transport) C:\WINDOWS\system32\drivers\alcan5ln.sys (Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS)) * C:\WINDOWS\system32\drivers\aswfsblk.sys (aswFsBlk) * c:\windows\system32\drivers\aswrdr.sys (aswRdr) * c:\windows\system32\drivers\aavmker4.sys (avast! Asynchronous Virus Monitor) * c:\windows\system32\drivers\aswtdi.sys (avast! Network Shield Support) * c:\windows\system32\drivers\aswsp.sys (avast! Self Protection) * c:\windows\system32\drivers\aswmon2.sys (avast! Standard Shield Support) C:\WINDOWS\system32\drivers\fbxusb32.sys (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\changer.sys (Changer) - c:\windows\system32\drivers\i2omgmt.sys (i2omgmt) - c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc) - c:\windows\system32\drivers\pcidump.sys (PCIDump) - c:\windows\system32\drivers\pdcomp.sys (PDCOMP) - c:\windows\system32\drivers\pdframe.sys (PDFRAME) - c:\windows\system32\drivers\pdreli.sys (PDRELI) - c:\windows\system32\drivers\pdrframe.sys (PDRFRAME) C:\WINDOWS\system32\drivers\rtenicxp.sys (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) - c:\windows\system32\drivers\wanatw4.sys (WAN Miniport (ATW)) - c:\windows\system32\drivers\wdica.sys (WDICA) 031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler ------------------------------------------- c:\program files\fichiers communs\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} c:\program files\fichiers communs\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} c:\program files\fichiers communs\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D} c:\program files\fichiers communs\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} 034 HKLM-HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ------------------------------------------------------------------------- - explorer.exe C:\WINDOWS\wspl.exe 036 HKCU\Software\Microsoft\Internet Explorer\Desktop\Components ---------------------------------------------------------------- c:\program files\complus applications\profsyrt.html 047 Trusted zones ----------------- Zone: download.windowsupdate.com : http://download.windowsupdate.com Zone: objects.aol.com : *.objects.aol.com Zone: update.microsoft.com : http://update.microsoft.com Zone: update.microsoft.com : https://update.microsoft.com Zone: windowsupdate.com : http://windowsupdate.com Zone: windowsupdate.microsoft.com : http://windowsupdate.microsoft.com Zone: www.update.microsoft.com : http://www.update.microsoft.com 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ---------------------------------------------------------------------------------- GUID / CLSID not found {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} GUID / CLSID not found {454692C6-5302-24AF-0413-5A00BFCE8DE9} GUID / CLSID not found {75E0FB50-E6B3-4CD4-ACD0-F0625BE2F118} GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045} GUID / CLSID not found {DB37127E-9824-4837-B5B0-1C0A8BA2A79C} GUID / CLSID not found {EC3FA103-7E98-4F1A-9B1D-01DB055FA6D5} c:\windows\system32\bsm.dll {141FDC3C-15FB-11DD-B723-9EF855D89593} * c:\program files\google\googletoolbarnotifier\2.1.615.5858\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} * c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer) {3049C3E9-B461-4BC5-8870-4C09146192CA} 061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved --------------------------------------------------------------------------------- * c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D} c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} c:\progra~1\fichie~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} * c:\program files\microsoft office\office10\olkfstub.dll (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046} c:\program files\fichiers communs\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3} c:\program files\fichiers communs\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8} c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} c:\program files\openoffice.org 2.0\program\shlxthdl.dll (Sun Microsystems, Inc.) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} c:\program files\openoffice.org 2.0\program\shlxthdl.dll (Sun Microsystems, Inc.) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} c:\program files\openoffice.org 2.0\program\shlxthdl.dll (Sun Microsystems, Inc.) {63542C48-9552-494A-84F7-73AA6A7C99C1} c:\program files\openoffice.org 2.0\program\shlxthdl.dll (Sun Microsystems, Inc.) {3B092F0C-7696-40E3-A80F-68D74DA84210} * c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------------ c:\program files\fichiers communs\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882} c:\program files\fichiers communs\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} c:\program files\openoffice.org 2.0\program\shlxthdl.dll (Sun Microsystems, Inc.) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} 067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify --------------------------------------------------------------------- c:\windows\system32\cecceebcfbc.dll 100 Internet Explorer settings ------------------------------ Search Page HKCU : http://recherche.neuf.fr/ SearchAssistant HKLM : http://recherche.neuf.fr/ie/default.html Start Page HKCU : http://www.google.fr/firefox?client=firefo...lla:fr:official 102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars ------------------------------------------------------------------ GUID / CLSID not found {B28BB341-2C37-4711-BF95-9DDB4CE55F4A} 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt ----------------------------------------------------- &Recherche AOL Toolbar : res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML E&xporter vers Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs -------------------------------------------------------------------------- c:\progra~1\google\google~3\goec62~1.dll (Google) 170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ------------------------------------------------------------------------ {61d4dcb7-45d1-11dc-a740-0090d07d4141} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e {669927b8-e78c-11db-a68b-0007cb0000ff} : F:\LaunchU3.exe -a {eeceb13e-12e8-11dd-a905-0018f30827fe} : F:\LaunchU3.exe F : F:\LaunchU3.exe 173 HKCR\*\shellex\ContextMenuHandlers -------------------------------------- * c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ------------------------------------------------------- * c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ * c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} * c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers --------------------------------------------------------------- c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} 231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------- c:\program files\fichiers communs\ahead\lib\nerodigitalext.dll (Nero AG) NeroDigitalExt.NeroDigitalColumnHandler c:\program files\openoffice.org 2.0\program\shlxthdl.dll (Sun Microsystems, Inc.) OpenOffice.org Column Handler c:\program files\fichiers communs\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info

bonjour , je suis sur un 2e ordi car le premier a des problemes. je pense avoir le virus WIN32:CTX , j utilise avast familial et le centre de securite ne veut pas se lancer , malgré en passant par -> outils d' administration ..... dans le panneau de config il reste desactivé en gris . je peux me connecter sur le net mais , tous les sites avec un antivirus en ligne me font interrompre la connection ( avec Mozilla ) et meme pour rechercher un antivirus avec Google je suis oblige de l' écrire en faisant des fautes ! le logiciel hijack ne peut pas se lancer même en le renommant . j' ai lu sur un forum d' utiliser Runscanner et là ça marche . je peux vous poster le rapport . et aussi au démarrage il y a une fenêtre windows me disant qu' il ne trouve pas c:\windows\wspl.exe . ça fait 3 problèmes , j' espere que vous pourrez m' aider sans avoir a formater . merci d' avance .