bonbelo

re, alors j'ai lancé combofix, les petits problèmes que j'avais cité plus haut sont résolu voici le log de combo fix (celui de hijack en dessous) Je vais lancé MBAM ensuite par précaution, je te remercie bien Combofix : ComboFix 08-08-30.03 - Administrateur 2009-01-10 20:20:29.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.217 [GMT 1:00] Endroit: C:\CboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . - FONCTIONNALITES REDUITES - . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\runsql.exe C:\WINDOWS\sv.exe C:\WINDOWS\svc.exe C:\WINDOWS\svhoster.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\WINDOWS\svzip.exe C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\wsnpoem\audio.dll C:\WINDOWS\system32\wsnpoem\audio.dll.cla C:\WINDOWS\system32\wsnpoem\video.dll C:\WINDOWS\vlc.exe C:\WINDOWS\wdmon.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))))))) . 2009-01-10 20:15 . 2009-01-10 20:15 <REP> d-------- C:\Program Files\Trend Micro 2009-01-10 19:05 . 2009-01-10 18:42 2,840,693 -ra------ C:\CboFix.exe 2009-01-10 18:34 . 2009-01-10 18:34 <REP> d-------- C:\MSNFix 2009-01-10 01:21 . 2009-01-10 01:21 54,272 --a------ C:\Documents and Settings\Administrateur.PNX\Application Data\casino.exe 2009-01-10 01:21 . 2009-01-10 01:21 41,472 -r-hs---- C:\WINDOWS\system32\aaaamonh.exe 2008-12-25 20:44 . 2008-12-26 02:33 <REP> d-------- C:\Dossier pour transfert 2008-12-24 23:10 . 2008-12-24 23:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard 2008-12-24 21:44 . 2008-12-24 21:44 <REP> d-------- C:\Program Files\Western Digital 2008-12-24 21:33 . 2008-12-24 21:33 <REP> d-------- C:\Program Files\Microsoft LifeChat 2008-12-19 12:55 . 2008-12-19 12:55 268 --ah----- C:\sqmdata02.sqm 2008-12-19 12:55 . 2008-12-19 12:55 244 --ah----- C:\sqmnoopt02.sqm 2008-12-16 00:10 . 2008-12-16 00:09 233,984 --a------ C:\WINDOWS\odb.exe 2008-12-16 00:10 . 2008-12-16 00:09 40,960 -r-hs---- C:\WINDOWS\system32\ahuil.exe 2008-12-16 00:10 . 2008-12-16 00:11 109 --ahs---- C:\WINDOWS\system32\3360479463.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 19:12 --------- d-----w C:\Program Files\PowerArchiver 2009-01-10 00:42 --------- d-----w C:\Documents and Settings\Administrateur.PNX\Application Data\Avant Browser 2009-01-05 03:55 --------- d-----w C:\Program Files\eChanblard 2008-12-24 23:40 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-12-11 20:00 --------- d-----w C:\Documents and Settings\Administrateur.PNX\Application Data\OpenOffice.org2 2008-12-05 19:36 --------- d-----w C:\Program Files\CrackAttack 2008-11-23 18:01 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-11-23 17:59 --------- d-----w C:\Program Files\Microsoft.NET 2008-11-18 23:34 --------- d-----w C:\Program Files\Frets on Fire 2008-11-18 23:33 --------- d-----w C:\Documents and Settings\Administrateur.PNX\Application Data\fretsonfire 2008-11-12 21:07 --------- d-----w C:\Program Files\Lx_cats . ------- Sigcheck ------- 2004-09-29 19:47 660992 61cdcab341ade3482101da90fcc793ac C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll 2004-09-29 22:49 1220608 0446f3e52f44d3ae77697d5da9fcda21 C:\WINDOWS\system32\wininet.dll 2004-12-10 22:44 359040 7e3cf130fcc4a76940a5ac9a0d0cd437 C:\WINDOWS\system32\drivers\tcpip.sys 2005-03-12 03:42 2322816 ef63ab857ca46064a559d32ca57ca53b C:\WINDOWS\system32\ntoskrnl.exe 2005-03-22 21:54 1911808 90d748e56c710383c441e7bd274c870f C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 22:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 18:27 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 07:19 20480] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280] "LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 11:16 267296] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:54 15360] "LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 03:37 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] UpdateWin REG_SZ C:\WINDOWS\system32\aaaamonh.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.PNX^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] path=C:\Documents and Settings\Administrateur.PNX\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.PNX^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^E-Color.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\E-Color.lnk backup=C:\WINDOWS\pss\E-Color.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ????????Ÿ [?] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ????????Ÿ [?] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-02-28 22:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] -ra------ 2006-07-26 07:19 540672 C:\Program Files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 10:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2005-06-08 13:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 14:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 14:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2005-07-19 16:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] --a------ 2007-04-30 07:19 20480 C:\Program Files\Lexmark 2500 Series\lxddamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] --a------ 2007-06-11 18:27 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:07 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odb] --a------ 2008-12-16 00:09 233984 C:\WINDOWS\odb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray] --a------ 2008-01-24 18:36 141352 C:\Program Files\PowerArchiver\PASTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 09:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2008-08-01 14:23 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-12-14 02:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-05-29 21:56 185784 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateWin] -r-hs---- 2009-01-10 01:21 41472 C:\WINDOWS\system32\aaaamonh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "wampmysqld"=3 (0x3) "wampapache"=3 (0x3) "ATI Smart"=2 (0x2) "aswUpdSv"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "PnkBstrA"=2 (0x2) "avast! Mail Scanner"=3 (0x3) "ose"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "<NO NAME>"= :Yahoo! Music Jukebox "C:\\WINDOWS\\system32\\lxddcoms.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"= "C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 14:22] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 08:41] S0 rnmblv;rnmblv;C:\WINDOWS\system32\drivers\upyjsd.sys [] S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 08:41] S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37] S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0531674e-c137-11dd-898c-0019db4bb42f}] \Shell\Auto\command - RavMonE.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6344b9a6-dac5-11dd-89ae-0019db4bb42f}] \Shell\Auto\command - RavMonE.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2009-01-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-IPC Configuration Utility - (no file) MSConfigStartUp-braviax - C:\WINDOWS\system32\braviax.exe MSConfigStartUp-Cpl32ver - C:\WINDOWS\System32\Cpl32ver.exe MSConfigStartUp-lphccecj0ep55 - C:\WINDOWS\system32\lphccecj0ep55.exe MSConfigStartUp-msavsc - C:\Program Files\Microsoft Security Adviser\msavsc.exe MSConfigStartUp-msctrl - C:\Program Files\Microsoft Security Adviser\msctrl.exe MSConfigStartUp-msfw - C:\Program Files\Microsoft Security Adviser\msfw.exe MSConfigStartUp-msiemon - C:\Program Files\Microsoft Security Adviser\msiemon.exe MSConfigStartUp-mssadv - C:\DOCUME~1\Administrateur.PNX\Local Settings\Temp\svchost.exe MSConfigStartUp-msscan - C:\Program Files\Microsoft Security Adviser\msscan.exe MSConfigStartUp-net64 - C:\WINDOWS\svhoster.exe MSConfigStartUp-netc - C:\WINDOWS\svc.exe MSConfigStartUp-netsv32 - C:\WINDOWS\sv.exe MSConfigStartUp-netw - C:\WINDOWS\svw.exe MSConfigStartUp-netx - C:\WINDOWS\svx.exe MSConfigStartUp-netzip - C:\WINDOWS\svzip.exe MSConfigStartUp-runsql - C:\WINDOWS\runsql.exe MSConfigStartUp-SMrhc9ecj0ep55 - C:\Program Files\rhc9ecj0ep55\rhc9ecj0ep55.exe MSConfigStartUp-userinit - C:\WINDOWS\system32\ntos.exe MSConfigStartUp-vlc - C:\WINDOWS\vlc.exe MSConfigStartUp-WindowsServicesStartup - C:\DOCUME~1\Administrateur.PNX\Local Settings\Temp\svchost.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur.PNX\Application Data\Mozilla\Firefox\Profiles\u3zl3o87.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 20:28:18 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys] "imagepath"="\systemroot\system32\drivers\TDSSmaxt.sys" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2009-01-10 20:30:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-10 19:30:25 Pre-Run: 20,701,753,344 octets libres Post-Run: 22,431,358,976 octets libres 270 Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:42, on 10/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://400-free.com/1092/fra/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9B39A2F2-EBC6-46A0-BA32-4E837DF8BC81}: NameServer = 192.168.1.1 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe -- End of file - 5063 bytes

Re, J'ai essayer ta manip' mais ça n'a pas marcher Une petite idée m'est venu a l'esprit, modifier le nom de HiJack en effet, seul les exe des programme de protection/nettoyage ne se lance pas Eh la, Bingo! donc voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:15:57, on 10/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\wdmon.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://400-free.com/1092/fra/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [updateWin] C:\WINDOWS\system32\aaaamonh.exe O4 - HKLM\..\RunServices: [updateWin] C:\WINDOWS\system32\aaaamonh.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [updateWin] C:\WINDOWS\system32\aaaamonh.exe O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O4 - HKCU\..\RunServices: [updateWin] C:\WINDOWS\system32\aaaamonh.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9B39A2F2-EBC6-46A0-BA32-4E837DF8BC81}: NameServer = 192.168.1.1 O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe -- End of file - 5377 bytes

Merci pour ta réponse, mais je n'arrive pas à exécuter comboFix Je ne peux plus lancer la plupart des exécutable Si tu as une idée pour le problèmes d'exécutables, je lance comboFix, je met Hijack et je poste le rapport ^^ Merci d'avance, +++

Bonsoir, Je suis actuellement sous xp pro sp2. Depuis hier un petit problème est apparu : pc très lent (surtout firefox...). Et sur google, un lien sur deux m'envoie sur des sites pas très recommandables... Première réaction : je lance un scan on ne sais jamais... Mais la, impossible de lancer un exécutable >_< Je regarde, plus Hijack, et donc impossible de l'installer et de vous fournir un log >_< J'essaye de regarder dans msconfig au cas ou, et la je peux voir quelque truc suspect mais impossible de les déactiver (Me dit d'essayer avec un compte administrateur : Mais c'est moi 'Admin! lol). alors je vous donne les trucs suspects : -aaaamonh (*2) -ntos -wdmon Bon, j'espère que quelqu'un pourra me venir en aide, je vous remercie d'avance! tcao!