Aller au contenu

steph.paca

Membres
  • Compteur de contenus

    12
  • Inscription

  • Dernière visite

Tout ce qui a été posté par steph.paca

  1. je tenais à revenir sur ce forum, après un black out de plusieurs mois lié à un décès dans ma famille, pour remercier tous les membres qui m'ont donnés leurs conseils afin d'éliminer le virus présent sur mon ordi. votre aide, gratuite et dénuée d'intérêt, m'a été très précieuse et la moindre des chose était de vous remercier, en particulier angélique, qui s'est véritablement investie afin de me dépanner. ne pouvant partir comme un voleur, je souhaite donc exprimer toute ma reconnaissance à angélique pour son aide très efficace.
  2. voici le nouveau rapport combofix, mais j'ai besoin que tu m'explique mieux comment trouver et envoyer le zip qoobox stp. merci d'avance: ComboFix 09-04-25.A1 - Administrateur 25/04/2009 15:40.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1024.686 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) FW: ZoneAlarm Firewall *disabled* * Un nouveau point de restauration a été créé FILE :: c:\windows\Internet Logs\xDB3.tmp c:\windows\Internet Logs\xDB4.tmp c:\windows\Internet Logs\xDB5.tmp c:\windows\Internet Logs\xDB6.tmp c:\windows\Internet Logs\xDB7.tmp c:\windows\Internet Logs\xDB8.tmp c:\windows\Internet Logs\xDB9.tmp c:\windows\system32\drivers\fntjsiih.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Internet Logs\xDB3.tmp c:\windows\Internet Logs\xDB4.tmp c:\windows\Internet Logs\xDB5.tmp c:\windows\Internet Logs\xDB6.tmp c:\windows\Internet Logs\xDB7.tmp c:\windows\Internet Logs\xDB8.tmp c:\windows\Internet Logs\xDB9.tmp c:\windows\system32\drivers\fntjsiih.sys c:\windows\system32\tnvcyftpiyhfmcgu.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KJMQRFRC ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-25 au 2009-4-25 )))))))))))))))))))))))))))))))))))) . 2009-04-08 21:25 . 2009-04-08 21:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-04-08 21:25 . 2009-04-08 21:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-04-08 21:25 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll 2009-04-08 21:16 . 2009-04-08 21:16 -------- d-----w c:\program files\Fichiers communs\PCSuite 2009-04-08 21:16 . 2009-04-08 21:16 -------- d-----w c:\program files\Fichiers communs\Nokia 2009-04-08 21:15 . 2009-04-08 21:15 -------- d-----w c:\program files\PC Connectivity Solution 2009-04-08 21:14 . 2008-09-15 05:56 8064 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-04-08 21:14 . 2008-09-15 05:56 8064 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys 2009-04-08 21:14 . 2008-09-15 05:56 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys 2009-04-08 21:14 . 2008-09-15 05:56 659968 ----a-w c:\windows\system32\nmwcdcocls.dll 2009-04-08 21:14 . 2008-09-15 05:56 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys 2009-04-08 21:14 . 2008-09-15 05:29 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-04-08 21:14 . 2009-04-08 21:16 -------- d-----w c:\program files\Nokia 2009-04-07 13:53 . 2009-04-07 13:53 -------- d-----w C:\_OTMoveIt 2009-03-26 14:59 . 2009-03-26 14:59 -------- d-----w C:\COlaF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-25 13:48 . 2009-03-24 15:07 19095584 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-25 13:45 . 2009-03-24 15:07 224804 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-24 23:40 . 2008-11-02 11:52 -------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss 2009-04-24 15:17 . 2008-05-02 20:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-24 01:15 . 2009-04-24 07:53 299008 ----a-w c:\windows\Internet Logs\xDBA.tmp 2009-04-23 23:38 . 2008-05-01 09:07 -------- d-----w c:\program files\RamBoost XP 2009-04-22 10:14 . 2008-04-30 15:35 20416 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-09 22:38 . 2008-03-01 09:36 -------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2 2009-04-08 21:26 . 2001-10-02 16:17 63854 ----a-w c:\windows\system32\perfc00C.dat 2009-04-08 21:26 . 2001-10-02 16:17 445434 ----a-w c:\windows\system32\perfh00C.dat 2009-04-08 21:19 . 2009-04-08 21:19 1939786 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-08 21:13 . 2008-09-04 20:21 -------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-04-08 09:50 . 2008-04-30 20:22 -------- d-----w c:\program files\Java 2009-04-05 19:26 . 2008-05-21 19:09 -------- d-----w c:\program files\Shareaza 2009-03-17 13:23 . 2009-03-17 13:23 -------- d-----r c:\documents and settings\Administrateur\Application Data\Brother 2009-03-17 13:14 . 2008-05-08 23:04 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-17 13:14 . 2009-03-17 13:14 196608 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-03-17 13:14 . 2009-03-17 13:14 1391616 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-03-17 11:24 . 2009-03-17 10:18 -------- d-----w c:\documents and settings\Administrateur\Application Data\HouseCall 6.6 2009-03-09 03:19 . 2008-12-12 09:58 410984 -c--a-w c:\windows\system32\deploytk.dll 2009-03-02 13:55 . 2009-03-02 13:55 -------- d-----w c:\documents and settings\Administrateur\Application Data\Blender Foundation 2009-02-20 10:35 . 2009-02-20 10:32 4212 ---h--w c:\windows\system32\zllictbl.dat 2008-09-22 15:27 . 2008-09-22 15:27 137 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2008-08-27 23:03 . 2008-05-04 10:37 47360 -c--a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2008-05-05 11:15 . 2008-05-05 11:15 774144 -c--a-w c:\program files\RngInterstitial.dll 2008-07-11 09:19 . 2008-07-11 09:19 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071120080712\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-22_10.08.17 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-25 13:48 . 2009-04-25 13:48 16384 c:\windows\Temp\Perflib_Perfdata_88.dat + 2008-02-29 15:40 . 2001-10-02 16:16 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat + 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat + 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Contr“leur d'‚tat.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-7-30 802816] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "aux2"= sysaudio.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54926:UDP"= 54926:UDP:brother scanner R3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:\windows\system32\DRIVERS\k310bus.sys [2006-03-10 60800] R3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k310mdfl.sys [2006-03-10 9264] R3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k310mdm.sys [2006-03-10 96352] R3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k310mgmt.sys [2006-03-10 87824] R3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k310obex.sys [2006-03-10 85696] R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-11-15 34064] . Contenu du dossier 'Tâches planifiées' 2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2111687655-842925246-500.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 21:35] 2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{8BB608C8-000D-49F1-BA8A-63A8EB074385}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: secuser.com\www TCP: {16C951AC-F4C8-412E-AD7A-02CECD27A94F} = 208.67.220.220,208.67.222.222 FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-25 15:49 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2348) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\WgaTray.exe c:\windows\system32\brss01a.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\windows\system32\wscntfy.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Heure de fin: 2009-04-25 15:54 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-25 13:54 ComboFix2.txt 2009-04-22 10:13 ComboFix3.txt 2009-03-24 15:32 Avant-CF: 8 712 130 560 octets libres Après-CF: 8 703 086 592 octets libres 203 --- E O F --- 2008-12-13 02:04
  3. voici, angélique, le rapport combofix suivit de celui d'hijackthis: ComboFix 09-04-22.A2 - Administrateur 22/04/2009 11:56.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1024.715 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *disabled* * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\cnetcf.dll c:\windows\system32\drivers\kjmqrfrc.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur\Application Data\Microsoft\SystemCertificates\Request c:\windows\system32\drivers\kjmqrfrc.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KJMQRFRC -------\Service_kjmqrfrc ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-22 au 2009-04-22 )))))))))))))))))))))))))))))))))))) . 2009-04-08 21:25 . 2009-04-08 21:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-04-08 21:25 . 2009-04-08 21:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-04-08 21:25 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll 2009-04-08 21:16 . 2009-04-08 21:16 -------- d-----w c:\program files\Fichiers communs\PCSuite 2009-04-08 21:16 . 2009-04-08 21:16 -------- d-----w c:\program files\Fichiers communs\Nokia 2009-04-08 21:15 . 2009-04-08 21:15 -------- d-----w c:\program files\PC Connectivity Solution 2009-04-08 21:14 . 2008-09-15 05:56 8064 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-04-08 21:14 . 2008-09-15 05:56 8064 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys 2009-04-08 21:14 . 2008-09-15 05:56 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys 2009-04-08 21:14 . 2008-09-15 05:56 659968 ----a-w c:\windows\system32\nmwcdcocls.dll 2009-04-08 21:14 . 2008-09-15 05:56 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys 2009-04-08 21:14 . 2008-09-15 05:29 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-04-08 21:14 . 2009-04-08 21:16 -------- d-----w c:\program files\Nokia 2009-04-07 13:53 . 2009-04-07 13:53 -------- d-----w C:\_OTMoveIt 2009-03-26 14:59 . 2009-03-26 14:59 -------- d-----w C:\COlaF 2009-03-24 15:07 . 2009-04-22 10:08 17154080 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-24 15:07 . 2009-04-22 10:03 202028 --sha-w c:\windows\system32\drivers\fidbox.idx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 09:57 . 2001-10-02 16:16 23424 ----a-w c:\windows\system32\drivers\fntjsiih.sys 2009-04-22 00:14 . 2009-04-22 07:31 591872 ----a-w c:\windows\Internet Logs\xDB8.tmp 2009-04-22 00:14 . 2009-04-22 07:31 1540608 ----a-w c:\windows\Internet Logs\xDB9.tmp 2009-04-21 16:59 . 2008-11-02 11:52 -------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss 2009-04-21 12:12 . 2008-05-02 20:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-18 02:04 . 2009-04-18 08:37 1980928 ----a-w c:\windows\Internet Logs\xDB7.tmp 2009-04-16 08:09 . 2008-05-01 09:07 -------- d-----w c:\program files\RamBoost XP 2009-04-12 00:59 . 2009-04-12 06:15 1517056 ----a-w c:\windows\Internet Logs\xDB6.tmp 2009-04-09 22:38 . 2008-03-01 09:36 -------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2 2009-04-08 21:26 . 2001-10-02 16:17 63854 ----a-w c:\windows\system32\perfc00C.dat 2009-04-08 21:26 . 2001-10-02 16:17 445434 ----a-w c:\windows\system32\perfh00C.dat 2009-04-08 21:19 . 2009-04-08 21:19 1939786 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-08 21:13 . 2008-09-04 20:21 -------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-04-08 09:50 . 2008-04-30 20:22 -------- d-----w c:\program files\Java 2009-04-05 19:26 . 2008-05-21 19:09 -------- d-----w c:\program files\Shareaza 2009-04-02 00:13 . 2009-04-02 08:29 918528 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-04-02 00:13 . 2009-04-02 08:29 1461248 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-03-26 03:09 . 2009-03-26 09:58 987648 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-03-17 13:23 . 2009-03-17 13:23 -------- d-----r c:\documents and settings\Administrateur\Application Data\Brother 2009-03-17 13:14 . 2008-05-08 23:04 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-17 13:14 . 2009-03-17 13:14 196608 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-03-17 13:14 . 2009-03-17 13:14 1391616 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-03-17 11:24 . 2009-03-17 10:18 -------- d-----w c:\documents and settings\Administrateur\Application Data\HouseCall 6.6 2009-03-09 03:19 . 2008-12-12 09:58 410984 -c--a-w c:\windows\system32\deploytk.dll 2009-03-02 13:55 . 2009-03-02 13:55 -------- d-----w c:\documents and settings\Administrateur\Application Data\Blender Foundation 2009-02-20 10:35 . 2009-02-20 10:32 4212 ---h--w c:\windows\system32\zllictbl.dat 2009-01-28 10:48 . 2008-11-08 10:18 48274 -c--a-w c:\windows\system32\tnvcyftpiyhfmcgu.exe 2008-09-22 15:27 . 2008-09-22 15:27 137 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2008-08-27 23:03 . 2008-05-04 10:37 47360 -c--a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2008-08-06 21:37 . 2008-04-30 15:35 20024 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-05-05 11:15 . 2008-05-05 11:15 774144 -c--a-w c:\program files\RngInterstitial.dll 2008-07-11 09:19 . 2008-07-11 09:19 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071120080712\index.dat . ------- Sigcheck ------- [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2005-07-18 16:14 359936 3C6E2F1F8BA768D1A5B033FB9429F242 c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Contr“leur d'‚tat.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-7-30 802816] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "aux2"= sysaudio.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54926:UDP"= 54926:UDP:brother scanner R3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:\windows\system32\DRIVERS\k310bus.sys [2006-03-10 60800] R3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k310mdfl.sys [2006-03-10 9264] R3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k310mdm.sys [2006-03-10 96352] R3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k310mgmt.sys [2006-03-10 87824] R3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k310obex.sys [2006-03-10 85696] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - KJMQRFRC . Contenu du dossier 'Tâches planifiées' 2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2111687655-842925246-500.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 21:35] 2009-04-21 c:\windows\Tasks\User_Feed_Synchronization-{8BB608C8-000D-49F1-BA8A-63A8EB074385}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: secuser.com\www TCP: {16C951AC-F4C8-412E-AD7A-02CECD27A94F} = 208.67.220.220,208.67.222.222 FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\2s1hly8l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/search?q=un+message+de+spyware+bloque+google&hl=fr&client=firefox-a&channel=s&rls=org.mozilla:fr:official&start=10&sa=N FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 12:07 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1872) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\WgaTray.exe c:\windows\system32\brss01a.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-04-22 12:13 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-22 10:13 ComboFix2.txt 2009-03-24 15:32 Avant-CF: 3 271 954 432 octets libres Après-CF: 3 287 572 480 octets libres 214 --- E O F --- 2008-12-13 02:04 HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:26, on 22/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8684 bytes j'ai l'impression que la ligne que tu m'avais spécifier à disparue!!
  4. j'ai tenter de suivre tes instructions, mais un new problème: quand je fais glisser SFCript sur COLaF.exe, on m'indique que je ne peux pas renommer combofix en COLaF, que je dois changer le nom, de préférence des caractères alphanumériques!! à la la, il faut de la patience.
  5. désolé tout d'abord pour ce black out, une absence de qlques jours. voici donc le log de OTMoveIt que tu m'a demander: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== REGISTRY ========== Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000FA9D3-68FB-426A-9565-D0843AA55322}\\ . ========== COMMANDS ========== File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mgsaydoc.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_404.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT028c8.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT028cb.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04072009_155358 et le nouveau rapport hijackthis (apparement la ligne BOH (no name) y figure toujours: merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13:50, on 07/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Documents and Settings\Administrateur\Bureau\OTMoveIt3.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: (no name) - {000FA9D3-68FB-426A-9565-D0843AA55322} - C:\WINDOWS\system32\cnetcf.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Administrateur\Bureau\OTMoveIt3.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8460 bytes
  6. voilà, angélique, j'ai nettoyé avec ATF cleaner et supprimé combofix. je ne peux pas supprimer la ligne BHO(no name)........que tu m'a indiquer ds hijackthis: hijackthis is about to remove a BHO and the corresponding file from your system . close all internet explorer windows and all windows explorer windows before continuing for the best chance of success. j'ai donc fermé internet et mes applications connectées au net, mais le résultat est tjrs le même. en supprimant C:\program files\trent micro\hijackthis\backups, celà vat-il m'enlever hijackthis de l'ordi??
  7. concernant la suppression d'ad aware, comme je te l'ai signaler dans mon premier post, je ne peux pas le supprimer( comme sony pc suite d'ailleurs) avec le panneau de configuration. tjrs le même message: erreur irrécupérable lors de l'installation, erreur 1327 lecteur f non valide.(je ne sais pas ou ils m'ont trouver un lecteur f)
  8. merci angelique, j'avoue que je nage un peu pour ce nouveau scan, je préfère donc te poster les 2 tableaux: Scan taken on 24 Mar 2009 19:16:59 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Quick Heal Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Last file scanned at least one scanner reported something about: infected.javavm.exe (MD5: 543062f19c468e7bf5769f2156907b32, size: 648500 bytes), detected by: Scanner Malware name A-Squared Riskware.Server-FTP.Win32.Serv-U!IK AntiVir APPL/Servu.648500 ArcaVir X Avast X AVG Antivirus ServU.DF BitDefender Generic.ServU.746B1165 ClamAV Trojan.Servu.1 CPsecure Server-FTP.W32.Serv-U.gen Dr.Web BackDoor.Servu.76 F-Prot Antivirus X F-Secure Anti-Virus not-a-virus:Server-FTP.Win32.Serv-U.gen (6, 2, 607) Ikarus not-a-virus:Server-FTP.Win32.Serv-U Kaspersky Anti-Virus not-a-virus:Server-FTP.Win32.Serv-U.gen NOD32 a variant of Win32/ServU-Daemon application Norman Virus Control X Panda Antivirus Application/ServUBased.BE Quick Heal X Sophos Antivirus Mal/EncPk-BA VirusBuster Packed/MEW VBA32 Backdoor.XiaoBird.29 (paranoid heuristics) puis le nouveau scan hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:31:56, on 24/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: (no name) - {000FA9D3-68FB-426A-9565-D0843AA55322} - C:\WINDOWS\system32\cnetcf.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8263 bytes j'ai l'impression qu'internet marche bcp mieux !!
  9. voilà, j'ai fait ce que tu m'a dis, angélique, et ai fixchecked les entrées signalées sur hijackthis. j'ai de plus pu scanner, avec combofix, grâce au lien d'apollo(merci à toi). voici le log: ComboFix 09-03-23.01 - Administrateur 2009-03-24 16:12:37.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1024.572 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\COlaF.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *disabled* . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur\Application Data\inst.exe c:\windows\patch.exe c:\windows\system32\drivers\UACextetiql.sys c:\windows\system32\ntnet.drv c:\windows\system32\UACamecbqbr.dll c:\windows\system32\UAChxdottll.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACmcnwcqwh.log c:\windows\system32\UACnvmqlhyi.dat c:\windows\system32\UACpaetfcxy.log c:\windows\system32\UACqwbutobw.dll c:\windows\system32\UACudovdbos.dll c:\windows\system32\UACvxfmfdpu.dll c:\windows\system32\UACwabrqrwd.log c:\windows\system32\wini101956.exe H:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_BOONTY_GAMES -------\Legacy_WUAUSERVNTLMSSP -------\Service_Boonty Games -------\Service_wuauservNtLmSsp ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-24 au 2009-03-24 )))))))))))))))))))))))))))))))))))) . 2009-03-24 16:07 . 2009-03-24 16:27 149,536 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-24 16:07 . 2009-03-24 16:22 2,756 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-18 11:16 . 2009-03-18 11:18 <REP> d-------- c:\windows\system32\NtmsData 2009-03-17 14:23 . 2009-03-17 14:23 <REP> dr------- c:\documents and settings\Administrateur\Application Data\Brother 2009-03-17 14:22 . 2009-03-17 14:22 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2009-03-17 11:18 . 2009-03-17 12:24 <REP> d-------- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6 2009-03-13 12:52 . 2009-03-13 12:52 <REP> d--h----- c:\windows\system32\GroupPolicy 2009-03-02 14:55 . 2009-03-02 14:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Blender Foundation . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-24 11:10 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-23 11:30 --------- d-----w c:\program files\RamBoost XP 2009-03-20 12:45 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2 2009-03-17 13:14 196,608 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-03-17 13:14 1,391,616 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-03-17 13:14 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-16 17:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss 2009-02-20 10:32 --------- d-----w c:\program files\Zone Labs 2009-02-20 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier 2009-02-18 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 19:27 --------- d-----w c:\program files\WinPcap 2009-01-31 12:54 --------- d-----w c:\program files\VideoLAN 2009-01-28 10:48 48,274 -c--a-w c:\windows\system32\tnvcyftpiyhfmcgu.exe 2008-08-27 23:03 47,360 -c--a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2008-05-05 11:15 774,144 -c--a-w c:\program files\RngInterstitial.dll 2008-07-11 09:19 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071120080712\index.dat . ------- Sigcheck ------- 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys 2005-07-18 17:14 359936 3c6e2f1f8ba768d1a5b033fb9429f242 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Contr“leur d'‚tat.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-07-30 802816] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "aux2"= sysaudio.sys [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54926:UDP"= 54926:UDP:brother scanner R0 kjmqrfrc;kjmqrfrc;c:\windows\system32\drivers\kjmqrfrc.sys [2001-10-02 23424] S3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:\windows\system32\drivers\k310bus.sys [2008-09-22 60800] S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:\windows\system32\drivers\k310mdfl.sys [2008-09-24 9264] S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:\windows\system32\drivers\k310mdm.sys [2008-09-24 96352] S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k310mgmt.sys [2008-09-24 87824] S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;c:\windows\system32\drivers\k310obex.sys [2008-09-24 85696] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-15 34064] . Contenu du dossier 'Tâches planifiées' 2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{8BB608C8-000D-49F1-BA8A-63A8EB074385}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{000FA9D3-68FB-426A-9565-D0843AA55322} - c:\windows\system32\cnetcf.dll HKU-Default-RunOnce-XPPro4.0 - c:\windows\REG\run.cmd . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: secuser.com\www TCP: {16C951AC-F4C8-412E-AD7A-02CECD27A94F} = 208.67.220.220,208.67.222.222 FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\2s1hly8l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/search?q=un+message+de+spyware+bloque+google&hl=fr&client=firefox-a&channel=s&rls=org.mozilla:fr:official&start=10&sa=N FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 16:25:45 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\WgaTray.exe c:\windows\system32\brss01a.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-03-24 16:31:54 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-24 15:31:42 Avant-CF: 28,972,396,544 octets libres Après-CF: 29,052,862,464 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 199 --- E O F --- 2008-12-13 02:04:50
  10. nouvelle tentative pour ouvrir combofix, mais le raccourci ne répond pas. dois-je renommer par colaf.exe avant l'enregistrement sur le bureau? sinon, y a t-il un moyen de l'ouvrir autrement, par le local setting par exemple? merci
  11. Merci pour ton aide, angelique. voici dans un premier temps le rapport hijackthis. j'ai retéléchargé combofix grâce à l'un de tes liens, car le raccourci bureau de combo que j'ai télécharger hier ne marche pas. ce n'est d'ailleurs pas le seul raccourci qui ne fonctionne pas(ou plus). je tente d'ouvrir combofix afin de te poster le rapport. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19:39, on 24/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: (no name) - {000FA9D3-68FB-426A-9565-D0843AA55322} - C:\WINDOWS\system32\cnetcf.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5737ad02-a449-fb65-84d3-7b61b808e77c} - (no file) O2 - BHO: (no name) - {70A2B550-C35D-9FBC-752B-AF4F0BF7EE94} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user') O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{16C951AC-F4C8-412E-AD7A-02CECD27A94F}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: karna.dat O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Mises à jour automatiques wuauservNtLmSsp (wuauservNtLmSsp) - Unknown owner - C:\WINDOWS\system32\wpv8759.cpx.exe (file missing) -- End of file - 9492 bytes
  12. bonjour à tous, je viens de m'inscrire sur ce forum car, étant novice en informatique, j'ai besoin d'aide car mon ordi est actuellement infecté. je suis rediriger vers d'autres sites lors d'une recherche google, j'ai hijackthis mais pas assez caler pour m'en servir. je souhaite utiliser combofix, mais attendrais vos instructions pour m'en servir. en antivirus, j'ai la version gratuite antivir, zonealarm en pare-feu et spybot pour les spywares. lorsque je scan avec spybot, il me trouve chaque fois une vingtaines de trojans, mais surtout "microsoft.windowssecuritycenter_disabled" HKEY_LOCAL_MACHINE\SYSTEM\currentcontrol( modification du registre). je scan actuellement tous le jrs et les mêmes problèmes réapparaissent. de plus, je ne peux plus supprimer mes programmes par le panneau de conf. à chaque foix les mêmes messages: erreur irrémédiable lors de l'installation et lecteur f non valide( alors que je n'ai pas de lecteur f). sans parler du message d'erreur d'ad aware(que je cherche à supprimer) à chaque ouverture de l'ordi: aawservice.exe an unhandled exeption occured at 0x7C812AEB in aawservice.exe exeption code:0xe06d7363. lorsque je tente une connexion par firefox, le message" spyware terminator bloque antivir"(ou google). mais je n'ai jamais téléchargé spyware terminator. le plus inquiétant étant le bug système, apparut plusieurs fois, style grand écran bleu me demandant de désactiver les options mémoire du BIOS, telle que la mémoire mise en cache ou l'ombrage...et qui m'oblige à arrêter l'ordi en débranchant la prise!! voilà les principaux symptomes, en espérant pouvoir bénéficier de votre aide. merci à tous.
×
×
  • Créer...