Ramon64

Bonjour, j'ai bien lu et relu ce qu'il était possible de faire mais je n'y arrive pas. Je suis sous XP et Mozilla. Internet Explorer a disparu. Le message d'alerte est conforme au titre, et le petit bouclier vert est dans la barre des tâches. Avast a laissé passé...un site immobilier. Je ne peux rien faire en mode normal. Je ne peux pas télécharger dans le bureau...je télécharge sur une clé USB à partir d'un autre ordinateur. J'ai ainsi essayé:Spyware Doctor, Malwarebytes, Smitfraudfix, Combofix. Certains acceptent de fonctionner en mode sans échec comme Combofix, mais l'infection est toujours là... A votre bon coeur...Merci. Voici le rapport de Combofix...qui recommande de l'envoyer à Zébulon. ComboFix 10-04-21.01 - Administrateur 23/04/2010 0:09.1.1 - x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.509.392 [GMT 2:00] Lancé depuis: c:\documents and settings\User\Mes documents\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100422-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur\Application Data\Desktopicon c:\documents and settings\Administrateur\Application Data\Desktopicon\eBayShortcuts.exe c:\windows\asam.exe c:\windows\pack.epk c:\windows\system32\qjgufs.dat c:\windows\system32\qjgufs_navup.dat c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-22 au 2010-04-22 )))))))))))))))))))))))))))))))))))) . 2010-04-22 20:16 . 2010-04-22 20:16 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2010-04-22 20:16 . 2010-04-22 20:16 -------- d-sh--w- c:\documents and settings\Administrateur\IECompatCache 2010-04-22 20:15 . 2010-04-22 20:15 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-04-22 19:20 . 2010-04-22 19:20 -------- d-----w- c:\program files\trend micro 2010-04-22 19:20 . 2010-04-22 19:20 -------- d-----w- C:\rsit 2010-04-22 17:24 . 2010-04-22 17:24 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-04-22 17:23 . 2010-04-22 17:23 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-04-22 13:21 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-22 13:21 . 2010-04-22 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-22 13:21 . 2010-04-22 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-22 13:21 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-22 11:47 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-04-22 11:46 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-04-22 11:46 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-04-22 11:46 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-04-22 11:46 . 2010-04-22 16:46 -------- d-----w- c:\program files\Spyware Doctor 2010-04-22 11:46 . 2010-04-22 11:47 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2010-04-22 11:46 . 2010-04-22 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-04-22 11:45 . 2010-04-22 20:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-22 09:46 . 2010-04-22 09:46 61184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\syssvc.exe 2010-04-22 09:44 . 2010-04-22 09:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\momsnqkkw 2010-04-22 09:22 . 2010-04-22 09:22 131584 --sha-r- c:\windows\system32\qedit4.dll 2010-04-12 21:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-05 21:10 . 2010-04-05 21:10 -------- d--h--w- c:\windows\msdownld.tmp 2010-04-05 21:01 . 2010-04-05 21:05 -------- dc-h--w- c:\windows\ie8 2010-04-05 20:31 . 2010-04-05 20:31 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-22 20:49 . 2009-04-17 19:06 -------- d-----w- c:\program files\SPAMfighter 2010-04-22 18:47 . 2009-07-18 09:04 -------- d-----w- c:\program files\Unlocker 2010-04-12 14:31 . 2008-12-13 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD 2010-04-09 03:22 . 2003-08-04 10:10 48814 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-09 03:22 . 2003-08-04 10:10 367896 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-10 06:16 . 2003-08-04 10:10 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:17 . 2003-08-04 10:10 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2003-08-04 10:10 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:07 . 2003-08-04 10:10 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2002-08-29 11:42 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 23:43 . 2010-02-13 23:43 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe 2010-02-13 23:43 . 2010-02-13 23:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe 2010-02-13 23:43 . 2010-02-13 23:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-02-13 23:43 . 2010-02-13 23:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe 2010-02-13 23:37 . 2010-02-13 23:44 34503960 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_fre_web.exe 2010-02-12 04:34 . 2003-08-04 10:10 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-08-04 10:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-06-13 114688] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4612096] "SigmaTel StacMon"="c:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 45056] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-06-23 1171456] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-09-09 77824] "Pop-Up Stopper"="c:\program files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-13 868352] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "ooexlswj"="c:\documents and settings\User\Local Settings\Application Data\momsnqkkw\jctlfyxtssd.exe" [2010-04-22 272128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/04/2010 13:46 218592] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [30/10/2002 15:10 71961] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/04/2008 15:15 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2008 15:15 20560] S3 A4501A;802.11g Wireless USB Adapter Driver;c:\windows\system32\drivers\A4501A.sys [18/11/2006 10:38 349728] S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [04/08/2003 13:26 156288] . Contenu du dossier 'Tâches planifiées' 2010-04-22 c:\windows\Tasks\User_Feed_Synchronization-{727423EB-6B9C-4274-BBE5-945167C6A48E}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Examen supplémentaire ------- . DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} - hxxp://jacobeo.navarra.es/Scene_3D/plugin/gvista3_0_13_1.cab DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yioe75wi.default\ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-asam - c:\windows\asam.exe AddRemove-Uninstall Presto! BizCard Fre - c:\program files\NewSoft\Presto! BizCard Fre\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-23 00:17 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1387224051-2659775659-1276040872-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,8b,e8,aa,89,55,03,44,82,7e,fe,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,8b,e8,aa,89,55,03,44,82,7e,fe,\ . Heure de fin: 2010-04-23 00:21:31 ComboFix-quarantined-files.txt 2010-04-22 22:21 Avant-CF: 11 555 520 512 octets libres Après-CF: 11 660 951 552 octets libres - - End Of File - - A1C9B0D9E3DE51CAC51FB642D2ABA071