impossible de telecharger combofix

[abdel__]

oui pardon

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:02:56, on 26/05/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealJukebox\tsystray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Real\RealOne Player\realplay.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Eraser\eraser.exe

C:\Program Files\Menara\dslmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com

C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\WINDOWS\system32\WINMINE.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\winncgwby.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\kwyppv.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\winkeycd.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bladinet.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealJukeboxSystray] "c:\Program Files\Real\RealJukebox\tsystray.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Online.com

O4 - Startup: Adobe update.com

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{71BA674A-663F-49DA-92FE-8E035C1A530A}: NameServer = 62.251.229.223 62.251.229.237

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

 

--

End of file - 9774 bytes

[Falkra]

Télécharge OTMoveIt3 par OldTimer.

• Enregistre ce fichier sur le Bureau.
  
• Fais un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :processes
  explorer.exe 
  :files
  C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com
  C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com
  c:\autorun.inf
  d:\autorun.inf
  
  :reg 
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
  "DisableTaskMgr"=-
  "DisableRegistryTools"=-
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}]
  
  
  :services
  abp470n5
  
  :commands
  [emptytemp]
  [start explorer]

  
  

• Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  
• Clique sur le bouton rouge Moveit!.
  
• Ferme OTMoveIt3
  
• Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

[abdel__]

voila

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com moved successfully.

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com moved successfully.

c:\Autorun.inf moved successfully.

d:\Autorun.inf moved successfully.

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}\\ deleted successfully.

========== SERVICES/DRIVERS ==========

 

Service\Driver abp470n5 deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\hsperfdata_hp\244 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\kwyppv.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\winkeycd.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\winncgwby.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\xdgwa.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\xrbss.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DF156E.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DF157C.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DF1BEA.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DF1C01.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DF8482.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DF84A6.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DFF453.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\hp\LOCALS~1\Temp\~DFF45F.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH\impossible-de-telecharger-combofix-t163550[4].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH\OTMoveIt3[1].exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\AP_ADV_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\AP_ADV_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\ban_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\BCAWHIGIRCA39QIVTCAE6YGKTCAW04OXQCADBUXNFCAZJ3QTBCAINVAT1CA27L7VJCAPFZOZYCA

X9ZJMTCAOMTU4LCANZIR8HCA5SBNZCCAU324IRCA1GSZBACAJ8CSKBCAUBJ8Q7CACO6D66CAWVBUSVCAL

BLJSK.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\affich-12529924-surabaya[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\download[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\hp[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\rectangle_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\9UI0PGUL\ADSAdClient31[9].txt scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\9UI0PGUL\impossible-de-telecharger-combofix-t163550[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\9UI0PGUL\MsgrConfig[1].asmx scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2b18.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05262009_225321

 

Files moved on Reboot...

File C:\DOCUME~1\hp\LOCALS~1\Temp\hsperfdata_hp\244 not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\kwyppv.exe not found!

C:\DOCUME~1\hp\LOCALS~1\Temp\winkeycd.exe moved successfully.

C:\DOCUME~1\hp\LOCALS~1\Temp\winncgwby.exe moved successfully.

File C:\DOCUME~1\hp\LOCALS~1\Temp\xdgwa.exe not found!

C:\DOCUME~1\hp\LOCALS~1\Temp\xrbss.exe moved successfully.

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DF156E.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DF157C.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DF1BEA.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DF1C01.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DF8482.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DF84A6.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DFF453.tmp not found!

File C:\DOCUME~1\hp\LOCALS~1\Temp\~DFF45F.tmp not found!

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH\impossible-de-telecharger-combofix-t163550[4].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH\OTMoveIt3[1].exe moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\AP_ADV_300x250[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\AP_ADV_728x90[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\ban_728x90[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\TR4SOJY2\BCAWHIGIRCA39QIVTCAE6YGKTCAW04OXQCADBUXNFCAZJ3QTBCAINVAT1CA27L7VJCAPFZOZYCA

X9ZJMTCAOMTU4LCANZIR8HCA5SBNZCCAU324IRCA1GSZBACAJ8CSKBCAUBJ8Q7CACO6D66CAWVBUSVCAL

BLJSK.htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\affich-12529924-surabaya[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\download[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\hp[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\iframe[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\GBM41XKP\rectangle_300x250[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\9UI0PGUL\ADSAdClient31[9].txt moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\9UI0PGUL\impossible-de-telecharger-combofix-t163550[1].htm moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\9UI0PGUL\MsgrConfig[1].asmx moved successfully.

C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_2b18.dat not found!

C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat moved successfully.

[Falkra]

Il y a une infection des supports USB.

 

Télécharge et installe UsbFix (de Chiquitine29 et C_XX) :

• Branche toutes tes sources de données externes (clés USB, disques durs externes, etc...) susceptible d'avoir été infectées, sans les ouvrir.
  
• Fait un double clic sur le raccourci UsbFix présent sur ton bureau .
  
• Choisis l' option 1 ( Recherche )
  
• Laisse travailler l'outil.
  
• Le rapport de recherche va s'ouvrir, poste son contenu dans ta prochaine réponse.
  Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
  ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
  

Note 2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

[abdel__]

############################## [ UsbFix V3.026 | Scan ]

 

# User : hp (Administrateurs) # HP-7E00783F7641

# Update on 26/05/09 by Chiquitine29, C_XX & Chimay8

# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html

# Start at: 23:17:02 | 26/05/2009

 

# Intel® Pentium® 4 CPU 2.60GHz

# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Disabled

 

# A:\ # Lecteur de disquettes 3 ½ pouces

# C:\ # Disque fixe local # 19,53 Go (12,88 Go free) # NTFS

# D:\ # Disque fixe local # 18,75 Go (18,37 Go free) # NTFS

# E:\ # Disque CD-ROM

# F:\ # Disque amovible # 953,73 Mo (951,34 Mo free) [MEGZARI] # FAT

 

############################## [ Processus actifs ]

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealJukebox\tsystray.exe

C:\Program Files\Real\RealOne Player\realplay.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Eraser\eraser.exe

C:\Program Files\Menara\dslmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\winhdrvkn.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\winrxmayv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## [ Registre Startup ]

 

HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"

HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

HKCU_Main: "Start Page"="http://www.bladinet.net/"

HKCU_Main: "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"

HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:78,3e,de,1d,6c,c0,c9,01

HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"

HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

HKLM_logon: "DefaultUserName"="hp"

HKLM_logon: "AltDefaultUserName"="hp"

HKLM_logon: "LegalNoticeCaption"="81u3f4nt45y - 24.01.2007 - Surabaya"

HKLM_logon: "LegalNoticeText"="Surabaya in my birthday

 

HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime

HKLM_Run: RealJukeboxSystray="c:\Program Files\Real\RealJukebox\tsystray.exe"

HKLM_Run: RealTray=C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER

HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKCU_Run: Eraser=C:\Program Files\Eraser\eraser.exe -hide

 

################## [ Fichiers # Dossiers infectieux ]

 

Found ! C:\Thumbs.com

Found ! C:\autorun.inf

Found ! D:\Thumbs.com

Found ! D:\autorun.inf

F:\autorun.inf # -> fichier appelé : "F:\ naat.pif" ( absent ! )

Found ! F:\Thumbs.com

Found ! F:\autorun.inf

Found ! F:\naat.pif

 

################## [ Registre # Clés Run infectieuses ]

 

Found ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )

Found ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center "FirewallOverride" ( 0x1 )

Found ! HKLM\software\microsoft\security center "UacDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center\Svc "AntiVirusDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center\Svc "AntiVirusOverride" ( 0x1 )

Found ! HKLM\software\microsoft\security center\Svc "FirewallDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center\Svc "FirewallOverride" ( 0x1 )

Found ! HKLM\software\microsoft\security center\Svc "UacDisableNotify" ( 0x1 )

Found ! HKLM\software\microsoft\security center\Svc "UpdatesDisableNotify" ( 0x1 )

Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System "DisableRegistryTools" ( 0x1 )

Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System "DisableTaskMgr" ( 0x1 )

 

################## [ Registre # Mountpoints2 ]

 

HKCU\...\Explorer\MountPoints2\{7926b52a-980b-11dd-be1b-806d6172696f}\Shell\Auto\Command

HKCU\...\Explorer\MountPoints2\{7926b52a-980b-11dd-be1b-806d6172696f}\Shell\AutoRun\Command

HKCU\...\Explorer\MountPoints2\{7926b52b-980b-11dd-be1b-806d6172696f}\Shell\Auto\Command

HKCU\...\Explorer\MountPoints2\{7926b52b-980b-11dd-be1b-806d6172696f}\Shell\AutoRun\Command

HKCU\...\Explorer\MountPoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}\Shell\Auto\Command

HKCU\...\Explorer\MountPoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}\Shell\AutoRun\Command

 

################## [ Informations # Fichier Suspect ]

 

 

################## [ Cracks # Keygens # Serials ]

 

# -> Nothing found !

 

################## [ ! Fin du rapport # UsbFix V3.026 ! ]

[Falkra]

Ok, en fait ton sujet est déjà pris en charge ailleurs, et par quelqu'un que je connais.

 

Tu aurais pu le signaler, je te l'ai demandé...

 

Continue là bas.

[abdel__]

salut , faut savoir que ce qlq d'ailleurs dont vous venez de me parler ! ne me repond pas regulierement ! et voila maintenant plus de deux semaines qu'on essaye de reoudre le probleme ! et rien n'a changer!!!! donc moi je prefere continuer avec vous , n'empeche je suis tres reconnaissant a -lyonnais-. merci de bien vouloir accepter mon choix

[abdel__]

a moins que vous seriez la meme personne !!!! je me permet de vous dire que ce site te va tres bien !!! lol

[Falkra]

Si le sujet est plus avancé sur CCM, c'est là bas qu'il faut voir, avec le helper en question.

 

Si on est deux à donner des instructions en même temps, on télescope nos instructions et ça ne donne rien de bon pour la machine.