Virus msn insaissable!

Pook -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Besoin d'un peu d'aide... Je pense être infectée via MSN qui envoie continuellement des messages à mes contacts (pas grave mais gavant pour tout le monde) mais aucun outil ne le détecte. J'ai essayé un scan classique via avast, un scan en ligne kaspersky, cc cleaner, maleware, msn fix, clean virus msn et j'en passe!!! En gros help!

Merci d'avance,

P.
Configuration: Windows Vista Internet Explorer 7.0

9 réponses

  1. Pook
     
    Alors personne? Siou plait.... une bonne âme!!!
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  3. Pook
     
    Bonjour,

    Merci de ta réponse mais le programme ne fonctionne pas... Quand je l'enregistre sur le bureau et que je veux l'exécuter un message me dit que RSIT. exe n'est pas une apllication win32 valide et quand j'exécute directement, le programme se lance mais au bout d'un certain temps un message me dit "error: subscript used with non-Array variable" et tout s'arrête! Que faire?

    Merci,

    P.
    0
  4. Pook
     
    Re

    Bon en fait j'ai récupérer ça (un seul texte):

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by thomas at 2009-05-28 12:54:39
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 114 GB (51%) free of 226 GB
    Total RAM: 2046 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:54:47, on 28/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28BWIEJS\RSIT[1].exe
    C:\Program Files\trend micro\thomas.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il manque la fin

    mets la svp

    puis vire avast car si tu mets deux antivirus l'ordi plante: comme ceci:
    https://www.avast.com/fr-fr/uninstall-utility

    puis

    Telecharge FindyKill sur ton bureau :

    --> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    --> Lance l installation avec les parametres par default

    --> Double clic sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

    manuel ici :
    http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_recherche.html
    0
  7. Pook
     
    Slt,

    En ce qui concerne le rapport RSIT je n'ai vraiment que ça... même en essayant de le désinstaller ou de le lancer en mode sans échec, il s'arrête en cours et ne me donne que ça. Pour ce qui est du rapport FindyKill voici :

    ############################## [ FindyKill V4.730 ]

    # User : thomas (Administrateurs) # PC-DE-THOMAS
    # Update on 25/05/09 by Chiquitine29
    # Start at: 11:30:51 | 29/05/2009
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled
    # AV : avast! antivirus 4.8.1229 [VPS 081128-0] 4.8.1229 [ (!) Disabled | Updated ]

    # C:\ # Disque fixe local # 221,16 Go (111,39 Go free) # NTFS
    # D:\ # Disque fixe local # 11,73 Go (1,55 Go free) [HP_RECOVERY] # NTFS
    # E:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    ################## [ Fichiers / Dossiers infectieux ]

    ################## [ Infected Temp Files ]

    ################## [ Registre / Clés infectieuses ]

    ################## [ Recherche dans supports amovibles]

    ################## [ Registre / Mountpoints2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.730 ! ]
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire AVG antispyware qui ne sera plus mis a jour
    et garde que spybot et malwarebyte

    puis

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  9. Pook
     
    Bonsoir,

    Voilà, j'ai viré avast et suivi toutes les instructions. Voici le rapport de ComboFix (merci encore) :

    Lancé depuis: c:\users\thomas\Desktop\ComboFix.exe
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    PEV Error: LocalAppDataFile
    PEV Error: LocalAppDataFolder
    PEV Error: LocalSettingsFile

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\KBL.LOG
    D:\Desktop.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-29 09:24 . 2009-05-29 09:31 -------- d-----w C:\FindyKill
    2009-05-28 23:31 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{480BA1C2-21B2-476C-85B4-11DCE92C79B2}\mpengine.dll
    2009-05-28 10:45 . 2009-05-29 23:05 -------- d-----w c:\program files\trend micro
    2009-05-28 10:45 . 2009-05-28 10:45 -------- d-----w C:\rsit
    2009-05-26 19:20 . 2009-05-26 19:20 -------- d-----w c:\program files\AxBx
    2009-05-26 19:00 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
    2009-05-26 19:00 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 19:00 . 2009-05-26 19:00 -------- d-----w c:\programdata\Avira
    2009-05-26 19:00 . 2009-05-26 19:00 -------- d-----w c:\program files\Avira
    2009-05-19 13:35 . 2009-05-19 13:35 -------- d-----w c:\program files\CapAlpha
    2009-05-10 14:12 . 2009-05-10 14:12 -------- d-----w c:\windows\Sun
    2009-05-10 12:22 . 2009-05-10 12:22 -------- d-----w c:\windows\system32\Kaspersky Lab
    2009-05-04 07:29 . 2009-05-04 07:29 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-05-01 16:48 . 2009-05-01 16:48 -------- d-----w c:\program files\JRE
    2009-05-01 16:48 . 2009-05-01 16:48 -------- d-----w c:\program files\OpenOffice.org 3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-29 22:55 . 2007-10-24 15:43 669566 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-29 22:55 . 2007-10-24 15:43 123556 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-29 22:51 . 2009-02-01 11:22 27934 ----a-w c:\programdata\nvModes.dat
    2009-05-16 13:37 . 2008-12-04 18:26 146259 ----a-w c:\windows\hpoins18.dat
    2009-05-14 01:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-05-10 15:08 . 2008-09-21 19:11 -------- d-----w c:\program files\BDGest Evolution
    2009-05-10 13:02 . 2008-03-02 02:28 -------- d-----w c:\programdata\NVIDIA
    2009-05-04 07:28 . 2007-10-24 08:12 -------- d-----w c:\program files\Java
    2009-05-01 16:48 . 2008-04-20 00:56 -------- d-----w c:\program files\OpenOffice.org 2.4
    2009-04-29 20:50 . 2009-03-26 23:42 -------- d-----w c:\program files\Google
    2009-04-29 17:11 . 2009-04-29 15:31 -------- d-----w c:\programdata\Spybot - Search & Destroy
    2009-04-29 15:31 . 2009-04-29 15:31 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-04-29 15:15 . 2009-04-29 15:14 -------- d-----w c:\programdata\Lavasoft
    2009-04-29 15:14 . 2009-04-29 15:14 -------- d-----w c:\program files\Lavasoft
    2009-04-29 15:12 . 2009-04-29 15:12 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-04-25 14:38 . 2008-05-03 23:18 -------- d-----w c:\program files\Azureus
    2009-04-25 12:44 . 2009-04-25 12:43 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-25 12:44 . 2009-04-25 12:43 -------- d-----w c:\program files\iTunes
    2009-04-25 12:43 . 2009-04-25 12:43 -------- d-----w c:\program files\iPod
    2009-04-25 12:43 . 2008-04-08 23:33 -------- d-----w c:\program files\Common Files\Apple
    2009-04-25 12:42 . 2009-04-25 12:42 -------- d-----w c:\program files\QuickTime
    2009-04-25 12:23 . 2009-04-25 12:23 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-04-25 11:59 . 2009-04-25 11:59 -------- d-----w c:\program files\Bonjour
    2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
    2009-03-19 14:32 . 2009-04-25 12:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-17 03:38 . 2009-04-15 13:08 13824 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-15 13:08 24064 ----a-w c:\windows\system32\amxread.dll
    2009-03-08 11:34 . 2009-03-30 22:56 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 11:34 . 2009-03-30 22:56 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 11:33 . 2009-03-30 22:56 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 11:33 . 2009-03-30 22:56 109056 ----a-w c:\windows\system32\iesysprep.dll
    2009-03-08 11:33 . 2009-03-30 22:56 109568 ----a-w c:\windows\system32\PDMSetup.exe
    2009-03-08 11:33 . 2009-03-30 22:56 132608 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-08 11:33 . 2009-03-30 22:56 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
    2009-03-08 11:33 . 2009-03-30 22:56 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
    2009-03-08 11:33 . 2009-03-30 22:56 103936 ----a-w c:\windows\system32\SetDepNx.exe
    2009-03-08 11:33 . 2009-03-30 22:56 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 11:32 . 2009-03-30 22:56 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 11:32 . 2009-03-30 22:56 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 11:32 . 2009-03-30 22:56 66560 ----a-w c:\windows\system32\wextract.exe
    2009-03-08 11:32 . 2009-03-30 22:56 169472 ----a-w c:\windows\system32\iexpress.exe
    2009-03-08 11:31 . 2009-03-30 22:56 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 11:31 . 2009-03-30 22:56 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 11:31 . 2009-03-30 22:56 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 11:22 . 2009-03-30 22:56 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-07 11:06 . 2009-03-07 11:06 684872 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-03-03 04:46 . 2009-04-15 13:08 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:46 . 2009-04-15 13:08 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:39 . 2009-04-15 13:08 183296 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:39 . 2009-04-15 13:08 551424 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:39 . 2009-04-15 13:08 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:37 . 2009-04-15 13:08 98304 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:37 . 2009-04-15 13:08 54784 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:37 . 2009-04-15 13:08 44032 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 03:04 . 2009-04-15 13:08 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:38 . 2009-04-15 13:08 17408 ----a-w c:\windows\system32\iashost.exe
    2008-04-06 12:16 . 2008-04-06 12:16 22 --sha-w c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

    c:\users\thomas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
    path=c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
    backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9E0C8236-AF61-4F76-B10C-C402EE09D29C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{F69A2F22-CA01-41C7-B7BA-CDF32D91C18E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{1554E8F2-EF59-429E-A1D5-C1DC98B19603}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{7F81C131-0D1B-46D5-AE1E-51A458112AC6}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{76EA986D-14BF-4B22-B5E9-490B5B8ECCB5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{8B720AC3-A991-4302-A10F-C34646A13F9E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{BA50A6B7-F930-48EB-8C57-C16423389E0E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{A3E809DA-347D-48BF-894F-49967B2EC5C1}c:\\users\\thomas\\documents\\azureus\\azureus.exe"= UDP:c:\users\thomas\documents\azureus\azureus.exe:azureus.exe
    "UDP Query User{E8219DF8-C4A8-4958-8E8E-7F35F0692A2E}c:\\users\\thomas\\documents\\azureus\\azureus.exe"= TCP:c:\users\thomas\documents\azureus\azureus.exe:azureus.exe
    "{8EE0F49D-FAB7-4A09-A493-B7B51E58061B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{91B55C0E-7EF7-477A-9B59-053D7C8F9093}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{4733E46B-4BA0-468A-B697-9832EC2279E6}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{5033B192-6399-4BE5-9140-D02ABC900168}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{D0484A5C-52A4-4440-A916-2620021F27B4}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{5FFEE92F-B2BB-4D2F-96DA-3FDED0ADE72C}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{446EBA1D-CDE3-4FD2-AA04-F9789884E533}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{D8058CE7-F2DA-4EEA-91D6-9842019F734F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{26C943E8-9745-4311-8F05-F1855E2FB3EA}c:\\program files\\bdgest evolution\\bdgest.exe"= UDP:c:\program files\bdgest evolution\bdgest.exe:BD Gest'
    "UDP Query User{622335B3-0A9F-4A78-9984-A0D4FD769D99}c:\\program files\\bdgest evolution\\bdgest.exe"= TCP:c:\program files\bdgest evolution\bdgest.exe:BD Gest'
    "{47C2F2BA-C19A-4526-B874-DB50481875DE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{7D37CDF9-D67C-48DD-96B1-C70C6E220C59}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{EB1BBD85-B3EB-4E5C-BC56-E250E745A62A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{4DC8C42A-8522-494F-B6FC-DD627EDA48F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/05/2009 21:00 108289]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29/04/2009 17:31 1153368]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [28/11/2008 22:31 28224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-procexp90.Sys

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\42yujfch.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-30 01:17
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\users\thomas\AppData\Local\Temp\catchme.dll 53248 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2009-05-29 1:19
    ComboFix-quarantined-files.txt 2009-05-29 23:19

    Avant-CF: 119 535 644 672 octets libres
    Après-CF: 119 503 085 568 octets libres

    221 --- E O F --- 2009-05-28 07:38
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    passe un coup de ccleaner

    mets a jour spybot avec la dernière version 1.6.2

    mets a jour open office avec la version 3

    vire avg antispyware

    encore des soucis????

    colle un scan avec antivir
    0