Google probleme embetant

Rapport GenProc 2.615 [1] - 22/08/2009 à 18:59:35
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.0.4) [Navigateur par défaut]

~~ CM DISK ERROR ~~

Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :


- rustbfix http://uploads.ejvindh.andymanchesta.com/RustbFix.exe ( (ejvindh) et sauvegarde-le sur ton Bureau.
- Double clique sur rustbfix.exe afin de lancer l'outil.
- Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi.
- Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.

- Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\rustbfix\pelog.txt).
- Poste le contenu de ces deux rapports, ainsi qu'un rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm


~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.615 22/08/2009 à 18:59:59
Rustock: le 22/08/2009 à 19:00:04 "pe386" present

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 19:00:04 ~~

Bonjour,
oui je suis administrateur, mais a-sqaered n'est pas activé!!!!!

CCleaner fais OK!!

et pour le rustbfix http://uploads.ejvindh.andymanchesta.com/RustbFix.exe ( (ejvindh) je vais le faire la maintenant....

à tout de suite, et merci

Bonjour j'ai suivi la procedure est voila ce qu'il m'a donné:

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
23/08/2009 16:18:56,82

No Rustock.b-rootkits found

******************************* End of Logfile ********************************



merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:51, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://www.01net.com/ | https://www.01net.com/telecharger/ | https://rmc.bfmtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3570098351-1114516976-4103585761-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mr tout le monde')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ?????????? ????????? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

ComboFix 09-08-23.01 - mrBORZ 24/08/2009 12:44.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1497 [GMT 2:00]
Running from: d:\documents and settings\mrBORZ.SN112406210317\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090823-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3363882951-3544910665-4092109050-1003
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101465651.xe
c:\windows\Installer\WMEncoder.msi
c:\windows\prxid93ps.dat
d:\documents and settings\mrBORZ.SN112406210317\Application Data\.#
d:\documents and settings\mrBORZ.SN112406210317\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 10:39 . 2009-08-24 10:39 -------- d-----w- c:\program files\Math Educator
2009-08-23 20:15 . 2009-08-23 20:15 -------- d-----w- c:\program files\Trend Micro
2009-08-22 16:59 . 2009-08-22 17:04 -------- d-----w- C:\Genproc
2009-08-22 14:15 . 2009-08-22 14:15 -------- d-s---w- d:\documents and settings\Mr tout le monde\UserData
2009-08-22 11:25 . 2009-08-22 11:25 -------- d-----w- d:\documents and settings\Mr tout le monde\Application Data\GRETECH
2009-08-22 09:10 . 2009-08-22 10:07 -------- d-----w- d:\documents and settings\Mr tout le monde\Local Settings\Application Data\Adobe
2009-08-21 18:38 . 2009-08-24 09:47 -------- d-----w- d:\documents and settings\Mr tout le monde\Tracing
2009-08-21 18:33 . 2009-08-21 18:33 -------- d-----w- c:\program files\Microsoft
2009-08-21 18:33 . 2009-08-21 18:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-21 16:52 . 2009-08-21 16:52 -------- d-----w- c:\program files\7-Zip
2009-08-21 16:23 . 2009-08-21 16:23 -------- d-----w- c:\program files\CCleaner
2009-08-21 14:03 . 2009-08-21 14:03 -------- d-----w- d:\documents and settings\Mr tout le monde\Local Settings\Application Data\Mozilla
2009-08-21 12:25 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-21 12:10 . 2009-08-21 12:10 -------- d-----w- d:\documents and settings\All Users\Application Data\GRETECH
2009-08-21 12:10 . 2009-08-21 12:10 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\GRETECH
2009-08-21 12:08 . 2009-08-21 12:08 -------- d-----w- c:\program files\SpywareBlaster
2009-08-21 12:08 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-21 12:07 . 2009-08-22 17:16 -------- d-----w- c:\program files\a-squared Free
2009-08-21 12:07 . 2009-08-21 12:07 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-21 12:07 . 2009-01-18 21:43 2892112 -c--a-w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-08-21 12:07 . 2009-08-21 12:07 -------- d-----w- c:\program files\Lavasoft
2009-08-21 11:33 . 2009-08-21 11:33 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2009-08-21 11:32 . 2009-08-21 12:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2009-08-21 10:04 . 2009-08-21 10:04 -------- d-sh--w- d:\documents and settings\mrBORZ.SN112406210317\IECompatCache
2009-08-21 10:03 . 2009-08-21 10:03 -------- d-sh--w- d:\documents and settings\mrBORZ.SN112406210317\PrivacIE
2009-08-21 09:59 . 2009-08-21 09:59 -------- d-sh--w- d:\documents and settings\mrBORZ.SN112406210317\IETldCache
2009-08-21 09:55 . 2009-06-26 16:50 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-08-21 09:55 . 2009-06-26 16:50 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-08-20 08:50 . 2009-08-21 12:14 -------- d-----w- d:\documents and settings\All Users\Application Data\11610624
2009-08-19 16:14 . 2009-08-19 16:14 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-19 16:14 . 2009-08-19 16:14 -------- d-----w- c:\program files\DDnsFilter
2009-08-11 21:38 . 2004-08-03 20:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-08-11 21:37 . 2001-08-17 19:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-08-11 21:36 . 2001-08-23 15:47 50688 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-08-11 21:35 . 2001-08-17 18:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-08-11 21:34 . 2001-08-23 15:47 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2009-08-11 21:33 . 2004-08-03 20:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2009-08-11 21:32 . 2001-08-23 15:47 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2009-08-11 21:31 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-08-11 21:30 . 2001-08-23 15:47 86016 ----a-w- c:\windows\system32\dllcache\pctspk.exe
2009-08-11 21:29 . 2001-08-23 15:47 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-11 21:28 . 2001-08-17 18:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-08-11 21:27 . 2001-08-17 18:19 48768 ----a-w- c:\windows\system32\dllcache\maestro.sys
2009-08-11 21:26 . 2001-08-23 15:47 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2009-08-11 21:25 . 2001-08-17 19:28 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
2009-08-11 21:24 . 2008-04-13 17:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2009-08-11 21:23 . 2001-08-17 18:19 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys
2009-08-11 21:22 . 2001-08-23 15:47 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2009-08-11 21:21 . 2008-04-13 17:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys
2009-08-11 21:20 . 2001-08-17 18:49 17152 ----a-w- c:\windows\system32\dllcache\atitunep.sys
2009-08-11 19:48 . 2009-08-11 19:48 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\GlarySoft
2009-08-09 16:55 . 2009-08-09 16:55 -------- d-----w- d:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-09 16:55 . 2009-08-09 16:55 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\AVS4YOU
2009-08-09 16:54 . 2009-08-21 11:37 -------- d-----w- c:\program files\AVS4YOU
2009-08-09 16:54 . 2009-08-21 11:37 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-08-09 16:54 . 2003-05-21 21:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-09 16:54 . 2002-01-05 12:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-09 16:54 . 2002-01-05 11:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-09 16:52 . 2009-08-09 16:52 -------- d-----w- c:\program files\WinPcap
2009-08-05 14:44 . 2009-08-05 14:47 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\log
2009-08-05 14:44 . 2009-08-05 14:47 47360 ----a-w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\pcouffin.sys
2009-08-05 14:44 . 2009-08-05 14:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-05 14:38 . 2009-08-05 14:56 -------- d-----w- c:\windows\system32\NtmsData
2009-08-05 13:52 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-08-05 13:52 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-08-05 11:23 . 2009-08-05 11:23 152576 ----a-w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-01 08:37 . 2009-08-01 09:18 52224 ----a-w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Mozilla\Firefox\Profiles\1z9hsyhe.default\extensions\{c8323da4-6f81-4c60-b6c1-a6807c3acf70}\components\FFExternalAlert.dll
2009-08-01 08:37 . 2009-08-01 09:18 114688 ----a-w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Mozilla\Firefox\Profiles\1z9hsyhe.default\extensions\{c8323da4-6f81-4c60-b6c1-a6807c3acf70}\components\npmozax.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-26 12:31 . 2009-07-26 12:31 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Mra

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 09:51 . 2004-08-16 16:41 84526 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-24 09:51 . 2004-08-16 16:41 510324 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-22 17:33 . 2009-08-21 14:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Mozilla Firefox
2009-08-21 18:37 . 2009-08-21 11:47 48600 ----a-w- d:\documents and settings\Mr tout le monde\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 18:33 . 2009-05-02 18:16 -------- d-----w- c:\program files\Windows Live
2009-08-21 16:24 . 2008-12-13 14:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-21 16:19 . 2009-06-19 19:28 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-08-21 16:02 . 2009-07-11 19:24 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\64TRUST
2009-08-21 12:14 . 2009-02-27 13:28 -------- d-----w- c:\program files\Athan
2009-08-21 12:11 . 2009-02-27 13:28 737280 ----a-w- c:\windows\iun6002.exe
2009-08-21 12:10 . 2009-02-27 13:27 -------- d-----w- c:\program files\GRETECH
2009-08-21 12:04 . 2009-03-14 16:25 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-08-21 11:41 . 2009-02-27 13:29 -------- d-----w- c:\program files\IZArc
2009-08-21 11:40 . 2009-01-21 20:48 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-08-20 17:59 . 2009-02-27 12:01 48600 -c--a-w- d:\documents and settings\mrBORZ.SN112406210317\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 09:37 . 2009-04-18 10:54 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2009-08-19 07:59 . 2009-02-27 11:38 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-18 17:33 . 2009-03-02 16:43 -------- d-----w- c:\program files\World of Warcraft
2009-08-09 15:46 . 2009-06-24 13:28 -------- d-----w- c:\program files\QuickTime
2009-08-05 14:47 . 2009-04-14 20:00 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Vso
2009-08-05 14:35 . 2009-02-27 17:52 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 14:35 . 2009-02-27 12:26 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-05 11:23 . 2009-02-27 11:33 -------- d-----w- c:\program files\Java
2009-08-05 09:00 . 2004-08-16 16:40 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 12:31 . 2009-04-01 19:20 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Mail.Ru
2009-07-25 15:55 . 2009-07-17 12:19 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Momindum Studio
2009-07-25 15:55 . 2009-07-17 12:18 -------- d-----w- c:\program files\Momindum Studio
2009-07-25 03:23 . 2009-04-19 09:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 19:36 . 2009-05-08 06:59 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\Super Audio Editor
2009-07-17 19:03 . 2004-08-16 16:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:36 . 2009-07-16 14:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 21:43 . 2004-08-16 16:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 16:15 . 2009-07-12 16:15 -------- d-----w- c:\program files\Core Services
2009-07-12 11:07 . 2009-06-23 11:52 -------- d-----w- c:\program files\Microsoft FrontPage Express
2009-07-11 16:12 . 2009-02-27 11:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 16:10 . 2009-07-11 16:03 -------- d-----w- d:\documents and settings\mrBORZ.SN112406210317\Application Data\CrystalButton
2009-06-28 11:27 . 2009-06-05 14:52 -------- d-----w- c:\program files\Logitech
2009-06-28 11:24 . 2009-06-11 18:47 -------- d-----w- c:\program files\Evrsoft First Page 2006
2009-06-26 16:50 . 2004-08-16 16:41 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 18:49 . 2009-02-28 14:57 6628 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-16 14:40 . 2004-08-16 16:41 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-16 16:40 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-16 16:41 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-08-16 16:39 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-16 17:03 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-16 16:41 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 19:36 . 2009-06-09 19:24 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-06-08 10:32 . 2009-03-04 20:01 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-03 19:10 . 2004-08-16 16:40 1297408 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"Athan"="c:\program files\Athan\Athan.exe" [2007-08-20 1024000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^mrBORZ.SN112406210317^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:*:Disabled:ddnsfilter

R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [16/08/2004 18:41 14336]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/08/2009 14:08 64160]
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [01/01/1980 01:00 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/03/2009 16:57 114768]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 18:14 38016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/03/2009 16:57 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 921936]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15/11/2007 22:30 34064]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/02/2009 13:29 799744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.01net.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: localhost
FF - ProfilePath - d:\documents and settings\mrBORZ.SN112406210317\Application Data\Mozilla\Firefox\Profiles\1z9hsyhe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2362271&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.domaine.ucoz.ru/index/0-19/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2362271&SearchSource=2&q=
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 12:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(940)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\apps\ABOARD\AOSD.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-24 12:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 10:52

Pre-Run: 10 275 168 256 octets libres
Post-Run: 10 146 316 288 octets libres

276 --- E O F --- 2009-08-13 09:45





bonne journée

Bonsoir
je viens de cliquer sur le lien
et firefox me dit qu'il ne peut pas trouver l'adresse
le lien ne fonctionne pas

Bonjour, je suis désolé, mais pourriez vous m'expliquer comment vous faite pour utiliser internet explorer en mode sans échec??
parce que je viens de fouillé tout dans explorer, j'ai meme reinstaller, mais j'arrive pas mettre en mode sans echec!!

j'ai réinstaller internet explorer 8

je pense que ça n'a servi à rien, mais bon je voulais tout essayer...

alors comment faire pour aller sur internet explorer en mode sans échec, pour pouvoir aller sur le lien que vous m'avez donner

Bonjour,
j'ai le plaisir de vous annoncer que le problème a été résolu
merci beaucoup pour votre aide, vous m'avez été de grande aide

j'ai fais ce scanner en ligne en mode sans echec avec prise en charge reseau, et puis ce scanner a trouver sur mon pc un trojan (cheval de troi), un truck comme ça...

mais pourriez vous m'expliquer pouquoi ça n'a pas marcher en mode normal et ça a marcher en mode sans echec??!!!

mercii

a oui si je le trouve sur mon pc

avez vous une idée où il est?? ce rapport parce que a la fin de l'analyse, il me la pas afficher...

je viens de regarder dans l'endroit où vous m'avez indiqué!! mais il est y pas dans...

je regrette mais je ne le trouve pas, et pourtant j'ai bien cherché

bonjour,
je pensais vous avoir dis
mais bon
enfait depuis ce scan tout est redevenu comme avant...tout est bien, parfait.
mercii beaucoup pour votre aide