Virus trojan

voici rapport RSIT merci pour ta patience et pour tes connaissances bonne soiree a demain et je vais telecharger IE6

Logfile of random's system information tool 1.06 (written by random/random)
Run by pascal at 2010-03-15 21:42:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 36 GB (32%) free of 111 GB
Total RAM: 1014 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:13, on 15/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pascal\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pascal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2B982D-40E2-4607-8162-E0FB5D11CB18}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

bonsoir
bon j'ai effectue ce que tu m'as dit de faire sauf la fin " necessaire de desactiver redemarrer puis reactiver avec symantec " je ne comprend pas j'arrive sur le site c'est en anglais et c'est aussi un autre anti-virus?
D'autre part les liens que tu m'ecris je ne peux plus y acceder directement ,je suis oblige de faire un copier coller et d'ouvrir moi-même internet. Merci voici le rapport tool's cleaner
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\_OTM: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Documents and Settings\pascal\Bureau\catchme.zip: trouvé !
C:\Documents and Settings\pascal\Bureau\catchme\catchme.log: trouvé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\OTM.exe: trouvé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\Ad-R.exe: trouvé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\UsbFix.exe: trouvé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\Rsit.exe: trouvé !
C:\Program Files\List_Kill'em\catchme.exe: trouvé !
C:\Program Files\List_Kill'em\mbr.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\pascal\Mes documents\Téléchargements\OTM.exe: supprimé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\Ad-R.exe: supprimé !
C:\Program Files\List_Kill'em\catchme.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\pascal\Bureau\catchme.zip: supprimé !
C:\Documents and Settings\pascal\Bureau\catchme\catchme.log: supprimé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\UsbFix.exe: supprimé !
C:\Documents and Settings\pascal\Mes documents\Téléchargements\Rsit.exe: supprimé !
C:\Program Files\List_Kill'em\mbr.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !

bonjour archet
Je ne veux pas t'embeter encore mais saurais tu m'indiquer la manip afin que dans mes mails lorsque des liens me sont indiques je ne sois pas obligé de faire un copier coller et d'ouvrir internet mais y aller directement ?
merci

bonjour archet
je pense que c'est tjrs pareil Voici le dernier rapport combofix avec nouveau script



ComboFix 10-03-19.08 - pascal 20/03/2010 22:01:21.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.612 [GMT 1:00]
Lancé depuis: c:\documents and settings\pascal\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\pascal\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100320-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-20 au 2010-03-20 ))))))))))))))))))))))))))))))))))))
.

2010-03-16 14:50 . 2010-03-16 14:50 -------- dcsh--w- c:\documents and settings\pascal\PrivacIE
2010-03-16 14:49 . 2010-03-16 14:49 -------- dcsh--w- c:\documents and settings\pascal\IETldCache
2010-03-16 14:47 . 2010-03-16 14:47 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-16 14:46 . 2010-03-16 14:47 -------- d-----w- c:\windows\ie8updates
2010-03-16 14:44 . 2010-03-16 14:46 -------- dc-h--w- c:\windows\ie8
2010-03-16 14:44 . 2010-03-16 14:45 -------- d-----w- c:\windows\system32\fr-FR
2010-03-15 21:47 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-15 21:47 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-15 21:47 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-15 21:47 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-15 21:47 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-15 21:47 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-15 21:47 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-14 18:52 . 2010-03-14 18:52 -------- d-----w- c:\windows\ServicePackFiles
2010-03-14 16:26 . 2010-03-14 16:28 -------- dc----w- C:\Kill'em
2010-03-14 14:08 . 2010-03-16 18:42 -------- d-----w- c:\program files\List_Kill'em
2010-03-14 12:29 . 2010-03-14 12:29 -------- dc----w- c:\documents and settings\pascal\Application Data\Malwarebytes
2010-03-14 12:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 12:29 . 2010-03-14 12:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 12:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 12:29 . 2010-03-14 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 21:32 . 2010-03-13 21:32 5979 -c--a-w- C:\UsbFix_Upload_Me_PASCAL-507FF084.zip
2010-03-13 19:45 . 2010-03-16 18:42 -------- d-----w- c:\program files\trend micro
2010-03-12 19:49 . 2010-03-12 19:49 -------- dcs---w- c:\documents and settings\LocalService\UserData
2010-03-12 00:16 . 2010-03-12 00:16 -------- dcs---w- c:\documents and settings\NetworkService\UserData
2010-03-11 08:55 . 2010-03-11 08:55 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-11 08:55 . 2010-03-12 15:35 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-11 08:55 . 2010-03-12 15:17 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-06 16:57 . 1995-09-05 23:00 92208 ----a-w- c:\windows\system\WING.DLL
2010-03-06 16:57 . 1995-09-05 23:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2010-03-06 16:57 . 1995-09-05 23:00 188960 ----a-w- c:\windows\system\WINGDE.DLL
2010-03-06 16:57 . 1995-09-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2010-03-06 16:52 . 1994-09-21 00:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-03-06 16:52 . 1994-09-21 00:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-03-06 16:52 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-03-06 16:52 . 1994-08-24 00:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-03-06 16:52 . 2010-03-06 16:52 -------- dc----w- C:\Maxis
2010-03-06 16:52 . 1996-09-26 17:20 83944 ----a-w- c:\windows\system32\SNDMIX16.DLL
2010-03-06 16:52 . 1996-01-12 12:06 283648 ----a-w- c:\windows\unin040c.exe
2010-02-21 16:55 . 2010-02-21 16:55 -------- d-----w- c:\program files\Micro Application
2010-02-19 20:22 . 2010-02-19 20:22 -------- d-----w- c:\program files\iPod
2010-02-19 20:22 . 2010-02-19 20:23 -------- dc----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-19 20:22 . 2010-02-19 20:23 -------- d-----w- c:\program files\iTunes
2010-02-19 20:21 . 2010-02-19 20:21 -------- d-----w- c:\program files\Bonjour
2010-02-19 20:20 . 2010-02-19 20:21 -------- d-----w- c:\program files\QuickTime
2010-02-19 20:18 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-02-19 10:32 . 2010-02-19 10:32 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-19 10:32 . 2007-06-15 14:03 29656 ----a-w- c:\windows\system32\Lanceur2.exe
2010-02-19 10:32 . 2010-02-19 10:32 -------- d-----w- c:\program files\SoftwarePassport
2010-02-19 10:32 . 2007-02-25 23:42 53248 ----a-w- c:\windows\system32\ArmAccess.dll
2010-02-19 10:32 . 1999-03-03 20:00 908800 ----a-w- c:\windows\system32\CP3245MT.DLL
2010-02-19 10:32 . 2003-01-30 13:04 1500160 ----a-w- c:\windows\system32\CC3260MT.DLL
2010-02-19 10:31 . 2010-02-19 10:31 -------- d-----w- c:\program files\Mindscape
2010-02-19 10:31 . 1998-02-09 19:00 29952 ----a-w- c:\windows\system32\BORLNDMM.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 20:55 . 2008-01-04 11:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-20 12:58 . 2007-11-28 13:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-17 14:35 . 2007-11-28 15:19 40952 -c--a-w- c:\documents and settings\pascal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 18:35 . 2007-11-28 17:19 -------- d-----w- c:\program files\Fichiers communs\Java
2010-03-16 18:35 . 2010-03-16 18:35 503808 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-29de8d25-n\msvcp71.dll
2010-03-16 18:35 . 2010-03-16 18:35 499712 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-29de8d25-n\jmc.dll
2010-03-16 18:35 . 2010-03-16 18:35 348160 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-29de8d25-n\msvcr71.dll
2010-03-16 18:35 . 2010-03-16 18:35 61440 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f861916-n\decora-sse.dll
2010-03-16 18:35 . 2010-03-16 18:35 12800 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f861916-n\decora-d3d.dll
2010-03-16 18:34 . 2007-11-28 17:20 -------- d-----w- c:\program files\Java
2010-03-15 19:18 . 2007-12-08 09:25 -------- dc----w- c:\documents and settings\pascal\Application Data\OpenOffice.org2
2010-03-14 19:09 . 2002-08-30 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 19:09 . 2002-08-30 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-11 08:55 . 2010-03-11 08:55 1924976 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-10 08:26 . 2007-12-04 14:33 -------- d-----w- c:\program files\Shareaza
2010-03-03 18:12 . 2008-08-30 09:52 -------- dc----w- c:\documents and settings\pascal\Application Data\LimeWire
2010-02-26 01:18 . 2009-11-25 16:59 79488 -c--a-w- c:\documents and settings\pascal\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-21 16:55 . 2007-11-28 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 20:30 . 2007-11-28 17:00 -------- dc----w- c:\documents and settings\pascal\Application Data\Apple Computer
2010-02-19 20:28 . 2007-11-28 16:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-19 20:22 . 2007-11-28 16:59 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-02-19 19:53 . 2007-11-28 16:59 -------- d-----w- c:\program files\Apple Software Update
2010-02-17 13:40 . 2007-12-08 09:27 1 -c--a-w- c:\documents and settings\pascal\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-22 18:51 . 2010-01-22 18:51 72488 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-18 17:30 . 2010-01-18 17:30 291558 -c--a-w- c:\documents and settings\pascal\Application Data\MSNInstaller\msnauins.exe
2009-12-21 19:07 . 2004-08-19 14:09 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-20_13.13.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-20 14:18 . 2010-03-20 14:18 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
- 2010-03-20 13:06 . 2010-03-20 13:06 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
+ 2010-03-20 21:12 . 2010-03-20 21:12 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21/09/2008 11:17 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21/09/2008 11:17 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/05/2008 15:42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/05/2008 15:42 20560]
.
Contenu du dossier 'Tâches planifiées'

2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.01net.com
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
TCP: {FD2B982D-40E2-4607-8162-E0FB5D11CB18} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\pascal\Application Data\Mozilla\Firefox\Profiles\xwwed93o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mcmetal.fr/
FF - component: c:\documents and settings\pascal\Application Data\Mozilla\Firefox\Profiles\xwwed93o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 22:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A872C0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7502fc3
\Driver\ACPI -> ACPI.sys @ 0xf736ecb8
\Driver\atapi -> 0x86a872c0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2010-03-20 22:17:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-20 21:17
ComboFix2.txt 2010-03-20 14:24
ComboFix3.txt 2010-03-20 13:19

Avant-CF: 35 948 908 544 octets libres
Après-CF: 35 904 000 000 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 6346E86E2CC39FAF12470A11F634DF4D

L'outil a travaillé ou pas?

a+