Problème d'ouverture intempestive d’IE (pub)

doublemolmol -  
 doublemolmol -
Bonjour,

J'ai un problème âpre une infection par un virus via MSN (PB apparemment résolut :) ) j'ai des ouvertures intempestives d'IE
Apres avoir regardé plusieurs topics sur le sujet j'ai fait un log avec HIJACKTHIS

merci de votre aide

voila mon rapport HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50:45, on 09/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\Fiberlink\Extend360\VPNSentry.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe
C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Time Zone\TimeZone.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2articles.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
O3 - Toolbar: &SIAT for Web - {91A7F523-1183-4654-A577-0771992F1784} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [f86694c8] rundll32.exe "C:\WINDOWS\system32\aqqcntwl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd
O4 - HKCU\..\Run: [SIATEnterpriseClient] "C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe"
O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect 7.5\sametime.exe"
O4 - HKLM\..\Policies\Explorer\Run: [1] CMD /C Start /Min C:\Windows\Coreload\Local_Init.bat
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SMSCliSvcAcct&')
O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [internat.exe] internat.exe (User 'SMSCliSvcAcct&')
O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\RunOnce: [UserPrep] C:\Windows\System32\GE\Scripts\UserPrep.bat (User 'SMSCliSvcAcct&')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
O15 - Trusted Zone: *.supportcentral.ge.com
O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
O15 - Trusted Zone: http://genet.ae.ge.com
O15 - Trusted Zone: http://inside.ge.com
O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
O15 - Trusted Zone: http://ssqc.ge.com
O15 - Trusted Zone: time.infra.ge.com
O15 - Trusted Zone: *.ge.com
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\Software\..\Telephony: DomainName = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D14633-EF2F-42CA-B1F0-47FD0BD96E02}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0550CF-9B02-46BF-AA17-236A32E9C293}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C69BE8-B5CE-417B-B9AE-34C70FF023C6}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pvoqur.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Max2U\fullhost\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\BlackIce\blackd.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\LIC98RMT.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\LIC98RMTD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Orant\bin\ONRSD.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\BlackIce\RapApp.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11848 bytes
Configuration: Windows XP
Firefox 3.0.4

7 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    si vous avez CA antivirus et norton il faut en virer un!!!

    pour virer norton:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    ________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  2. doublemolmol
     
    merci pour votre aide
    voila le log demandé:

    ComboFix 08-12-07.04 - MollarMa 2008-12-09 19:50:12.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.701 [GMT 1:00]
    Running from: c:\documents and settings\MollarMa\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\grouppolicy\machine\scripts\scripts.ini
    c:\windows\system32\head.exe
    c:\windows\system32\iifdcYpM.dll
    c:\windows\system32\lwtncqqa.ini
    c:\windows\system32\mdm.exe
    c:\windows\system32\NewCoreload.exe
    c:\windows\system32\ntosa32.exe
    c:\windows\system32\ps.exe
    c:\windows\system32\pvoqur.dll
    c:\windows\system32\rqRhfcYs.dll
    c:\windows\system32\SOCKETX.DLL
    c:\windows\system32\sYcfhRqr.ini
    c:\windows\system32\sYcfhRqr.ini2
    c:\windows\system32\tar.exe
    c:\windows\system32\uovgdqtp.dll
    c:\windows\Tasks\kzzmnwap.job
    D:\Autorun.inf

    ----- BITS: Possible infected sites -----

    hxxp://childhe.com
    hxxp://wsus.ad.ge.com
    .
    ((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
    .

    2008-12-09 20:01 . 2008-12-09 20:01 303,104 --a------ c:\windows\system32\xxyywvVN.dll
    2008-12-09 20:01 . 2008-12-09 20:01 370 --ahs---- c:\windows\system32\NVvwyyxx.ini2
    2008-12-09 20:01 . 2008-12-09 20:04 370 --ahs---- c:\windows\system32\NVvwyyxx.ini
    2008-12-09 07:28 . 2008-12-09 07:28 <DIR> d-------- C:\!KillBox
    2008-12-09 07:27 . 2008-12-09 07:27 <DIR> d-------- c:\program files\Trend Micro
    2008-12-09 06:50 . 2008-12-09 06:50 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-09 06:50 . 2008-12-09 06:50 1,409 --a------ c:\windows\QTFont.for
    2008-12-09 06:34 . 2008-12-09 06:34 <DIR> d-------- c:\program files\CCleaner
    2008-12-09 05:53 . 2008-12-09 05:53 <DIR> d-------- c:\windows\system32\Kaspersky Lab
    2008-12-09 04:53 . 2008-12-09 06:43 <DIR> d-------- C:\MSNCleaner
    2008-12-09 04:19 . 2008-12-09 04:38 <DIR> d-------- C:\SDFix
    2008-12-09 04:16 . 2008-12-09 04:16 35,328 --a------ c:\windows\system32\xxyxWQIY.dll
    2008-12-09 04:02 . 2008-12-09 04:02 35,328 --a------ c:\windows\system32\nnnnMCsp.dll
    2008-12-09 03:49 . 2008-12-09 03:49 35,328 --a------ c:\windows\system32\jkkIASjI.dll
    2008-12-09 03:24 . 2008-12-09 04:46 26,162 --a------ C:\iri.exe
    2008-12-09 01:38 . 2008-12-09 01:38 35,328 --a------ c:\windows\system32\vtUooPhg.dll
    2008-12-09 01:10 . 2008-12-09 01:10 34,816 --a------ c:\windows\system32\urqpqoLc.dll
    2008-12-09 00:54 . 2008-12-09 00:54 34,816 --a------ c:\windows\system32\mlJYopnO.dll
    2008-12-09 00:34 . 2008-12-09 00:34 <DIR> d--h----- c:\windows\PIF
    2008-12-08 19:37 . 2008-12-08 19:51 1,025 --a------ C:\osy.exe
    2008-11-24 08:34 . 2008-11-24 08:35 <DIR> d-------- c:\program files\Common Files\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-09 19:03 --------- d-----w c:\program files\BlackIce
    2008-12-09 18:58 --------- d-----w c:\program files\Symantec AntiVirus
    2008-12-09 08:29 --------- d-----w c:\program files\Nortel Networks
    2008-12-08 19:47 --------- d-----w c:\program files\Windows Live Safety Center
    2008-12-08 07:45 --------- d-----w c:\documents and settings\MollarMa\Application Data\Skype
    2008-12-08 07:05 --------- d-----w c:\documents and settings\MollarMa\Application Data\skypePM
    2008-12-07 20:46 --------- d-----w c:\program files\pdf995
    2008-12-06 18:25 --------- d-----w c:\program files\SafeBoot
    2008-12-03 06:43 --------- d-----w c:\program files\Java
    2008-12-01 06:07 --------- d-----w c:\documents and settings\MollarMa\Application Data\Sametime
    2008-11-27 01:56 --------- d-----w c:\program files\Microsoft Silverlight
    2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 22:02 --------- d-----w c:\program files\SIAT Enterprise Client
    2008-10-16 18:09 --------- d-----w c:\program files\Ca
    2008-10-14 17:56 --------- d-----w c:\documents and settings\MollarMa\Application Data\CA
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
    2007-10-23 19:41 8 ----a-w c:\documents and settings\MollarMa\.bztarotcumul.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{205aec4e-c8f1-4067-9505-0047a0e9db51}]
    2008-12-09 20:04 126464 --a------ c:\windows\system32\exbxwk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    2008-12-09 00:54 34816 --a------ c:\windows\system32\mlJYopnO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7246E5E6-2A63-401D-A5F4-89D04575136B}]
    2008-12-09 20:01 303104 --a------ c:\windows\system32\xxyywvVN.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B12AD8C5-54BB-44B9-AA5C-822F47B4DB67}]
    2008-02-17 17:14 643584 --a------ c:\progra~1\SIATEN~1\SIAT4W~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{91A7F523-1183-4654-A577-0771992F1784}"= "c:\progra~1\SIATEN~1\SIAT4W~1.DLL" [2008-02-17 643584]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "CheckIt"="C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd" [2006-10-13 2676]
    "SIATEnterpriseClient"="c:\program files\SIAT Enterprise Client\SiatEnterpriseClient.exe" [2008-05-02 413696]
    "Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2005-01-06 712704]
    "Sametime Connect 7.5"="c:\program files\IBM\Sametime Connect 7.5\sametime.exe" [2006-07-30 249856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
    "SMS Application Launcher"="c:\windows\MS\SMS\CORE\BIN\LAUNCH32.EXE" [2003-02-23 73584]
    "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2007-07-05 49212]
    "openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\IconAC76BA86.exe [2008-11-24 300032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)
    "LogonType"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLogonScripts"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisablePersonalDirChange"= 1 (0x1)
    "ForceStartMenuLogOff"= 1 (0x1)
    "NoSimpleStartMenu"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\mlJYopnO.dll" [2008-12-09 34816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
    2008-02-29 19:13 27400 c:\program files\Ca\DSM\bin\cfWlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYopnO]
    2008-12-09 00:54 34816 c:\windows\system32\mlJYopnO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    2005-05-20 10:51 8704 c:\windows\system32\PCANotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=pvoqur.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\xxyywvVN

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-8915387-251426123-247139262-78991\Scripts\Logon\[u]0/u\[u]0/u]
    "Script"=TSGEUS_PSNonEC.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "5556:TCP"= 5556:TCP:SafeBoot

    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-07-05 30267]
    R0 SBAlg;SBAlg;c:\windows\system32\drivers\SBAlg.sys [2007-07-05 44848]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2007-07-05 4752]
    R1 SBFlop;SBFlop;c:\windows\system32\drivers\SBFlop.sys [2007-07-05 6096]
    R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2007-07-05 14864]
    R2 caf;CA DSM r11 Common Application Framework.;"c:\program files\CA\DSM\bin\caf.exe" service [2008-02-29 193800]
    R2 FiberlinkMonitor;Fiberlink Monitor Service;"c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe" [2005-05-06 65604]
    R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\SBMGRNT.EXE [2007-07-05 49212]
    R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-07-03 9433]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]
    R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-07-03 115680]
    R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
    S0 black;black;c:\windows\system32\drivers\BlackDrv.sys [2007-07-03 229367]
    S2 BlackICE;BlackICE;"c:\program files\BlackIce\blackd.exe" [2007-07-03 847872]
    S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-07-03 115680]
    S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [2003-08-06 73728]
    S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [2003-08-06 73728]
    S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Nortel Networks\Extranet_serv.exe" [2007-07-03 630784]
    S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\orant\bin\ONRSD.EXE [2000-01-25 408568]
    S3 RapFile;RapFile;\??\c:\windows\system32\drivers\RapFile.sys [2006-11-03 36676]
    S3 RapNet;RapNet;\??\c:\windows\system32\drivers\RapNet.sys [2006-11-03 24344]
    S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-06-15 115952]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4723d143-8d2f-11dc-9f8d-444553544200}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4723d14d-8d2f-11dc-9f8d-444553544200}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1ef4040-1c0a-11dd-a07f-444553544200}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c886f493-440f-11dd-a0d9-444553544200}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1D2908F4-2CC5-4F72-BAFF-9026CF04C227}]
    %systemroot\system32\msiexec.exe /i %systemroot%\options\packages\coreapps\pcinfo\pcinfo.msi /qb!

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{257AC5ED-A013-4E10-B3C0-099F5E8D8FC2}]
    %Sytemroot%\system32\msiexec.exe /i %Systemroot%\options\pacakges\coreapps\TSG Proxy\TSG Proxy Button.msi /qn

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A81200000003}]
    msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A81200000003} /qn

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4EE5E0C-25B9-4EDA-B36A-7D9E34D48308}]
    msiexec /fup {B4EE5E0C-25B9-4EDA-B36A-7D9E34D48308} /q

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E72B0C-1F6A-4C67-84D8-3F7743B87E37}]
    c:\windows\System32\msiexec.exe /i c:\windows\Options\Packages\CoreApps\GETemplates\GETemplatesGEE.msi /qb!

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DEED8232-C2B0-4517-A0A2-96D2886C1DC8}]
    c:\windows\system32\msiexec.exe /i c:\windows\options\packages\coreapps\STFixIE\STFixIE.msi /qb!
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-26 c:\windows\Tasks\At1.job
    - c:\windows\system32\GE\Scripts\GEChkDsk.bat [2005-10-03 12:20]

    2008-11-27 c:\windows\Tasks\At2.job
    - c:\windows\system32\GE\Scripts\AutoDefrag.bat [2005-10-03 13:19]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{71C72C3A-CAF5-42A1-8AAD-F5EC9F5E444F} - c:\windows\system32\rqRhfcYs.dll
    HKLM-Run-f86694c8 - c:\windows\system32\aqqcntwl.dll

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.a2articles.com
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
    IE: {7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\IEProxy.vbs c:\program files\TSG Proxy\IEProxy.vbs
    IE: {7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\IEProxy.vbs c:\program files\TSG Proxy\IEProxy.vbs - c:\program files\tsg proxy\ieproxy.vbs\inprocserver32 does not exist!
    Trusted Zone: *.ge.com
    Trusted Zone: *.supportcentral.ge.com
    Trusted Zone: time.infra.ge.com

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: Sametime MRC 651FP1 - hxxp://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    c:\windows\Downloaded Program Files\Sametime MRC 651FP1.osd
    FireFox -: Profile - c:\documents and settings\MollarMa\Application Data\Mozilla\Firefox\Profiles\[u]0/u6qw7v53.default\
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npSton3D.dll
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-09 20:00:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    c:\windows\system32\NVvwyyxx.ini 370 bytes
    c:\windows\system32\NVvwyyxx.ini2 370 bytes
    c:\windows\system32\xxyywvVN.dll 303104 bytes executable

    scan completed successfully
    hidden files: 3

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1692)
    c:\windows\system32\BCMLogon.dll
    c:\program files\CA\DSM\Bin\cfwlogon.dll
    c:\windows\system32\mlJYopnO.dll

    - - - - - - - > 'lsass.exe'(1748)
    c:\windows\System32\BCMLogon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLTRYSVC.EXE
    c:\windows\system32\BCMWLTRY.EXE
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Ca\SC\CAM\bin\cam.exe
    c:\windows\MS\SMS\CORE\BIN\clisvcl.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Fiberlink\Extend360\ServiceMgr.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\MS\SMS\clicomp\RemCtrl\Wuser32.exe
    c:\windows\MS\SMS\clicomp\apa\Bin\SMSAPM32.exe
    c:\program files\Ca\DSM\bin\cfsmsmd.exe
    c:\program files\Fiberlink\Extend360\VPNSentry.exe
    c:\program files\Ca\DSM\bin\ccnfAgent.exe
    c:\program files\Ca\DSM\bin\cfnotsrvd.exe
    c:\program files\Ca\DSM\bin\ccsmagtd.exe
    c:\program files\Ca\DSM\bin\amswmagt.exe
    c:\program files\Ca\DSM\PMAgent\capmuamagt.exe
    c:\program files\Ca\DSM\bin\cfFTPlugin.exe
    c:\windows\MS\SMS\clicomp\SWDist32\bin\SMSMon32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-09 20:06:45 - machine was rebooted [MollarMa]
    ComboFix-quarantined-files.txt 2008-12-09 19:06:37

    Pre-Run: 20,290,330,624 bytes free
    Post-Run: 20,233,773,056 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=alwaysoff /fastdetect

    303 --- E O F --- 2008-11-20 00:07:38
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est quoi ton disque F???

    _____________

    analyse ce fichier sur virus total et si infecté ou o sizes tu le rajoute dans la partie files:: de la procedure suivante

    https://www.virustotal.com/gui/

    C:\iri.exe

    _________________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    c:\windows\system32\xxyywvVN.dll
    c:\windows\system32\NVvwyyxx.ini2
    c:\windows\system32\NVvwyyxx.ini
    c:\windows\system32\xxyxWQIY.dll
    c:\windows\system32\nnnnMCsp.dll
    c:\windows\system32\jkkIASjI.dll
    c:\windows\system32\vtUooPhg.dll
    c:\windows\system32\urqpqoLc.dll
    c:\windows\system32\mlJYopnO.dll
    c:\windows\system32\exbxwk.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{205aec4e-c8f1-4067-9505-0047a0e9db51}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7246E5E6-2A63-401D-A5F4-89D04575136B}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYopnO]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. doublemolmol
       
      Le lecteur F: est celui de mon appareil photo.
      Je vous envoie l'analyse HijackThis tout de suite âpre

      voici le log combofix:

      ComboFix 08-12-07.04 - MollarMa 2008-12-09 21:16:19.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.429 [GMT 1:00]
      Running from: c:\documents and settings\MollarMa\Desktop\ComboFix.exe
      Command switches used :: c:\documents and settings\MollarMa\Desktop\CFscript.txt
      * Created a new restore point

      FILE ::
      C:\iri.exe
      c:\windows\system32\exbxwk.dll
      c:\windows\system32\jkkIASjI.dll
      c:\windows\system32\mlJYopnO.dll
      c:\windows\system32\nnnnMCsp.dll
      c:\windows\system32\NVvwyyxx.ini
      c:\windows\system32\NVvwyyxx.ini2
      c:\windows\system32\urqpqoLc.dll
      c:\windows\system32\vtUooPhg.dll
      c:\windows\system32\xxyxWQIY.dll
      c:\windows\system32\xxyywvVN.dll
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\iri.exe
      c:\windows\system32\amdhivyb.ini
      c:\windows\system32\byvihdma.dll
      c:\windows\system32\exbxwk.dll
      c:\windows\system32\jkkIASjI.dll
      c:\windows\system32\mlJYopnO.dll
      c:\windows\system32\mqntaxtg.dll
      c:\windows\system32\nnnnMCsp.dll
      c:\windows\system32\NVvwyyxx.ini
      c:\windows\system32\NVvwyyxx.ini2
      c:\windows\system32\urqpqoLc.dll
      c:\windows\system32\vtUooPhg.dll
      c:\windows\system32\xxyxWQIY.dll
      c:\windows\system32\xxyywvVN.dll

      .
      ((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
      .

      2008-12-09 07:28 . 2008-12-09 07:28 <DIR> d-------- C:\!KillBox
      2008-12-09 07:27 . 2008-12-09 07:27 <DIR> d-------- c:\program files\Trend Micro
      2008-12-09 06:50 . 2008-12-09 06:50 54,156 --ah----- c:\windows\QTFont.qfn
      2008-12-09 06:50 . 2008-12-09 06:50 1,409 --a------ c:\windows\QTFont.for
      2008-12-09 06:34 . 2008-12-09 06:34 <DIR> d-------- c:\program files\CCleaner
      2008-12-09 05:53 . 2008-12-09 05:53 <DIR> d-------- c:\windows\system32\Kaspersky Lab
      2008-12-09 04:53 . 2008-12-09 06:43 <DIR> d-------- C:\MSNCleaner
      2008-12-09 04:19 . 2008-12-09 04:38 <DIR> d-------- C:\SDFix
      2008-12-09 00:34 . 2008-12-09 00:34 <DIR> d--h----- c:\windows\PIF
      2008-12-08 19:37 . 2008-12-08 19:51 1,025 --a------ C:\osy.exe
      2008-11-24 08:34 . 2008-11-24 08:35 <DIR> d-------- c:\program files\Common Files\Adobe

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-09 20:24 --------- d-----w c:\program files\Symantec AntiVirus
      2008-12-09 20:24 --------- d-----w c:\program files\BlackIce
      2008-12-09 08:29 --------- d-----w c:\program files\Nortel Networks
      2008-12-08 19:47 --------- d-----w c:\program files\Windows Live Safety Center
      2008-12-08 07:45 --------- d-----w c:\documents and settings\MollarMa\Application Data\Skype
      2008-12-08 07:05 --------- d-----w c:\documents and settings\MollarMa\Application Data\skypePM
      2008-12-07 20:46 --------- d-----w c:\program files\pdf995
      2008-12-06 18:25 --------- d-----w c:\program files\SafeBoot
      2008-12-03 06:43 --------- d-----w c:\program files\Java
      2008-12-01 06:07 --------- d-----w c:\documents and settings\MollarMa\Application Data\Sametime
      2008-11-27 01:56 --------- d-----w c:\program files\Microsoft Silverlight
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-22 22:02 --------- d-----w c:\program files\SIAT Enterprise Client
      2008-10-16 18:09 --------- d-----w c:\program files\Ca
      2008-10-14 17:56 --------- d-----w c:\documents and settings\MollarMa\Application Data\CA
      2007-10-23 19:41 8 ----a-w c:\documents and settings\MollarMa\.bztarotcumul.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-12-09_20.05.32.21 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-10-16 13:09:44 92,696 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\cdm.dll
      + 2008-10-16 13:12:20 561,688 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuapi.dll
      + 2008-10-16 13:09:44 51,224 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe
      + 2008-10-16 13:13:40 1,809,944 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuaueng.dll
      + 2008-10-16 13:12:22 323,608 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wucltui.dll
      + 2008-10-16 13:08:58 34,328 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wups.dll
      + 2008-10-16 13:09:44 43,544 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wups2.dll
      + 2008-10-16 13:13:40 202,776 ------w c:\windows\SoftwareDistribution\SelfUpdate\Default\wuweb.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B12AD8C5-54BB-44B9-AA5C-822F47B4DB67}]
      2008-02-17 17:14 643584 --a------ c:\progra~1\SIATEN~1\SIAT4W~1.DLL

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{91A7F523-1183-4654-A577-0771992F1784}"= "c:\progra~1\SIATEN~1\SIAT4W~1.DLL" [2008-02-17 643584]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
      "CheckIt"="C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd" [2006-10-13 2676]
      "SIATEnterpriseClient"="c:\program files\SIAT Enterprise Client\SiatEnterpriseClient.exe" [2008-05-02 413696]
      "Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2005-01-06 712704]
      "Sametime Connect 7.5"="c:\program files\IBM\Sametime Connect 7.5\sametime.exe" [2006-07-30 249856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
      "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
      "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
      "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
      "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
      "SMS Application Launcher"="c:\windows\MS\SMS\CORE\BIN\LAUNCH32.EXE" [2003-02-23 73584]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2007-07-05 49212]
      "openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
      "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
      "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
      "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\IconAC76BA86.exe [2008-11-24 300032]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "disablecad"= 1 (0x1)
      "LogonType"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "HideLogonScripts"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "DisablePersonalDirChange"= 1 (0x1)
      "ForceStartMenuLogOff"= 1 (0x1)
      "NoSimpleStartMenu"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2008-02-29 19:13 27400 c:\program files\Ca\DSM\bin\cfWlogon.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2005-05-20 10:51 8704 c:\windows\system32\PCANotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=pvoqur.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "SENTINEL"= snti386.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-8915387-251426123-247139262-78991\Scripts\Logon\[u]0/u\[u]0/u]
      "Script"=TSGEUS_PSNonEC.bat

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
      "5556:TCP"= 5556:TCP:SafeBoot

      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-07-05 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\SBAlg.sys [2007-07-05 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2007-07-05 4752]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\SBFlop.sys [2007-07-05 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2007-07-05 14864]
      R2 caf;CA DSM r11 Common Application Framework.;"c:\program files\CA\DSM\bin\caf.exe" service [2008-02-29 193800]
      R2 FiberlinkMonitor;Fiberlink Monitor Service;"c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe" [2005-05-06 65604]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\SBMGRNT.EXE [2007-07-05 49212]
      R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
      R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-07-03 9433]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]
      R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-07-03 115680]
      R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
      S0 black;black;c:\windows\system32\drivers\BlackDrv.sys [2007-07-03 229367]
      S2 BlackICE;BlackICE;"c:\program files\BlackIce\blackd.exe" [2007-07-03 847872]
      S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-07-03 115680]
      S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [2003-08-06 73728]
      S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [2003-08-06 73728]
      S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Nortel Networks\Extranet_serv.exe" [2007-07-03 630784]
      S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\orant\bin\ONRSD.EXE [2000-01-25 408568]
      S3 RapFile;RapFile;\??\c:\windows\system32\drivers\RapFile.sys [2006-11-03 36676]
      S3 RapNet;RapNet;\??\c:\windows\system32\drivers\RapNet.sys [2006-11-03 24344]
      S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-06-15 115952]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4723d143-8d2f-11dc-9f8d-444553544200}]
      \Shell\AutoRun\command - F:\LaunchU3.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4723d14d-8d2f-11dc-9f8d-444553544200}]
      \Shell\AutoRun\command - F:\LaunchU3.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1ef4040-1c0a-11dd-a07f-444553544200}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c886f493-440f-11dd-a0d9-444553544200}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1D2908F4-2CC5-4F72-BAFF-9026CF04C227}]
      %systemroot\system32\msiexec.exe /i %systemroot%\options\packages\coreapps\pcinfo\pcinfo.msi /qb!

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{257AC5ED-A013-4E10-B3C0-099F5E8D8FC2}]
      %Sytemroot%\system32\msiexec.exe /i %Systemroot%\options\pacakges\coreapps\TSG Proxy\TSG Proxy Button.msi /qn

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A81200000003}]
      msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A81200000003} /qn

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4EE5E0C-25B9-4EDA-B36A-7D9E34D48308}]
      msiexec /fup {B4EE5E0C-25B9-4EDA-B36A-7D9E34D48308} /q

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E72B0C-1F6A-4C67-84D8-3F7743B87E37}]
      c:\windows\System32\msiexec.exe /i c:\windows\Options\Packages\CoreApps\GETemplates\GETemplatesGEE.msi /qb!

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DEED8232-C2B0-4517-A0A2-96D2886C1DC8}]
      c:\windows\system32\msiexec.exe /i c:\windows\options\packages\coreapps\STFixIE\STFixIE.msi /qb!
      .
      Contents of the 'Scheduled Tasks' folder

      2008-11-26 c:\windows\Tasks\At1.job
      - c:\windows\system32\GE\Scripts\GEChkDsk.bat [2005-10-03 12:20]

      2008-11-27 c:\windows\Tasks\At2.job
      - c:\windows\system32\GE\Scripts\AutoDefrag.bat [2005-10-03 13:19]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.a2articles.com
      uInternet Settings,ProxyOverride = <local>
      uInternet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
      IE: {7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\IEProxy.vbs c:\program files\TSG Proxy\IEProxy.vbs
      IE: {7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\IEProxy.vbs c:\program files\TSG Proxy\IEProxy.vbs - c:\program files\tsg proxy\ieproxy.vbs\inprocserver32 does not exist!
      Trusted Zone: *.ge.com
      Trusted Zone: *.supportcentral.ge.com
      Trusted Zone: time.infra.ge.com

      O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

      O16 -: Sametime MRC 651FP1 - hxxp://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
      c:\windows\Downloaded Program Files\Sametime MRC 651FP1.osd
      FireFox -: Profile - c:\documents and settings\MollarMa\Application Data\Mozilla\Firefox\Profiles\[u]0/u6qw7v53.default\
      FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
      FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
      FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
      FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
      FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
      FF -: plugin - c:\program files\Mozilla Firefox\plugins\npSton3D.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-09 21:24:18
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(1700)
      c:\windows\system32\BCMLogon.dll
      c:\program files\CA\DSM\Bin\cfwlogon.dll

      - - - - - - - > 'lsass.exe'(1756)
      c:\windows\System32\BCMLogon.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\WLTRYSVC.EXE
      c:\windows\system32\BCMWLTRY.EXE
      c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
      c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
      c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      c:\windows\system32\scardsvr.exe
      c:\program files\Ca\SC\CAM\bin\cam.exe
      c:\windows\MS\SMS\CORE\BIN\clisvcl.exe
      c:\program files\Symantec AntiVirus\DefWatch.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      c:\program files\Fiberlink\Extend360\ServiceMgr.exe
      c:\windows\MS\SMS\clicomp\apa\Bin\SMSAPM32.exe
      c:\program files\Symantec AntiVirus\Rtvscan.exe
      c:\windows\system32\wdfmgr.exe
      c:\windows\MS\SMS\clicomp\RemCtrl\Wuser32.exe
      c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      c:\program files\Ca\DSM\bin\cfsmsmd.exe
      c:\program files\Ca\DSM\bin\ccnfAgent.exe
      c:\program files\Fiberlink\Extend360\VPNSentry.exe
      c:\program files\Ca\DSM\bin\cfnotsrvd.exe
      c:\program files\Ca\DSM\bin\ccsmagtd.exe
      c:\program files\Ca\DSM\bin\amswmagt.exe
      c:\windows\MS\SMS\clicomp\SWDist32\bin\SMSMon32.exe
      c:\program files\Ca\DSM\PMAgent\capmuamagt.exe
      c:\program files\Ca\DSM\bin\cfFTPlugin.exe
      c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
      c:\windows\system32\wbem\unsecapp.exe
      .
      **************************************************************************
      .
      Completion time: 2008-12-09 21:28:49 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-12-09 20:28:45
      ComboFix2.txt 2008-12-09 19:06:48

      Pre-Run: 20,213,821,440 bytes free
      Post-Run: 20,177,989,632 octets libres

      277 --- E O F --- 2008-11-20 00:07:38
      0
    2. doublemolmol
       
      voici le log HIJACKTHIS

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:34, on 2008-12-09
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\CA\SC\CAM\bin\cam.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\SafeBoot\SBMGRNT.EXE
      C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
      C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
      C:\Program Files\CA\DSM\bin\caf.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\Program Files\CA\DSM\Bin\ccnfagent.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\stsystra.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
      C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
      C:\Program Files\OpenVPN\bin\openvpn-gui.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\CA\DSM\Bin\amswmagt.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe
      C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
      C:\Program Files\Microsoft Time Zone\TimeZone.exe
      C:\Program Files\CA\DSM\Bin\cfftplugin.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2articles.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
      R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {B12AD8C5-54BB-44B9-AA5C-822F47B4DB67} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
      O3 - Toolbar: &SIAT for Web - {91A7F523-1183-4654-A577-0771992F1784} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
      O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
      O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd
      O4 - HKCU\..\Run: [SIATEnterpriseClient] "C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe"
      O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
      O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect 7.5\sametime.exe"
      O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SMSCliSvcAcct&')
      O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [internat.exe] internat.exe (User 'SMSCliSvcAcct&')
      O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\RunOnce: [UserPrep] C:\Windows\System32\GE\Scripts\UserPrep.bat (User 'SMSCliSvcAcct&')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
      O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
      O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
      O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
      O15 - Trusted Zone: *.supportcentral.ge.com
      O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
      O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
      O15 - Trusted Zone: http://genet.ae.ge.com
      O15 - Trusted Zone: http://inside.ge.com
      O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
      O15 - Trusted Zone: http://ssqc.ge.com
      O15 - Trusted Zone: time.infra.ge.com
      O15 - Trusted Zone: *.ge.com
      O15 - Trusted Zone: https://www.orange.fr/portail
      O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O17 - HKLM\Software\..\Telephony: DomainName = fr-epe.geps.ge.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{34D14633-EF2F-42CA-B1F0-47FD0BD96E02}: Domain = fr-epe.geps.ge.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0550CF-9B02-46BF-AA17-236A32E9C293}: Domain = fr-epe.geps.ge.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C69BE8-B5CE-417B-B9AE-34C70FF023C6}: Domain = fr-epe.geps.ge.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: pvoqur.dll
      O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
      O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Max2U\fullhost\awhost32.exe
      O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\BlackIce\blackd.exe
      O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
      O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
      O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\LIC98RMT.exe
      O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\LIC98RMTD.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
      O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
      O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Orant\bin\ONRSD.EXE
      O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\BlackIce\RapApp.exe
      O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > doublemolmol
         
        branche ton appareil photo

        et



        --> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
        http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

        --> Lance l'installation avec les paramètres par défaut.

        --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

        --> Double-clique sur le raccourci UsbFix sur ton Bureau.

        --> Choisis l'option 1 (Nettoyage).

        --> Le PC va redémarrer.

        --> Après redémarrage, poste le rapport UsbFix.txt

        Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

        (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)


        _________

        puis remet un rapport hijakhcits et dis tes soucis actuels
        0
      2. doublemolmol > jlpjlp Messages postés 52399 Statut Contributeur sécurité
         
        voice le rapport usbfix



        -------------- UsbFix V2.413.3 ---------------

        * User : MollarMa - Y00188BC7D0E6
        * Outils mis a jours le 06/12/2008 par Chiquitine29 et Chimay8
        * Recherche effectuée à 6:38:28 le 2008-12-11
        * Windows Xp - Internet Explorer 6.0.2900.2180


        --------------- [ Processus actifs ] ----------------


        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\WLTRYSVC.EXE
        C:\WINDOWS\System32\bcmwltry.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
        C:\WINDOWS\System32\SCardSvr.exe
        C:\Program Files\CA\SC\CAM\bin\cam.exe
        C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        C:\Program Files\SafeBoot\SBMGRNT.EXE
        C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
        C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
        C:\Program Files\CA\DSM\bin\caf.exe
        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Program Files\Fiberlink\Extend360\VPNSentry.exe
        C:\Program Files\CA\DSM\Bin\ccnfagent.exe
        C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
        C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
        C:\Program Files\CA\DSM\Bin\amswmagt.exe
        C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
        C:\Program Files\CA\DSM\Bin\cfftplugin.exe
        C:\WINDOWS\MS\SMS\clicomp\SWDist32\bin\ODPUSR32.exe
        C:\WINDOWS\MS\SMS\clicomp\SWDist32\bin\ODPSys32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\system32\userinit.exe
        C:\Tmp\5.tmp\b2e.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe

        --------------- [ Informations lecteurs ] ----------------

        C: - Lecteur fixe

        D: - Lecteur fixe

        F: - Lecteur amovible


        --------------- [ Lecteur C ] ----------------

        C: - Lecteur fixe


        +- Listing des fichiers présents :

        [2007-07-05 10:12][--a------] C:\autoexec.bat
        [2004-08-04 03:38][-rahs----] C:\NTDETECT.COM
        [2008-12-08 19:51][--a------] C:\osy.exe
        [2008-12-08 19:51][--a------] C:\sbupdate_cp.exe
        [2008-12-09 19:49][-rahs----] C:\boot.ini
        [2008-12-09 19:49][-rahs----] C:\comply.ini
        [2008-12-09 21:28][--a------] C:\ComboFix.txt
        [2008-12-09 21:28][--a------] C:\MSNCleaner.txt
        [2008-12-09 21:28][--a------] C:\UsbFix.txt
        [2006-11-02 13:55][--a------] C:\CONFIG.SYS
        [2006-11-02 13:55][--a------] C:\hiberfil.sys
        [2006-11-02 13:55][--a------] C:\IO.SYS
        [2006-11-02 13:55][--a------] C:\MSDOS.SYS
        [2006-11-02 13:55][--a------] C:\pagefile.sys

        --------------- [ Lecteur D ] ----------------

        D: - Lecteur fixe


        +- Listing des fichiers présents :

        [2004-08-03 23:56][--a------] D:\setupSNK.exe

        --------------- [ Lecteur F ] ----------------

        F: - Lecteur amovible


        +- Listing des fichiers présents :


        --------------- [ Registre / Startup ] ----------------

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
        "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
        ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
        CheckIt=C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd
        SIATEnterpriseClient="C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe"
        Timezone="C:\Program Files\Microsoft Time Zone\TimeZone.exe"
        Sametime Connect 7.5="C:\Program Files\IBM\Sametime Connect 7.5\sametime.exe"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
        ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        vptray=C:\PROGRA~1\SYMANT~1\VPTray.exe
        igfxtray=C:\WINDOWS\system32\igfxtray.exe
        igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
        igfxpers=C:\WINDOWS\system32\igfxpers.exe
        SigmatelSysTrayApp=stsystra.exe
        Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
        SMS Application Launcher=C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
        SBMGRNT.EXE=C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
        openvpn-gui=C:\Program Files\OpenVPN\bin\openvpn-gui.exe
        QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
        LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
        LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
        Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
        UserFaultCheck=%systemroot%\system32\dumprep 0 -u
        HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
        <NO NAME>=
        HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
        Installed=1
        <NO NAME>=
        HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
        NoChange=1
        Installed=1
        <NO NAME>=
        HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
        Installed=1
        <NO NAME>=

        --------------- [ Registre / Mountpoint2 ] ----------------

        Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4723d143-8d2f-11dc-9f8d-444553544200}\Shell\AutoRun\command
        Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4723d14d-8d2f-11dc-9f8d-444553544200}\Shell\AutoRun\command
        Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ef4040-1c0a-11dd-a07f-444553544200}\Shell\AutoRun\command
        Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c886f493-440f-11dd-a0d9-444553544200}\Shell\AutoRun\command

        --------------- [ Nettoyage des disques ] ----------------

        Supprimé ! - [2006-11-08 14:44][--a------] C:\WINDOWS\autorun.ini
        Supprimé ! - [2008-12-08 19:51][--a------] C:\osy.exe

        --------------- [ Resumé ] ----------------

        -> /!\ Le resultat doit etre interprété par un spécialiste /!\

        [2007-07-05 10:12][--a------] C:\autoexec.bat
        [2004-08-04 03:38][-rahs----] C:\NTDETECT.COM
        [2008-03-25 15:03][--a------] C:\sbupdate_cp.exe
        [2008-12-09 19:49][-rahs----] C:\boot.ini
        [2008-12-09 19:49][-rahs----] C:\comply.ini
        [2004-08-03 23:56][--a------] D:\setupSNK.exe

        --------------- ! Fin du rapport ! ----------------
        0
      3. doublemolmol > jlpjlp Messages postés 52399 Statut Contributeur sécurité
         
        voici le rapport HijackThis:

        Je n'ai plus de souci, enfin tout va mieu et je n'ai plus d'affichage de page publicitaire, Merci BCP

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 06:43, on 2008-12-11
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\WLTRYSVC.EXE
        C:\WINDOWS\System32\bcmwltry.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
        C:\Program Files\CA\SC\CAM\bin\cam.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        C:\Program Files\SafeBoot\SBMGRNT.EXE
        C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
        C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
        C:\Program Files\CA\DSM\bin\caf.exe
        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
        C:\Program Files\CA\DSM\Bin\ccnfagent.exe
        C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
        C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
        C:\Program Files\CA\DSM\Bin\amswmagt.exe
        C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
        C:\Program Files\CA\DSM\Bin\cfftplugin.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
        R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
        O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: (no name) - {B12AD8C5-54BB-44B9-AA5C-822F47B4DB67} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
        O3 - Toolbar: &SIAT for Web - {91A7F523-1183-4654-A577-0771992F1784} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
        O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
        O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
        O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
        O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
        O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd
        O4 - HKCU\..\Run: [SIATEnterpriseClient] "C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe"
        O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
        O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect 7.5\sametime.exe"
        O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SMSCliSvcAcct&')
        O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [internat.exe] internat.exe (User 'SMSCliSvcAcct&')
        O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\RunOnce: [UserPrep] C:\Windows\System32\GE\Scripts\UserPrep.bat (User 'SMSCliSvcAcct&')
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
        O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
        O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
        O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
        O15 - Trusted Zone: *.supportcentral.ge.com
        O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
        O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
        O15 - Trusted Zone: http://genet.ae.ge.com
        O15 - Trusted Zone: http://inside.ge.com
        O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
        O15 - Trusted Zone: http://ssqc.ge.com
        O15 - Trusted Zone: time.infra.ge.com
        O15 - Trusted Zone: *.ge.com
        O15 - Trusted Zone: https://www.orange.fr/portail
        O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
        O17 - HKLM\Software\..\Telephony: DomainName = fr-epe.geps.ge.com
        O17 - HKLM\System\CCS\Services\Tcpip\..\{34D14633-EF2F-42CA-B1F0-47FD0BD96E02}: Domain = fr-epe.geps.ge.com
        O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0550CF-9B02-46BF-AA17-236A32E9C293}: Domain = fr-epe.geps.ge.com
        O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C69BE8-B5CE-417B-B9AE-34C70FF023C6}: Domain = fr-epe.geps.ge.com
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O20 - AppInit_DLLs: pvoqur.dll
        O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
        O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Max2U\fullhost\awhost32.exe
        O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\BlackIce\blackd.exe
        O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
        O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
        O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\LIC98RMT.exe
        O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\LIC98RMTD.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
        O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
        O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
        O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
        O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Orant\bin\ONRSD.EXE
        O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\BlackIce\RapApp.exe
        O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
        0
  4. maxmann
     
    salut! j'ai le meme probleme que toi!
    hier soir j'ai le meme virus sur msn. depuis c'est la cata, rien y fait, smithfraudfxn, avast, nettoyage de disque, réparation de windows, etc

    J'ai les mems symptomes que toi, pages pub, ouverture IE, plantage puis, apparation de la page www.a2articles.com a la place de www.google.fr

    j'ai aussi remarqué que ça touché le parametrage de IE car la fonction sécurité rencontre un bug, a chaque fois je mets blocage haut et je me retrouve aussitot en blocage bas...

    Je vais suivre de pret ton post car je suis en galere total.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. doublemolmol
     
    Merci pour ton aide. Je n'ai pas mon appareil photo et mon DD externe
    Je fais ca des que je rentre et je te transmets tout ca.

    Merci encore
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces fichiers sur virus total et si infecté tu les vires en allant dans poste de travail puis C

    https://www.virustotal.com/gui/

    C:\autoexec.bat
    C:\sbupdate_cp.exe
    C:\boot.ini
    C:\comply.ini
    D:\setupSNK.exe
    _____________

    relance hijakhcits, fias do a system scan only , selectionne ces lignes et fix les:

    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    _
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    _
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    _
    _

    _____________
    si tu ne connais pas les sites suivant, fixe les lignes avec hijakhcits (fix cheked):

    O15 - Trusted Zone: *.supportcentral.ge.com
    O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
    O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
    O15 - Trusted Zone: http://genet.ae.ge.com
    O15 - Trusted Zone: http://inside.ge.com
    O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
    O15 - Trusted Zone: http://ssqc.ge.com
    O15 - Trusted Zone: time.infra.ge.com
    O15 - Trusted Zone: *.ge.com
    O15 - Trusted Zone: https://www.orange.fr/portail

    O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

    _________________

    si tu as CA antivirus et norton antivirus , vire un des deux sinon l'ordi va planter!

    pour virer norton
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    ___________________

    ensuite mets a jour windows avec le sp3, adobe reader avec la version 9 et internet explorer avec la version 7
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    http://v4.windowsupdate.microsoft.com/fr/default.asp
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    remets un dernier hijakchits et dis tes soucis actuels
    0
    1. doublemolmol
       
      Je n'ai plus de souci,
      Je n'ai qu'un seul anti virus, Je vai efectué les mise a jour.
      Merci encore

      voila le log HijackThis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:53, on 2008-12-11
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\Program Files\CA\SC\CAM\bin\cam.exe
      C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\SafeBoot\SBMGRNT.EXE
      C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
      C:\Program Files\CA\DSM\bin\caf.exe
      C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fiberlink\Extend360\VPNSentry.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\stsystra.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
      C:\Program Files\CA\DSM\Bin\ccnfagent.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
      C:\Program Files\Microsoft Time Zone\TimeZone.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
      C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\CA\DSM\Bin\amswmagt.exe
      C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
      C:\Program Files\CA\DSM\Bin\cfftplugin.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {B12AD8C5-54BB-44B9-AA5C-822F47B4DB67} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
      O3 - Toolbar: &SIAT for Web - {91A7F523-1183-4654-A577-0771992F1784} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
      O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
      O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd
      O4 - HKCU\..\Run: [SIATEnterpriseClient] "C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe"
      O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
      O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect 7.5\sametime.exe"
      O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SMSCliSvcAcct&')
      O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [internat.exe] internat.exe (User 'SMSCliSvcAcct&')
      O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\RunOnce: [UserPrep] C:\Windows\System32\GE\Scripts\UserPrep.bat (User 'SMSCliSvcAcct&')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
      O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
      O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
      O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
      O15 - Trusted Zone: *.supportcentral.ge.com
      O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
      O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
      O15 - Trusted Zone: http://genet.ae.ge.com
      O15 - Trusted Zone: http://inside.ge.com
      O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
      O15 - Trusted Zone: http://ssqc.ge.com
      O15 - Trusted Zone: time.infra.ge.com
      O15 - Trusted Zone: *.ge.com
      O15 - Trusted Zone: https://www.orange.fr/portail
      O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O17 - HKLM\Software\..\Telephony: DomainName = fr-epe.geps.ge.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{34D14633-EF2F-42CA-B1F0-47FD0BD96E02}: Domain = fr-epe.geps.ge.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0550CF-9B02-46BF-AA17-236A32E9C293}: Domain = fr-epe.geps.ge.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C69BE8-B5CE-417B-B9AE-34C70FF023C6}: Domain = fr-epe.geps.ge.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: pvoqur.dll
      O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
      O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Max2U\fullhost\awhost32.exe
      O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\BlackIce\blackd.exe
      O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
      O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
      O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\LIC98RMT.exe
      O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\LIC98RMTD.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
      O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
      O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Orant\bin\ONRSD.EXE
      O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\BlackIce\RapApp.exe
      O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    par curiosité les fichiers analysées sur virus total étaient infectés?

    __________________

    pour virer ce qui a été utilsé:
    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.

    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    _________________

    Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

    * Désactivation :
    Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

    * Activation :
    Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

    bonne suite
    0
    1. doublemolmol
       
      Merci beaucoup de votre aide.
      Les fichiers etaient clean

      voila le rapport:
      [ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

      -->- Recherche:

      C:\Combofix.txt: trouvé !
      C:\MsnCleaner.txt: trouvé !
      C:\UsbFix.txt: trouvé !
      C:\SDFIX: trouvé !
      C:\!Killbox: trouvé !
      C:\Qoobox: trouvé !
      C:\Documents and Settings\All Users\Start Menu\Programs\IST\HijackThis: trouvé !
      C:\Documents and Settings\All Users\Start Menu\Programs\IST\HijackThis\HijackThis.lnk: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\HijackThis.lnk: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\MSNCleaner.zip: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\KillBox.exe: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\ComboFix.exe: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\HJTInstall.exe: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\UsbFix.exe: trouvé !
      C:\Documents and Settings\MollarMa\Desktop\UsbFix.lnk: trouvé !
      C:\Documents and Settings\MollarMa\Recent\HijackThis.lnk: trouvé !
      C:\Documents and Settings\MollarMa\Start Menu\Programs\UsbFix: trouvé !
      C:\Documents and Settings\MollarMa\Start Menu\Programs\UsbFix\UsbFix.lnk: trouvé !
      C:\Program Files\UsbFix: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
      C:\Program Files\UsbFix\UsbFix.exe: trouvé !
      C:\Program Files\UsbFix\Tools\NIRCMD.exe: trouvé !
      C:\WINDOWS\NIRCMD.exe: trouvé !
      C:\WINNT\NIRCMD.exe: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\All Users\Start Menu\Programs\IST\HijackThis\HijackThis.lnk: supprimé !
      C:\Documents and Settings\MollarMa\Desktop\HijackThis.lnk: supprimé !
      C:\Documents and Settings\MollarMa\Desktop\MSNCleaner.zip: supprimé !
      C:\Documents and Settings\MollarMa\Desktop\KillBox.exe: supprimé !
      C:\Documents and Settings\MollarMa\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
      C:\Documents and Settings\MollarMa\Desktop\HJTInstall.exe: supprimé !
      C:\Documents and Settings\MollarMa\Recent\HijackThis.lnk: supprimé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\Combofix.txt: supprimé !
      C:\MsnCleaner.txt: supprimé !
      C:\UsbFix.txt: supprimé !
      C:\Documents and Settings\MollarMa\Desktop\UsbFix.exe: supprimé !
      C:\Documents and Settings\MollarMa\Desktop\UsbFix.lnk: supprimé !
      C:\Documents and Settings\MollarMa\Start Menu\Programs\UsbFix\UsbFix.lnk: supprimé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
      C:\Program Files\UsbFix\UsbFix.exe: supprimé !
      C:\Program Files\UsbFix\Tools\NIRCMD.exe: supprimé !
      C:\WINDOWS\NIRCMD.exe: supprimé !
      C:\SDFIX: supprimé !
      C:\!Killbox: supprimé !
      C:\Qoobox: supprimé !
      C:\Documents and Settings\All Users\Start Menu\Programs\IST\HijackThis: supprimé !
      C:\Documents and Settings\MollarMa\Start Menu\Programs\UsbFix: supprimé !
      C:\Program Files\UsbFix: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      0