Help

Salut tout le monde,
ça fait trois jours que je me promène sur les forums dans l'espoir de trouver les manips pour débarasser de mes virus ....
je suis apparement bien infecté avec des messages d'alertes windows (critical system warning, vous etes infecté par ...) et des fenetres IE qui s'ouvrent tout le temps pour me vendre des antivirus ...

voici mon rapport smitfraudx

SmitFraudFix v2.240

Rapport fait à 17:49:48,85, 19/10/2007
Executé à partir de C:\Documents and Settings\R4D4\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterInstallMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\R4D4

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\R4D4\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\R4D4\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{60B2B19C-06B9-45AF-ACDD-25F077AFFB0A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{60B2B19C-06B9-45AF-ACDD-25F077AFFB0A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{60B2B19C-06B9-45AF-ACDD-25F077AFFB0A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

et aussi celui de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 17:51:45, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterInstallMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\Documents and Settings\R4D4\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vgxpeflk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemFirewall] C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'tasp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0351375640
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

quelqu'un pourrait-il m'aider à partir de là ?

merci d'avance

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Infection Vundo :

Fais ces manips dans l’ordre :

1/ Télécharge VundoFix.exe :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (par sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en scanner.exe)

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

ok, tout d'abord merci de le réponse rapide
voici les rapports

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:11:44 19/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\kdytafkm.dll
C:\WINDOWS\system32\vgxpeflk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\kdytafkm.dll
C:\WINDOWS\system32\kdytafkm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vgxpeflk.dll
C:\WINDOWS\system32\vgxpeflk.dll Has been deleted!

Performing Repairs to the registry.
Done!

et maintenant combofix !

ComboFix 07-10-19.1 - R4D4 2007-10-19 18:40:45.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.583 [GMT 2:00]
Running from: C:\Documents and Settings\R4D4\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Bureau\AntiSpywareBot.lnk
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\DataBase.ref
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Log\2007 Oct 19 - 05_22_54 PM_250.log
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Log\2007 Oct 19 - 05_22_56 PM_078.log
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Log\2007 Oct 19 - 06_24_19 PM_281.log
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Log\2007 Oct 19 - 06_27_19 PM_171.log
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Log\2007 Oct 19 - 06_36_25 PM_031.log
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\R4D4\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Program Files\AntiSpywareBot
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe
C:\Program Files\AntiSpywareBot\AntiSpywareBot.url
C:\Program Files\AntiSpywareBot\Launcher.exe
C:\Program Files\AntiSpywareBot\unins000.dat
C:\Program Files\AntiSpywareBot\unins000.exe
C:\Program Files\Hammer.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\fccysjjf.dll
C:\WINDOWS\system32\fjjsyccf.ini
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))))))))
.

2007-10-19 18:11 <REP> d-------- C:\VundoFix Backups
2007-10-19 17:39 <REP> d-------- C:\Program Files\Common Files
2007-10-19 17:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2007-10-19 17:17 <REP> d-------- C:\Program Files\XoftSpySE
2007-10-19 17:02 <REP> d-------- C:\Program Files\Pando Networks
2007-10-19 17:02 <REP> d-------- C:\Program Files\MalWareGuard
2007-10-18 00:50 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\Grisoft
2007-10-18 00:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\Voisinage r‚seau
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\Voisinage d'impression
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\ModŠles
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Mes documents
2007-10-17 22:55 <REP> dr------- C:\Documents and Settings\Administrateur.R3D3\Menu D‚marrer
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Favoris
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Bureau
2007-10-15 20:14 <REP> d-------- C:\Program Files\Macromedia
2007-10-15 20:14 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-06 16:25 <REP> d-------- C:\Program Files\Cossacks
2007-10-04 17:28 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\My Games
2007-10-04 17:13 <REP> d-------- C:\Program Files\Cossacks - The Art Of War
2007-10-04 17:12 <REP> d-------- C:\Program Files\THQ
2007-09-22 23:07 <REP> d-------- C:\Program Files\Firaxis Games
2007-09-22 23:03 <REP> d-------- C:\Program Files\MagicDisc
2007-09-22 20:01 <REP> d-------- C:\Program Files\CDisplay
2007-09-22 16:14 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\jomic
2007-09-22 16:13 <REP> d-------- C:\Program Files\Jomic

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-19 16:37 821 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-19 16:37 --------- d-----w C:\Documents and Settings\R4D4\Application Data\OpenOffice.org2
2007-10-19 16:30 --------- d-----w C:\Program Files\Google
2007-10-19 15:38 --------- d-----w C:\Program Files\Yahoo!
2007-10-17 23:08 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-17 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-16 18:44 --------- d-----w C:\Documents and Settings\R4D4\Application Data\Azureus
2007-10-16 12:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 22:34 --------- d-----w C:\Program Files\Azureus
2007-10-10 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 15:11 --------- d-----w C:\Program Files\SpeedFan
2007-09-20 16:27 --------- d-----w C:\Program Files\eMule
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-04 23:46 92,544 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2007-06-13 13:22:28 152,576 --sh--r C:\WINDOWS\system32\lijcwh.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nForce Tray Options"="sstray.exe" [2003-08-13 13:25 C:\WINDOWS\system32\sstray.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SystemFirewall"="C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe" [2007-05-31 16:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 12:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawtt]
fccawtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstts.dll

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 Tahi;Tahi;\??\C:\WINDOWS\system32\Drivers\Tahi.sys
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d530b3a0-b2e0-11db-91b2-0050bac55bab}]
AutoRun\command - G:\Setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-10 10:51:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-19 15:17:18 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-10-19 15:17:18 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 18:52:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-19 18:55:54 - machine was rebooted
.
--- E O F ---

at last but not at least hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:02, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\R4D4\Bureau\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemFirewall] C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'tasp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0351375640
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: fccawtt - fccawtt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

comment ça se présente ?
(je n'ai pas eu de nouvelles fenetres intempestives, mais dois je m'y fier ?)
merci encore

Répondre à MrDR

Re,

C'est presque bon.

Télécharge ZebRestore
Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l’exe.
Coche :
- Policies
Clique sur Restaurer. Ferme le programme.

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\fccawtt.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\lijcwh.exe

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawtt]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

tout ça m'a prit un peu de temps,
soudainement mon ordi me demandait des mots de passe
et quand j'essayais d'ouvrir une session j'avais le message suivant :
"impossible d'ouvrir une session le nombre de compte est limité",
même probleme en mode sans échecs, impossible d'ouvrir le compte administrateur ...
du coup je viens de réussir à démarer en demandant la dernière config système valide ...
le log que combofix viend de me donner est le suivant :
ComboFix 07-10-19.1 - R4D4 2007-10-19 20:07:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.696 [GMT 2:00]
Running from: C:\Documents and Settings\R4D4\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\R4D4\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\fccawtt.dll
C:\WINDOWS\system32\lijcwh.exe
C:\WINDOWS\system32\sstts.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\kdytafkm.dll.bad
C:\VundoFix Backups\vgxpeflk.dll.bad
C:\WINDOWS\system32\lijcwh.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-20 to 2007-10-20 ))))))))))))))))))))))))))))))))))))
.

2007-10-19 18:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 17:39 <REP> d-------- C:\Program Files\Common Files
2007-10-19 17:17 <REP> d-------- C:\Program Files\XoftSpySE
2007-10-19 17:02 <REP> d-------- C:\Program Files\Pando Networks
2007-10-19 17:02 <REP> d-------- C:\Program Files\MalWareGuard
2007-10-19 17:02 86,912 --a------ C:\WINDOWS\system32\tasp.dll
2007-10-19 17:02 36,864 --a------ C:\WINDOWS\system32\Tasi.dll
2007-10-19 17:02 31,376 --a------ C:\WINDOWS\system32\drivers\Tahi.sys
2007-10-18 00:50 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\Grisoft
2007-10-18 00:38 2,166 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-18 00:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-18 00:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\Voisinage r‚seau
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\Voisinage d'impression
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\ModŠles
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Mes documents
2007-10-17 22:55 <REP> dr------- C:\Documents and Settings\Administrateur.R3D3\Menu D‚marrer
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Favoris
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Bureau
2007-10-17 11:18 389,184 --a------ C:\WINDOWS\system32\nimmkwfi.exe
2007-10-15 20:14 <REP> d-------- C:\Program Files\Macromedia
2007-10-15 20:14 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-06 16:25 <REP> d-------- C:\Program Files\Cossacks
2007-10-04 17:28 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\My Games
2007-10-04 17:13 <REP> d-------- C:\Program Files\Cossacks - The Art Of War
2007-10-04 17:12 <REP> d-------- C:\Program Files\THQ
2007-09-22 23:07 <REP> d-------- C:\Program Files\Firaxis Games
2007-09-22 23:03 <REP> d-------- C:\Program Files\MagicDisc
2007-09-22 23:03 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-09-22 20:01 <REP> d-------- C:\Program Files\CDisplay
2007-09-22 16:14 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\jomic
2007-09-22 16:13 <REP> d-------- C:\Program Files\Jomic

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 16:40 1,155 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-19 17:55 --------- d-----w C:\Documents and Settings\R4D4\Application Data\Azureus
2007-10-19 17:26 --------- d-----w C:\Program Files\Google
2007-10-19 16:55 --------- d-----w C:\Documents and Settings\R4D4\Application Data\OpenOffice.org2
2007-10-19 15:38 --------- d-----w C:\Program Files\Yahoo!
2007-10-17 23:08 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-17 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-16 12:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 22:34 --------- d-----w C:\Program Files\Azureus
2007-10-10 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 15:11 --------- d-----w C:\Program Files\SpeedFan
2007-09-20 16:27 --------- d-----w C:\Program Files\eMule
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-19_18.54.51.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-20 16:51:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_138.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nForce Tray Options"="sstray.exe" [2003-08-13 13:25 C:\WINDOWS\system32\sstray.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SystemFirewall"="C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe" [2007-05-31 16:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 12:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 Tahi;Tahi;\??\C:\WINDOWS\system32\Drivers\Tahi.sys
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d530b3a0-b2e0-11db-91b2-0050bac55bab}]
AutoRun\command - G:\Setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-10 10:51:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 18:52:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 18:56:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-19 18:55
.
--- E O F ---

et celui de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:05, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\R4D4\Bureau\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemFirewall] C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'tasp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0351375640
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

j'attend la suite
merci encore

Répondre à MrDR

Bien.

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\nimmkwfi.exe

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

Toujorus ce problème de mot de passe?

Relance HiJackThis, do a system scan only, coche cette lignes :

O10 - Broken Internet access because of LSP provider 'tasp.dll' missing

Puis Fix Checked !

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

ComboFix 07-10-19.1 - R4D4 2007-10-20 19:29:25.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
Running from: C:\Documents and Settings\R4D4\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\R4D4\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\nimmkwfi.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nimmkwfi.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-20 to 2007-10-20 ))))))))))))))))))))))))))))))))))))
.

2007-10-19 18:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 17:39 <REP> d-------- C:\Program Files\Common Files
2007-10-19 17:17 <REP> d-------- C:\Program Files\XoftSpySE
2007-10-19 17:02 <REP> d-------- C:\Program Files\Pando Networks
2007-10-19 17:02 <REP> d-------- C:\Program Files\MalWareGuard
2007-10-19 17:02 86,912 --a------ C:\WINDOWS\system32\tasp.dll
2007-10-19 17:02 36,864 --a------ C:\WINDOWS\system32\Tasi.dll
2007-10-19 17:02 31,376 --a------ C:\WINDOWS\system32\drivers\Tahi.sys
2007-10-18 00:50 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\Grisoft
2007-10-18 00:38 2,166 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-18 00:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-18 00:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\Voisinage r‚seau
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\Voisinage d'impression
2007-10-17 22:55 <REP> d--h----- C:\Documents and Settings\Administrateur.R3D3\ModŠles
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Mes documents
2007-10-17 22:55 <REP> dr------- C:\Documents and Settings\Administrateur.R3D3\Menu D‚marrer
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Favoris
2007-10-17 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.R3D3\Bureau
2007-10-15 20:14 <REP> d-------- C:\Program Files\Macromedia
2007-10-15 20:14 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-06 16:25 <REP> d-------- C:\Program Files\Cossacks
2007-10-04 17:28 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\My Games
2007-10-04 17:13 <REP> d-------- C:\Program Files\Cossacks - The Art Of War
2007-10-04 17:12 <REP> d-------- C:\Program Files\THQ
2007-09-22 23:07 <REP> d-------- C:\Program Files\Firaxis Games
2007-09-22 23:03 <REP> d-------- C:\Program Files\MagicDisc
2007-09-22 23:03 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-09-22 20:01 <REP> d-------- C:\Program Files\CDisplay
2007-09-22 16:14 <REP> d-------- C:\Documents and Settings\R4D4\Application Data\jomic
2007-09-22 16:13 <REP> d-------- C:\Program Files\Jomic

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 17:27 --------- d-----w C:\Documents and Settings\R4D4\Application Data\Azureus
2007-10-20 16:54 --------- d-----w C:\Documents and Settings\R4D4\Application Data\OpenOffice.org2
2007-10-20 16:40 1,155 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-19 17:26 --------- d-----w C:\Program Files\Google
2007-10-19 15:38 --------- d-----w C:\Program Files\Yahoo!
2007-10-17 23:08 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-17 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-16 12:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 22:34 --------- d-----w C:\Program Files\Azureus
2007-10-10 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 15:11 --------- d-----w C:\Program Files\SpeedFan
2007-09-20 16:27 --------- d-----w C:\Program Files\eMule
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-22 13:13 663,040 ----a-w C:\WINDOWS\system32\wininet(2).dll
2007-08-22 13:13 617,472 ----a-w C:\WINDOWS\system32\urlmon(2).dll
2007-08-22 13:13 474,624 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
2007-08-22 13:13 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-19_18.54.51.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-20 16:51:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_138.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nForce Tray Options"="sstray.exe" [2003-08-13 13:25 C:\WINDOWS\system32\sstray.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SystemFirewall"="C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe" [2007-05-31 16:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 12:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 Tahi;Tahi;\??\C:\WINDOWS\system32\Drivers\Tahi.sys
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d530b3a0-b2e0-11db-91b2-0050bac55bab}]
AutoRun\command - G:\Setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-10 10:51:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 19:33:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 19:34:42
C:\ComboFix2.txt ... 2007-10-20 18:56
C:\ComboFix3.txt ... 2007-10-19 18:55
.
--- E O F ---

Répondre à MrDR

le rapport combofix est ci dessus,
il n y a pas eu de redémarage

Répondre à MrDR

Hijackthis me dit qu'il ne peut pas fixer le problème mais me redirige vers un autre programme, je suis ses indications ?

Répondre à MrDR

Vers quel logiciel ? Ne le suis pas.
Reposte un Hijackthis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut,
mes anciens symptomes ont tous disparus mais j'ai maintenant une instabilité système avec des crash/ecrans bleus de manière ponctuelle

Logfile of HijackThis v1.99.1
Scan saved at 20:24, on 24/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\R4D4\Bureau\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemFirewall] C:\Program Files\MalWareGuard\SystemFirewall\SystemFirewall.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'tasp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0351375640
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Répondre à MrDR

Des crash ..
Tu peux essayer une réparation windows -si tu as le cd- ?

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Donne ton avis en vidéo

Messages similaires

Dans l'actualité

Nouvelle version pour iTunes

GetRight 4.5d [MAJ]

Kazaa Lite 2.0

AOL 8.0 Finale US

Les téléchargements

Les derniers dossiers

Test : Nokia N97, un vrai clavier, du Wi-Fi, un grand écran tactile...

Les bonnes raisons pour ne pas passer à l'iPhone 3G S

Faut-il craquer pour une TV à Led ?

Clés USB : capacité ou vitesse, le comparatif

Téléchargement

Liens commerciaux

Attention