Bonjour Bernard53,
J'ai exactement le même problème que Matheous. XP smart security a "envahi" mon ordinateur, je ne peux plus lancer aucun .exe, ni internet explorer etc Hier même firefox ne marchait. Aujourd'hui, c'est possible. J'ai suivi ce que tu proposais dans ton message. J'ai obtenu le rapport suivant
ComboFix 10-03-27.03 - LenaL 28/03/2010 14:35:46.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.503.166 [GMT 2:00]
Lancé depuis: c:\documents and settings\LenaL\Bureau\ComboFix.com
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LenaL\Local Settings\Application Data\av.exe
c:\documents and settings\LenaL\Local Settings\Application Data\ave.exe
c:\documents and settings\LenaL\Local Settings\Temporary Internet Files\ks3abP25.jpg
c:\documents and settings\LenaL\Local Settings\Temporary Internet Files\u0ryc215.jpg
c:\documents and settings\LenaL\Local Settings\Temporary Internet Files\V0HFLck5.jpg
c:\documents and settings\LenaL\Local Settings\Temporary Internet Files\w8K8G2Cy.jpg
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-28 ))))))))))))))))))))))))))))))))))))
.
2010-03-28 12:04 . 2010-03-28 12:13 -------- d-----w- C:\32788R22FWJFW
2010-03-26 18:44 . 2010-03-26 18:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-26 18:23 . 2010-03-26 21:10 -------- d-----w- c:\windows\BDOSCAN8
2010-03-23 09:42 . 2010-03-23 09:42 -------- d-sh--w- c:\documents and settings\LenaL\IECompatCache
2010-03-23 09:37 . 2010-03-23 09:37 -------- d-sh--w- c:\documents and settings\LenaL\PrivacIE
2010-03-23 09:28 . 2010-03-23 09:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-23 09:26 . 2010-03-23 09:26 -------- d-sh--w- c:\documents and settings\LenaL\IETldCache
2010-03-22 21:25 . 2010-03-23 09:42 -------- d-----w- c:\windows\ie8updates
2010-03-22 21:22 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-22 21:22 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-22 21:18 . 2010-03-22 21:22 -------- dc-h--w- c:\windows\ie8
2010-03-22 14:53 . 2010-03-26 17:19 204800 --sha-w- c:\documents and settings\LenaL\Local Settings\Application Data\324687302.dll
2010-03-21 20:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 18:21 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 22:19 . 2010-03-06 22:19 -------- d-----w- c:\documents and settings\LenaL\Application Data\YouSendIt
2010-03-06 22:17 . 2010-03-06 22:17 -------- d-----w- c:\program files\YouSendIt
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 19:35 . 2009-09-02 20:04 1 ----a-w- c:\documents and settings\LenaL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-10 22:23 . 2009-10-16 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 07:38 . 2009-12-18 10:05 -------- d-----w- c:\documents and settings\LenaL\Application Data\vlc
2010-03-06 22:17 . 2005-12-06 20:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-29 14:19 . 2006-01-08 15:31 49152 ----a-r- c:\documents and settings\LenaL\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\NewShortcut4_81A349029D0B4920A25C4CDC5D14B328.exe
2010-01-29 14:19 . 2006-01-08 15:31 14278 ----a-r- c:\documents and settings\LenaL\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\PaintShopPro8_TryAndBuy.exe
2010-01-29 14:19 . 2006-01-08 15:31 57344 ----a-r- c:\documents and settings\LenaL\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2010-01-29 14:19 . 2006-01-08 15:31 14278 ----a-r- c:\documents and settings\LenaL\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\ARPPRODUCTICON.exe
2010-01-29 14:19 . 2006-01-08 15:31 57344 ----a-r- c:\documents and settings\LenaL\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2009-12-31 16:14 . 2005-12-06 19:42 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-19 16:47 . 2007-09-01 19:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-19 16:47 . 2007-09-01 19:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-19 16:47 . 2007-09-01 19:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-19 16:47 . 2007-09-01 19:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-19 16:47 . 2007-09-01 19:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2010-01-27 82432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 393216]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-08-01 610304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-05 707360]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-02 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-14 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\LenaL\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-12-26 962663]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 18:08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 18:08 20560]
.
Contenu du dossier 'Tâches planifiées'
2007-09-10 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-01-13 01:48]
2007-09-15 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2007-09-10 23:38]
2005-12-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 12:00]
2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{7D843B6A-A7E6-46C2-A675-63AD9478895F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.fr/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} -
hxxp://www.pixdiscount.fr/clients/ImageUploader3.cabFF - ProfilePath - c:\documents and settings\LenaL\Application Data\Mozilla\Firefox\Profiles\3334varw.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage -
hxxp://www.alterseek.com/FF - component: c:\documents and settings\LenaL\Application Data\Mozilla\Firefox\Profiles\3334varw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-WgaLogon - (no file)
AddRemove-La cellule 3D_is1 - c:\program files\cell3D\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-28 14:49
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2259279164-1994661684-1021846694-1006\Software\Microsoft\MessengerService\GroupStateCacheU\!± *U<±!±]
"Name"=hex:13,21,b1,03,20,00,55,04,3c,04,b1,03,13,21,b1,03,00,00
"Collapsed"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2010-03-28 14:56:53
ComboFix-quarantined-files.txt 2010-03-28 12:56
Avant-CF: 5 302 009 856 octets libres
Après-CF: 5 307 486 208 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - C3E3B4612E633C5579D91CBD1447640E
Que dois-je faire maintenant pour enlever ce rogue de mon PC???
Merci par avance de ton aide
Bien cordialement
EDIT Skynet : Topic divisé de l'original.