J'ai fait ce que tu m'as demandé,
MAIS:
Combofix n'a pas relancé le pc
j'ai récupéré le log,
le pc a planté.....
je l'ai relancé mais il a booté 6 fois avant de démarrer.
ci-joint le log Combofix:
ComboFix 08-02-18.1 - BERNARD 18/02/2008 21:03:04.2 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.204 [GMT 1:00]
Endroit: C:\Documents and Settings\BERNARD\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\BERNARD\Bureau\CFScript.txt
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
/b/color
FILE ::
C:\WINNT\BMc74219a4.xml
C:\WINNT\pskt.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\BMc74219a4.xml
C:\WINNT\pskt.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 21:03 . 18/02/08 21:03 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3e0.dat
2008-02-18 17:17 . 18/02/08 17:17 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_274.dat
2008-02-18 17:10 . 18/02/08 17:10 <DIR> d-------- C:\_OTMoveIt
2008-02-18 15:24 . 05/09/07 22:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-02-18 15:24 . 16/02/08 19:46 85,504 --a------ C:\WINNT\system32\VACFix.exe
2008-02-18 15:24 . 08/02/08 10:37 82,432 --a------ C:\WINNT\system32\IEDFix.exe
2008-02-18 15:24 . 03/10/07 22:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-02-11 14:40 . 11/02/08 14:40 <DIR> d-------- C:\WINNT\winsxs
2008-01-28 16:47 . 28/01/08 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 16:45 . 28/01/08 16:45 <DIR> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-28 09:38 . 03/03/99 05:01 212,440 --a------ C:\WINNT\system32\DBCLIENT.DLL
2008-01-28 09:38 . 10/05/01 17:00 184,320 --a------ C:\WINNT\system32\BDEADMIN.CPL
2008-01-28 09:38 . 28/01/08 15:06 13,030 --a------ C:\PDOXUSRS.NET
2008-01-28 09:37 . 28/01/08 09:37 <DIR> d-------- C:\Program Files\ZebHelpProcess 2
2008-01-18 10:37 . 22/01/08 17:09 <DIR> d-------- C:\smileys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 14:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-15 21:42 --------- d-----w C:\Documents and Settings\BERNARD\Application Data\OpenOffice.org2
2008-02-11 14:13 2,399,232 ----a-w C:\WINNT\Internet Logs\xDB6.tmp
2008-02-11 13:40 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-01 18:01 --------- d-----w C:\Documents and Settings\BERNARD\Application Data\Vso
2008-01-29 19:45 2,390,016 ----a-w C:\WINNT\Internet Logs\xDB5.tmp
2008-01-28 15:47 --------- d-----w C:\Program Files\Lavasoft
2008-01-17 09:39 --------- d-----w C:\Program Files\Rapide Créateur D'Icône
2008-01-16 16:55 3,026,432 ----a-w C:\WINNT\Internet Logs\xDB3.tmp
2008-01-16 16:55 2,351,616 ----a-w C:\WINNT\Internet Logs\xDB4.tmp
2008-01-07 13:04 --------- d-----w C:\Program Files\PDFCreator
2008-01-04 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 15:15 --------- d-----w C:\Program Files\Radio Fr Solo
2008-01-01 10:29 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2007-12-31 16:02 --------- d-----w C:\Program Files\PowerArchiver
2007-12-31 10:20 22 ----a-w C:\WINNT\system32\drivers\adidsl.cfg
2007-12-31 10:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 10:20 --------- d-----w C:\Program Files\SAGEM
2007-12-25 10:40 --------- d-----w C:\Program Files\Share_Accelerator_MM
2007-12-23 12:07 --------- d-----w C:\Program Files\Zapu
2007-12-22 22:56 --------- d-----w C:\Program Files\ACD
2007-12-22 21:35 --------- d-----w C:\Documents and Settings\BERNARD\Application Data\ACD Systems
2007-12-22 21:23 9,856 ----a-w C:\WINNT\system32\drivers\pfc.sys
2007-12-22 21:23 --------- d-----w C:\Program Files\ACD Systems
2007-12-22 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-12-22 20:52 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-22 20:45 639,224 ----a-w C:\WINNT\system32\drivers\sptd.sys
2007-12-10 17:12 581,120 ----a-w C:\WINNT\system32\WININET.DLL
2007-12-05 10:40 631,056 ------w C:\WINNT\system32\OLEAUT32.DLL
2007-12-04 13:04 837,496 ----a-w C:\WINNT\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINNT\system32\AvastSS.scr
2007-10-23 15:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-23 15:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-08-05 19:47 3,001,344 ----a-w C:\WINNT\Internet Logs\xDB2.tmp
2007-08-05 08:46 770,048 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2007-06-05 15:16 1,989 ---h--w C:\Documents and Settings\BERNARD\Application Data\SCPSP5.DLL
2007-06-02 19:14 1,519 --sh--r C:\Documents and Settings\BERNARD\Application Data\SCPSS5.DLL
2005-11-22 07:39 630 ----a-w C:\Program Files\UTILISAT.DBF
2005-11-22 07:39 516 ----a-w C:\Program Files\reseau.net
2005-11-22 07:39 4,608 ----a-w C:\Program Files\UTILISAT.CDX
2005-11-22 07:39 262,208 ----a-w C:\Program Files\WKGU0000.vds
2005-11-22 07:39 2,064 ----a-w C:\Program Files\WKSYS.vds
2005-11-22 07:38 106 ----a-w C:\Program Files\CRUN.BIN
2005-10-19 15:06 271 ---h--w C:\Program Files\desktop.ini
2005-10-19 15:06 22,115 ---h--w C:\Program Files\folder.htt
2001-05-08 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2000-07-13 15:04 360,512 ----a-w C:\Program Files\WKRES.vds
1979-12-31 23:00 6,464 ----a-w C:\Program Files\WKPRO.vds
1979-12-31 23:00 34,112 ----a-w C:\Program Files\WKPRN.vds
.
[code]<pre>
----a-w 9,846,488 2005-11-09 13:26:04 C:\COPIE PORTABLE DU 22_08_06\Téléchargements\Telechargements\AVAST .exe
</pre>
/code
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19/06/03 12:05 111888 C:\WINNT\system32\mobsync.exe]
"UpdReg"="C:\WINNT\UpdReg.EXE" [11/05/00 00:00 90112]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/03/07 23:02 919280]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/07 14:00 79224]
"nwiz"="nwiz.exe" [13/04/04 14:25 782336 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [13/04/04 14:25 46080]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/07 15:53 88024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/08 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [08/05/01 01:00 20752 C:\WINNT\system32\internat.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [28/09/07 02:17 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [19/06/03 13:05 189712]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-08 17:27:33 110592]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-31 11:20:23 954481]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-09-06 22:25:55 118784]
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-10-19 17:36:10 544768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPSJ5 Polling Driver"=C:\SCNJET5S\hpsjpl32.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\WINNT\system32\NeroCheck.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"WINDVDPatch"=CTHELPER.EXE
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [04/12/07 15:56 ]
R2 SkParCls;SkParCls;C:\WINNT\system32\drivers\SkParCls.sys [05/01/97 12:37 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [18/04/02 04:46 ]
S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [25/10/02 13:42 ]
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [30/10/02 13:35 ]
S3 Usblink;Usblink Driver;C:\WINNT\system32\Drivers\ulink.sys [08/08/03 10:07 ]
S3 USBSAMP;Link based USB Mass Storage Driver;C:\WINNT\system32\DRIVERS\OnStor2K.SYS [19/04/00 05:34 ]
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [30/07/02 15:42 ]
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 08:00:00 C:\WINNT\Tasks\SyncBack BANQUES.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2008-02-18 08:00:00 C:\WINNT\Tasks\SyncBack VELO.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.ex
- C:\Program Files\2BrightSparks\SyncBack
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-18 21:05:19
Windows 5.0.2195 Service Pack 4 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 18/02/2008 21:06:24
ComboFix-quarantined-files.txt 2008-02-18 20:06:15
ComboFix2.txt 2008-02-18 17:37:20
.
2008-02-14 08:36:38 --- E O F ---
ET LE LOG HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:08, on 18/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\BERNARD\Mes documents\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tiscali.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/3012fd8a724a9f064005/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
http://config.zebulon.fr/plugins/hardwaredetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC06ABC-98AA-415A-B132-402B1B781B9C}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FC06ABC-98AA-415A-B132-402B1B781B9C}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
