virus msn, ta tof fait koi sur ce site ? [RESOLU]

[chniout]

Bonjour,

J'ai attrapé un virus sur msn il y a qq jours et je me suis débarrassé de bcp de fichiers infectés mais il en reste encore, je suis pas très doué en informatik, g tenté de suivre les 3 étapes qui étaient recommandées sur le forum (msnfix sdfix et hijackthis). Je vous envoie les rapports de celles ci. Merci de votre aide.

________________________________________________________________________________

_

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 18:26:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqaply]

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"\??\C:\WINDOWS\Help\hqaply.chm"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqaply\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lagednick]

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"\??\C:\WINDOWS\Help\lagednick.chm"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lagednick\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hqaply]

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"\??\C:\WINDOWS\Help\hqaply.chm"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hqaply\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lagednick]

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"\??\C:\WINDOWS\Help\lagednick.chm"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lagednick\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 508

 

_____________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:16:33, on 21/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Romain\Bureau\HiJackThis.exe

 

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 2187 bytes

Modifié le 24 mars 2008 par chniout

[angelique]

Bizarre le rapport HJT !! en plus il manque le rapport msnfix et sdfix .............. comme tu les as utilisés.

 

Pas d'antivirus??? t'en a eu marre de l'entendre couiner??

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau sous le nom Combo-Fix

tu le renommes directement dans la fenetre de dialogue d'enregistrement

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

[chniout]

Bizarre le rapport HJT !! en plus il manque le rapport msnfix et sdfix .............. comme tu les as utilisés.

 

Pas d'antivirus??? t'en a eu marre de l'entendre couiner??

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau sous le nom Combo-Fix

tu le renommes directement dans la fenetre de dialogue d'enregistrement

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

 

 

 

merci de votre réponse, euh je possède avast !

 

voici le rapport de combofix

 

(PS : je fais les transferts de rapports via une clé usb, je ne suis pas connecté sur le pc infecté)

________________________________________________________________________________

_____________________________

ComboFix 08-03-21.1 - Romain 2008-03-21 19:54:42.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.63 [GMT 1:00]

Endroit: C:\Documents and Settings\Romain\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\d.exe

C:\Documents and Settings\Romain\Application Data\ShoppingReport

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Romain\Application Data\ShoppingReport\cs\res1\WhiteList.dbs

C:\Program Files\Fichiers communs\Delsim

C:\Program Files\Fichiers communs\Delsim\uninstall.bat

C:\Program Files\seekmo

C:\Program Files\seekmo\seekmo_gdf.dat

C:\Program Files\seekmo\seekmo_hpk.dat

C:\Program Files\seekmo\seekmo_kyf.dat

C:\Program Files\seekmo\seekmoau.dat

C:\Program Files\seekmo\seekmohook.dll

C:\Program Files\ShoppingReport

C:\Program Files\ShoppingReport\Uninst.exe

C:\WINDOWS\180ax.exe

C:\WINDOWS\2020search.dll

C:\WINDOWS\2020search2.dll

C:\WINDOWS\bjam.dll

C:\WINDOWS\bokja.exe

C:\WINDOWS\cdsm32.dll

C:\WINDOWS\default.htm

C:\WINDOWS\help\hqaply.chm

C:\WINDOWS\help\lagednick.chm

C:\WINDOWS\mspphe.dll

C:\WINDOWS\mssvr.exe

C:\WINDOWS\saiemod.dll

C:\WINDOWS\salm.exe

C:\WINDOWS\stcloader.exe

C:\WINDOWS\swin32.dll

C:\WINDOWS\system32\adult.txt

C:\WINDOWS\system32\drivers\symavc32.sys

C:\WINDOWS\system32\finance.txt

C:\WINDOWS\system32\lt.res

C:\WINDOWS\system32\msixu.dll

C:\WINDOWS\system32\other.txt

C:\WINDOWS\system32\pharma.txt

C:\WINDOWS\system32\sft.res

C:\WINDOWS\system32\wer8274.dll

C:\WINDOWS\updatetc.exe

C:\WINDOWS\voiceip.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_hqaply

-------\Service_lagednick

 

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-20 02:24 . 2008-03-20 02:24 <REP> d-------- C:\Program Files\Trend Micro

2008-03-20 00:21 . 2008-03-20 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-20 00:21 . 2008-03-20 00:21 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-19 21:29 . 2008-03-19 02:50 <REP> d-------- C:\SDFix

2008-03-19 10:58 . 2008-03-21 20:00 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll

2008-03-18 23:22 . 2008-03-20 05:02 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-03-18 23:17 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\Romain\Application Data\Bitdefender

2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Program Files\Softwin

2008-03-18 23:12 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

2008-03-18 23:09 . 2008-03-20 05:32 <REP> d-------- C:\Program Files\Fichiers communs\Softwin

2008-03-12 03:26 . 2008-03-12 03:26 276 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-11 23:16 . 2008-03-11 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-11 22:28 . 2008-03-11 22:28 0 --a------ C:\d.MSNFix

2008-03-11 22:25 . 2008-03-11 22:25 6,656 --a------ C:\xkufbjjc.MSNFix

2008-03-11 22:25 . 2008-03-11 22:25 6,656 --a------ C:\xkufbjjc.exe

2008-03-11 21:52 . 2008-03-11 21:52 <REP> d-------- C:\Program Files\stc

2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\Program Files\zango

2008-03-11 21:50 . 2008-03-11 21:50 <REP> d-------- C:\Program Files\Sysmnt

2008-03-11 21:50 . 2008-03-11 21:50 29,696 --a------ C:\WINDOWS\asycfilt32.dll

2008-03-11 21:39 . 2008-03-11 22:28 2 --a------ C:\74060203

2008-03-11 21:34 . 2008-03-11 21:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin

2008-03-11 13:13 . 2008-03-20 04:21 26,624 --a------ C:\WINDOWS\system32\drivers\Qux36.sys

2008-03-11 13:12 . 2008-03-11 14:47 225,297 --a------ C:\wcbcapm.MSNFix

2008-03-11 13:12 . 2008-03-11 14:47 225,297 --a------ C:\wcbcapm.exe

2008-03-10 21:33 . 2008-03-10 21:33 <REP> d-------- C:\Documents and Settings\Romain\Application Data\MSNInstaller

2008-03-10 21:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-10 21:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-10 21:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-09 23:18 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-09 23:03 . 2008-03-09 23:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-03-09 23:02 . 2008-03-11 00:36 <REP> d-------- C:\Program Files\Windows Live

2008-03-09 23:02 . 2008-03-20 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-09 22:59 . 2008-03-09 22:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-03-09 18:45 . 2008-03-09 19:38 183 --a------ C:\Unit‚ DirectCD (E).lnk

2008-03-09 02:27 . 2008-03-09 02:28 684 --a------ C:\WINDOWS\mozver.dat

2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata08.sqm

2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata07.sqm

2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt08.sqm

2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt07.sqm

2008-03-07 18:10 . 2008-03-17 02:02 <REP> d-------- C:\Documents and Settings\Romain\Application Data\LimeWire

2008-02-22 14:36 . 2008-02-22 14:36 268 --ah----- C:\sqmdata05.sqm

2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt06.sqm

2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt05.sqm

2008-02-22 14:36 . 2008-02-22 14:36 136 --ah----- C:\sqmdata06.sqm

2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-19 13:59 --------- d-----w C:\Program Files\Online_TV

2008-03-17 00:53 --------- d-----w C:\Program Files\eMule

2008-03-11 20:51 8,704 ----a-w C:\WINDOWS\shdocpl.dll

2008-03-11 20:51 24,576 ----a-w C:\WINDOWS\msapasrc.dll

2008-03-11 20:51 17,152 ----a-w C:\WINDOWS\ntnut.exe

2008-03-11 20:51 10,752 ----a-w C:\WINDOWS\msa64chk.dll

2008-03-10 20:27 --------- d-----w C:\Program Files\MSN Messenger

2008-03-09 01:40 --------- d-----w C:\Program Files\Java

2008-03-09 01:28 --------- d-----w C:\Program Files\DivX

2008-02-04 11:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-04 11:16 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FAST Defrag"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StandardInstall"="" []

"Flash Media"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoInstrumentation"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

"NoInstrumentation"= 0 (0x0)

"NoStartMenuPinnedList"= 0 (0x0)

"ForceStartMenuLogoff"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

WLCtrl32.dll 2008-03-21 20:00 11776 C:\WINDOWS\system32\WLCtrl32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced DHTML Enable]

C:\WINDOWS\System32\eqdtrn.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe Free]

C:\Program Files\ErrorSafe Free\uers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafeFree]

C:\Program Files\ErrorSafe Free\uers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Firewall System]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Windows NT-Session Manager"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\@Last Software\\SketchUp 3.0\\SketchUp.exe"=

"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"=

"C:\\Program Files\\amsn\\bin\\wish.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\iTunes.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"D:\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 Qux36;Qux36;C:\WINDOWS\system32\Drivers\Qux36.sys [2008-03-20 04:21]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-17 18:00]

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40]

S0 Rvy36;Rvy36;C:\WINDOWS\system32\Drivers\Rvy36.sys []

S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys []

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys []

S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]

S4 Windows NT-Session Manager;Windows NT-Session Manager;"C:\WINDOWS\smss.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a944007d-4dff-11da-92e2-000000000010}]

\Shell\AutoRun\command - F:\setupSNK.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 19:39:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 20:01:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\WLCtrl32.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

.

**************************************************************************

.

Completion time: 2008-03-21 20:03:57 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-21 19:03:52

.

2008-03-12 07:28:06 --- E O F ---

[angelique]

ok!

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

http://forum.zebulon.fr/index.php?showtopic=141332&hl=
Collect::[27]
C:\WINDOWS\system32\Drivers\Rvy36.sys
C:\WINDOWS\system32\drivers\riode32.sys 
C:\WINDOWS\system32\drivers\Qux36.sys

Driver::
Qux36
Rvy36
riode32

File::
C:\WINDOWS\system32\WLCtrl32.dll
C:\d.MSNFix
C:\xkufbjjc.MSNFix
C:\xkufbjjc.exe
C:\wcbcapm.MSNFix
C:\wcbcapm.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\drivers\Qux36.sys
C:\WINDOWS\System32\eqdtrn.exe
C:\WINDOWS\system32\Drivers\Rvy36.sys
C:\WINDOWS\system32\drivers\riode32.sys 

Folder::
C:\SDFix
C:\74060203
C:\Program Files\ErrorSafe Free

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flash Media"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced DHTML Enable]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe Free]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafeFree]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

*une fentere d'upload devarit s'afficher , upload le zip sur ton bureau

 

• reposte avec un nouveau rapport HijackThis

 

 

[chniout]

message supprimé

Modifié le 21 mars 2008 par chniout

[chniout]

excusez moi, g du vous embrouiller :-s

 

vous retrouverez ci dessous les derniers rapports combofix et hijackthis :

 

________________________________________________________________________________

_________________________

ComboFix 08-03-21.1 - Romain 2008-03-21 20:44:48.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.55 [GMT 1:00]

Endroit: C:\Documents and Settings\Romain\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Romain\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\d.MSNFix

C:\wcbcapm.exe

C:\wcbcapm.MSNFix

C:\WINDOWS\system32\drivers\Qux36.sys

C:\WINDOWS\system32\drivers\riode32.sys

C:\WINDOWS\system32\Drivers\Rvy36.sys

C:\WINDOWS\System32\eqdtrn.exe

C:\WINDOWS\system32\winfrun32.bin

C:\WINDOWS\system32\WLCtrl32.dll

C:\xkufbjjc.exe

C:\xkufbjjc.MSNFix

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\74060203\

C:\d.MSNFix

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\catchme.exe

C:\SDFix\dummy.sys

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\wcbcapm.exe

C:\wcbcapm.MSNFix

C:\WINDOWS\system32\drivers\Qux36.sys

C:\WINDOWS\system32\winfrun32.bin

C:\WINDOWS\system32\WLCtrl32.dll

C:\xkufbjjc.exe

C:\xkufbjjc.MSNFix

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_QUX36

-------\Legacy_RIODE32

-------\Service_Qux36

-------\Service_riode32

-------\Service_Rvy36

 

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-21 20:44 . 2008-03-21 20:44 3,631 --a------ C:\4.tmp

2008-03-20 02:24 . 2008-03-20 02:24 <REP> d-------- C:\Program Files\Trend Micro

2008-03-20 00:21 . 2008-03-20 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-20 00:21 . 2008-03-20 00:21 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-18 23:22 . 2008-03-20 05:02 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-03-18 23:17 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\Romain\Application Data\Bitdefender

2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Program Files\Softwin

2008-03-18 23:12 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

2008-03-18 23:09 . 2008-03-20 05:32 <REP> d-------- C:\Program Files\Fichiers communs\Softwin

2008-03-12 03:26 . 2008-03-12 03:26 276 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-11 23:16 . 2008-03-11 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-11 21:52 . 2008-03-11 21:52 <REP> d-------- C:\Program Files\stc

2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\Program Files\zango

2008-03-11 21:50 . 2008-03-11 21:50 <REP> d-------- C:\Program Files\Sysmnt

2008-03-11 21:50 . 2008-03-11 21:50 29,696 --a------ C:\WINDOWS\asycfilt32.dll

2008-03-11 21:39 . 2008-03-11 22:28 2 --a------ C:\74060203

2008-03-10 21:33 . 2008-03-10 21:33 <REP> d-------- C:\Documents and Settings\Romain\Application Data\MSNInstaller

2008-03-10 21:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-10 21:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-10 21:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-09 23:18 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-09 23:03 . 2008-03-09 23:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-03-09 23:02 . 2008-03-11 00:36 <REP> d-------- C:\Program Files\Windows Live

2008-03-09 23:02 . 2008-03-20 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-09 22:59 . 2008-03-09 22:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-03-09 18:45 . 2008-03-09 19:38 183 --a------ C:\Unit‚ DirectCD (E).lnk

2008-03-09 02:27 . 2008-03-09 02:28 684 --a------ C:\WINDOWS\mozver.dat

2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata08.sqm

2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata07.sqm

2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt08.sqm

2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt07.sqm

2008-03-07 18:10 . 2008-03-17 02:02 <REP> d-------- C:\Documents and Settings\Romain\Application Data\LimeWire

2008-02-22 14:36 . 2008-02-22 14:36 268 --ah----- C:\sqmdata05.sqm

2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt06.sqm

2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt05.sqm

2008-02-22 14:36 . 2008-02-22 14:36 136 --ah----- C:\sqmdata06.sqm

2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-19 13:59 --------- d-----w C:\Program Files\Online_TV

2008-03-17 00:53 --------- d-----w C:\Program Files\eMule

2008-03-11 20:51 8,704 ----a-w C:\WINDOWS\shdocpl.dll

2008-03-11 20:51 24,576 ----a-w C:\WINDOWS\msapasrc.dll

2008-03-11 20:51 17,152 ----a-w C:\WINDOWS\ntnut.exe

2008-03-11 20:51 10,752 ----a-w C:\WINDOWS\msa64chk.dll

2008-03-10 20:27 --------- d-----w C:\Program Files\MSN Messenger

2008-03-09 01:40 --------- d-----w C:\Program Files\Java

2008-03-09 01:28 --------- d-----w C:\Program Files\DivX

2008-02-04 11:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-04 11:16 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FAST Defrag"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StandardInstall"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoInstrumentation"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

"NoInstrumentation"= 0 (0x0)

"NoStartMenuPinnedList"= 0 (0x0)

"ForceStartMenuLogoff"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Firewall System]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Windows NT-Session Manager"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\@Last Software\\SketchUp 3.0\\SketchUp.exe"=

"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"=

"C:\\Program Files\\amsn\\bin\\wish.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\iTunes.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"D:\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-17 18:00]

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys []

S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]

S4 Windows NT-Session Manager;Windows NT-Session Manager;"C:\WINDOWS\smss.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a944007d-4dff-11da-92e2-000000000010}]

\Shell\AutoRun\command - F:\setupSNK.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 19:39:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 20:50:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

.

**************************************************************************

.

Completion time: 2008-03-21 20:53:31 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-21 19:53:27

ComboFix2.txt 2008-03-21 19:03:58

.

2008-03-12 07:28:06 --- E O F ---

________________________________________________________________________________

______________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:01:02, on 21/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\WinAce\WinAce.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 2481 bytes

________________________________________________________________________________

________________________________________________________

 

Merci de votre aide

[angelique]

merci de votre réponse, euh je possède avast !

 

Bah , tu vas le virer et installer antivir de cette maniere en suivant le tuto::

 

http://forum.malekal.com/ftopic4192.php

 

• desinstalle ComboFix en copiant collant , puis en validant la ligne ci dessous dans executer:

 

ComboFix /u

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

• Télécharge ewido anti-spyware micro scanner sur ton bureau.

http://downloads.ewido.net/ewido_micro.exe

 

* Double-clique sur le fichier ewido_micro.exe pour l'exécuter.

* Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.

* Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.

* Clique sur Start Scan et laisse l'outil travailler.Antivir peut réagir sur les fichiers analysés, quarantaine en cas d'alerte

* Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.

* Poste le dans ta prochaine réponse.

 

Nb, clique sur Remove infections

 

 

• réalise un scan avec antivir, quarantaine les éléments trouvés et poste les rapports et nouveau rapport HijackThis

[angelique]

Je suis absolument confuse j'ai oublié une infection!!!!

 

Recharge ComboFix comme precedemment sur ton bureau

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Driver::
Windows NT-Session Manager

File::
C:\WINDOWS\smss.exe
C:\WINDOWS\ntnut.exe

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[chniout]

bonjour !

 

alors je n'ai pas tenu compte de l'av dernier post, uniquement du dernier, g dc installé antivir et voici le nouveau rapport de combofix :

 

________________________________________________________________________________

_____________________________________

 

ComboFix 08-03-21.1 - Romain 2008-03-22 14:09:38.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.45 [GMT 1:00]

Endroit: C:\Documents and Settings\Romain\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Romain\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\ntnut.exe

C:\WINDOWS\smss.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\ntnut.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_WINDOWS_NT-SESSION_MANAGER

-------\Service_Windows NT-Session Manager

 

 

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))

.

 

2008-03-22 14:08 . 2008-03-22 14:08 3,631 --a------ C:\5.tmp

2008-03-22 14:07 . 2008-03-22 14:07 3,631 --a------ C:\2.tmp

2008-03-22 14:04 . 2008-03-22 14:04 3,631 --a------ C:\1.tmp

2008-03-22 13:40 . 2008-03-22 13:40 <REP> d-------- C:\Program Files\Avira

2008-03-22 13:40 . 2008-03-22 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-03-21 20:44 . 2008-03-21 20:44 3,631 --a------ C:\4.tmp

2008-03-20 02:24 . 2008-03-20 02:24 <REP> d-------- C:\Program Files\Trend Micro

2008-03-20 00:21 . 2008-03-20 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-20 00:21 . 2008-03-20 00:21 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-18 23:22 . 2008-03-20 05:02 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-03-18 23:17 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\Romain\Application Data\Bitdefender

2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Program Files\Softwin

2008-03-18 23:12 . 2008-03-18 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

2008-03-18 23:09 . 2008-03-20 05:32 <REP> d-------- C:\Program Files\Fichiers communs\Softwin

2008-03-12 03:26 . 2008-03-12 03:26 276 --a------ C:\WINDOWS\system32\MRT.INI

2008-03-11 23:16 . 2008-03-11 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-11 21:52 . 2008-03-11 21:52 <REP> d-------- C:\Program Files\stc

2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\WINDOWS\FLEOK

2008-03-11 21:51 . 2008-03-11 21:51 <REP> d-------- C:\Program Files\zango

2008-03-11 21:51 . 2008-03-11 21:51 31,488 --a------ C:\WINDOWS\system32\shdocpe.dll

2008-03-11 21:51 . 2008-03-11 21:51 24,576 --a------ C:\WINDOWS\msapasrc.dll

2008-03-11 21:51 . 2008-03-11 21:51 22,016 --a------ C:\WINDOWS\didduid.ini

2008-03-11 21:51 . 2008-03-11 21:51 17,920 --a------ C:\WINDOWS\system32\SIPSPI32.dll

2008-03-11 21:51 . 2008-03-11 21:51 17,152 --a------ C:\WINDOWS\123messenger.per

2008-03-11 21:51 . 2008-03-11 21:51 15,616 --a------ C:\WINDOWS\system32\MSNSA32.dll

2008-03-11 21:51 . 2008-03-11 21:51 12,544 --a------ C:\WINDOWS\system32\ntnut32.exe

2008-03-11 21:51 . 2008-03-11 21:51 10,752 --a------ C:\WINDOWS\msa64chk.dll

2008-03-11 21:51 . 2008-03-11 21:51 8,704 --a------ C:\WINDOWS\shdocpl.dll

2008-03-11 21:50 . 2008-03-11 21:50 <REP> d-------- C:\Program Files\Sysmnt

2008-03-11 21:39 . 2008-03-11 22:28 2 --a------ C:\74060203

2008-03-10 21:33 . 2008-03-10 21:33 <REP> d-------- C:\Documents and Settings\Romain\Application Data\MSNInstaller

2008-03-10 21:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-10 21:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-10 21:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-09 23:18 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-09 23:03 . 2008-03-09 23:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-03-09 23:02 . 2008-03-11 00:36 <REP> d-------- C:\Program Files\Windows Live

2008-03-09 23:02 . 2008-03-20 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-09 22:59 . 2008-03-09 22:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-03-09 18:45 . 2008-03-09 19:38 183 --a------ C:\Unit‚ DirectCD (E).lnk

2008-03-09 02:27 . 2008-03-09 02:28 684 --a------ C:\WINDOWS\mozver.dat

2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata08.sqm

2008-03-07 19:07 . 2008-03-07 19:07 268 --ah----- C:\sqmdata07.sqm

2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt08.sqm

2008-03-07 19:07 . 2008-03-07 19:07 244 --ah----- C:\sqmnoopt07.sqm

2008-03-07 18:10 . 2008-03-17 02:02 <REP> d-------- C:\Documents and Settings\Romain\Application Data\LimeWire

2008-02-22 14:36 . 2008-02-22 14:36 268 --ah----- C:\sqmdata05.sqm

2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt06.sqm

2008-02-22 14:36 . 2008-02-22 14:36 244 --ah----- C:\sqmnoopt05.sqm

2008-02-22 14:36 . 2008-02-22 14:36 136 --ah----- C:\sqmdata06.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 02:44 2,287,616 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp

2008-03-20 01:53 1,530,368 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp

2008-03-20 00:25 2,381,824 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp

2008-03-19 22:08 739,328 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp

2008-03-19 22:08 2,381,312 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp

2008-03-19 13:59 --------- d-----w C:\Program Files\Online_TV

2008-03-17 00:53 --------- d-----w C:\Program Files\eMule

2008-03-15 20:35 2,932,736 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp

2008-03-13 09:12 3,444,224 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp

2008-03-11 14:22 724,480 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp

2008-03-10 20:27 --------- d-----w C:\Program Files\MSN Messenger

2008-03-09 15:36 964,608 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp

2008-03-09 15:36 2,295,296 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp

2008-03-09 01:40 --------- d-----w C:\Program Files\Java

2008-03-09 01:28 --------- d-----w C:\Program Files\DivX

2008-03-04 21:20 2,190,848 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp

2008-03-03 06:23 1,802,752 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp

2008-02-29 22:19 2,136,064 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-15 23:29 2,000,896 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp

2008-02-09 19:33 2,094,080 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp

2008-02-04 11:37 5,329,408 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp

2008-02-04 11:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-04 11:16 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-02-04 11:16 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-02-04 11:16 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-16 14:50 16,726,909 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_16_15_16_31_full.dmp.zip

2008-01-16 14:49 123,517 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_16_15_18_03_small.dmp.zip

2007-12-26 17:56 720,896 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp

2007-12-20 09:59 3,248,128 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp

2007-12-20 09:59 2,011,136 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp

2007-12-18 06:25 2,007,552 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp

2007-12-17 13:45 5,904,066 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2007-11-07 01:33 1,891,840 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp

2007-11-02 21:44 1,884,672 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp

2007-10-30 21:12 16,676,816 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_29_14_04_13_full.dmp.zip

2007-10-24 17:02 1,863,680 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp

2007-10-24 17:01 1,458,688 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2007-10-22 18:07 1,860,608 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2007-10-12 08:40 1,275,392 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2007-10-03 18:01 2,915,328 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2007-10-03 18:01 1,782,784 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2007-09-24 07:22 1,766,400 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2007-07-02 10:02 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2007-06-16 09:05 2,889,216 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2007-06-08 18:41 3,016,704 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2007-05-17 18:37 3,913,216 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2007-04-26 13:21 2,944,000 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2007-04-20 10:46 3,075,584 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2007-04-20 10:46 1,486,848 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-03-24 14:27 2,484,224 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2007-03-24 14:27 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-03-21 21:27 222,720 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-21_20.03.32.98 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FAST Defrag"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StandardInstall"="" []

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoInstrumentation"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

"NoInstrumentation"= 0 (0x0)

"NoStartMenuPinnedList"= 0 (0x0)

"ForceStartMenuLogoff"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Firewall System]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Windows NT-Session Manager"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\@Last Software\\SketchUp 3.0\\SketchUp.exe"=

"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"=

"C:\\Program Files\\amsn\\bin\\wish.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\iTunes.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"D:\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-17 18:00]

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys []

S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a944007d-4dff-11da-92e2-000000000010}]

\Shell\AutoRun\command - F:\setupSNK.exe

 

*Newly Created Service* - SSMDRV

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 19:39:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 14:15:26

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

.

**************************************************************************

.

Completion time: 2008-03-22 14:19:22 - machine was rebooted [Romain]

ComboFix-quarantined-files.txt 2008-03-22 13:19:17

ComboFix2.txt 2008-03-21 19:53:32

ComboFix3.txt 2008-03-21 19:03:58

.

2008-03-12 07:28:06 --- E O F ---

________________________________________________________________________________

___________

 

Merci !

[angelique]

ok tu peux donc desinstaller ComboFix comme precedemment et faire la suite se referant au message #7: http://forum.zebulon.fr/index.php?showtopi...t&p=1197065