Infection virale!!!

[Zonk]

Allo

Attend que Pear te confirme avant de crier victoire........

http://forum.zebulon.fr/index.php?showtopic=98948

@+

[BernardTTW]

Bonjour Pear

 

Comme demandé voici le rapport de ComboFix.

 

pour la suite necessaire que dois-je faire.

 

 

Merci

 

 

 

ComboFix 08-02-13.2 - Admin 2008-02-14 20:42:03.14 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.588 [GMT 1:00]

Endroit: C:\Documents and Settings\Admin\Bureau\virus\ComboFix.exe

Command switches used :: C:\Documents and Settings\Admin\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-14 20:33 . 2008-02-14 20:33 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys

2008-02-14 20:00 . 2008-02-14 20:00 <REP> d-------- C:\Program Files\AnalogX

2008-02-14 15:33 . 2008-02-14 15:35 <REP> d-------- C:\Program Files\Navilog1

2008-02-13 09:43 . 2008-02-13 09:43 <REP> d-------- C:\Program Files\Avira

2008-02-13 09:43 . 2008-02-13 09:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-02-13 08:39 . 2008-02-13 09:17 318 --ahs---- C:\WINDOWS\system32\qstwa.ini

2008-02-13 08:12 . 2008-02-13 08:24 <REP> d-------- C:\Downloads

2008-02-12 23:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-02-12 23:16 . 2008-02-13 08:16 3,354 --a------ C:\WINDOWS\system32\tmp.reg

2008-02-12 21:46 . 2008-02-12 21:46 <REP> d-------- C:\Program Files\Trend Micro

2008-02-12 14:16 . 2008-02-12 14:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-12 13:00 . 2008-02-12 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft

2008-02-12 11:41 . 2008-02-11 08:44 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-02-12 09:23 . 2008-02-12 09:23 <REP> d-------- C:\WINDOWS\system32\bfubackups

2008-02-12 08:59 . 2008-02-12 08:59 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft

2008-02-12 08:57 . 2008-02-12 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-12 08:57 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-02-11 22:11 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe

2008-02-11 22:11 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-02-11 22:04 . 2008-02-14 20:35 12,804 --a------ C:\WINDOWS\system32\OODBS.lor

2008-02-11 21:58 . 2008-02-11 21:58 <REP> d-------- C:\Program Files\GiPo@Utilities

2008-02-11 21:58 . 2008-02-11 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Gibinsoft Shared

2008-02-11 15:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-02-11 15:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-02-11 15:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-02-11 15:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-02-11 15:30 . 2008-02-11 15:30 <REP> d-------- C:\Program Files\RootKit Hook Analyzer

2008-02-11 15:30 . 2008-02-11 23:31 <REP> d-------- C:\Program Files\RegCleaner

2008-02-11 15:30 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys

2008-02-11 14:38 . 2004-08-19 15:56 281,600 --a--c--- C:\WINDOWS\system32\dllcache\OLD53.tmp

2008-02-11 14:38 . 2001-08-24 13:00 96,768 --a--c--- C:\WINDOWS\system32\dllcache\OLD50.tmp

2008-02-11 14:38 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\OLD49.tmp

2008-02-11 14:38 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\OLD4D.tmp

2008-02-11 14:38 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\OLD3F.tmp

2008-02-11 14:34 . 2008-02-11 14:34 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-11 10:46 . 2008-02-14 14:15 <REP> d-------- C:\VundoFix Backups

2008-02-10 20:39 . 2008-02-10 20:39 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat

2008-02-10 12:38 . 2008-02-11 23:47 201 --a------ C:\WINDOWS\wininit.ini

2008-02-10 12:07 . 2008-02-10 12:06 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-10 12:07 . 2008-02-10 12:07 3,452 --a------ C:\WINDOWS\unins000.dat

2008-02-09 23:27 . 2008-02-10 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2008-02-07 09:45 . 2008-02-07 09:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-07 09:45 . 2008-02-07 09:45 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-29 09:06 . 2008-01-29 09:06 <REP> d-------- C:\Program Files\Windows Installer Clean Up

2008-01-28 11:23 . 2008-01-28 11:23 <REP> d-------- C:\Program Files\Michael K. Weise

2008-01-28 11:18 . 2008-01-28 11:18 <REP> d-------- C:\Program Files\Monkey's Audio1

2008-01-28 11:18 . 2008-01-28 11:18 <REP> d-------- C:\Program Files\Audio Studio Gold

2008-01-28 10:01 . 2008-01-28 10:08 <REP> d-------- C:\Program Files\Beneton Movie GIF

2008-01-16 13:21 . 2008-01-16 13:21 <REP> d-------- C:\Documents and Settings\Admin\Application Data\dBpoweramp

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-14 13:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-13 08:22 --------- d-----w C:\Program Files\BitComet

2008-02-12 13:04 --------- d-----w C:\Program Files\BitDownload

2008-02-11 22:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-11 10:49 --------- d-----w C:\Program Files\Musicmatch

2008-02-11 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-07 10:13 --------- d-----w C:\Program Files\TagRename

2008-02-07 10:13 --------- d-----w C:\Program Files\cam2pc

2008-02-07 07:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-01 20:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\foobar2000

2008-01-29 08:05 --------- d-----w C:\Program Files\MSECACHE

2008-01-29 07:27 --------- d-----w C:\Program Files\microsoft frontpage

2008-01-28 10:22 --------- d-----w C:\Program Files\DivX

2008-01-28 10:16 --------- d-----w C:\Program Files\foobar2000

2008-01-28 09:47 --------- d-----w C:\Program Files\jv16 PowerTools 2006

2008-01-28 09:47 --------- d-----w C:\Program Files\eeMule

2008-01-20 16:05 --------- d-----w C:\Program Files\Winamp

2008-01-12 10:02 --------- d-----w C:\Program Files\MIKSOFT

2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2008-01-08 07:41 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-01-04 12:25 --------- d-----w C:\Program Files\DS-Monkey Audio Source

2007-12-29 16:10 --------- d-----w C:\Program Files\Free Audio Pack

2007-12-29 15:08 --------- d-----w C:\Program Files\Nero

2007-12-29 13:50 --------- d-----w C:\Program Files\Fichiers communs\LightScribe

2007-12-29 13:50 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nero

2007-12-29 13:31 --------- d-----w C:\Program Files\Fichiers communs\Nero

2007-12-29 13:18 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2007-12-29 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-12-22 08:05 --------- d-----w C:\Program Files\Notepad++

2007-12-22 08:05 --------- d-----w C:\Documents and Settings\Admin\Application Data\Notepad++

2007-12-21 21:38 --------- d-----w C:\Program Files\CR-TEKnologies

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-17 08:50 --------- d-----w C:\Program Files\TagScanner

2007-12-14 20:44 --------- d-----w C:\Program Files\Winamp Toolbar

2007-12-14 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar

2007-12-07 00:47 670,208 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-11-21 22:38 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot

2007-10-04 07:14 23,960 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT

2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

2007-03-12 08:19 5 --sha-w C:\WINDOWS\system32\fabdab4_s.dll

.

<pre>
----a-w		13,704,584 2007-02-02 09:12:31  C:\Documents and Settings\Admin\Mes documents\sp26552realtekAudio5.10.0.5123 .exe
</pre>

 

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60CA9253-D3C6-450B-89C6-DA30CFA97089}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9920DACE-EA29-43AB-9EB1-835578A3D67A}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A690C595-CD09-4000-9298-6D32B1C78BFD}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA2A616C-02D4-47BA-871D-E128D2FB47D7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F797FA56-2E76-4B77-90E8-82F8B98AE125}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD54600D-10EA-4A68-AB47-3D3BE3C52F9A}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:07 1289000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]

"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 16:26 2808832 C:\WINDOWS\alcwzrd.exe]

"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-03-16 14:46 508573]

"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-03-16 14:46 65536]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2007-03-31 10:12 282624]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]

"OmniPage"="C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe" [1999-11-08 01:04 53248]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-13 09:47 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 11:24 248]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-24 19:38:04 110592]

D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoStrCmpLogical"= 0 (0x0)

"NoInstrumentation"= 0 (0x0)

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoSMHelp"= 1 (0x1)

"NoStartMenuMFUprogramsList"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Printing Driver"= WinSpooler.exe

"WinUpdating"= WinUpdating.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"System"="1"

 

R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-11 10:16]

R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-05-24 13:51]

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 09:50]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-14 20:42:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-02-14 20:43:10

ComboFix-quarantined-files.txt 2008-02-14 19:43:08

ComboFix2.txt 2008-02-14 13:25:06

ComboFix3.txt 2008-02-14 10:41:42

ComboFix4.txt 2008-02-14 09:55:53

ComboFix5.txt 2008-02-14 09:18:29

.

2008-02-13 07:52:28 --- E O F ---