[resolu]csrss

[fm37]

ComboFix 08-03-08.2 - Max 2008-03-09 14:11:20.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.144 [GMT 1:00]

Endroit: C:\Documents and Settings\Max\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Max\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\DOCUME~1\Max\LOCALS~1\Temp\mc21.tmp

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\_OTMoveIt

C:\_OTMoveIt\MovedFiles\03072008_154142.log

C:\_OTMoveIt\MovedFiles\03072008_154142.res

C:\_OTMoveIt\MovedFiles\03072008_154142\WINDOWS\Config\csrss.exe

C:\_OTMoveIt\MovedFiles\03072008_154251.log

C:\_OTMoveIt\MovedFiles\03072008_154251.res

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\RegDACL.exe

C:\SDFix\apps\regedit.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\zip.exe

C:\SDFix\backups\attrib.exe

C:\SDFix\backups\backupreg.zip

C:\SDFix\backups\backups.zip

C:\SDFix\backups\find.exe

C:\SDFix\backups\findstr.exe

C:\SDFix\backups\HOSTS

C:\SDFix\backups\regedit.exe

C:\SDFix\catchme.exe

C:\SDFix\dummy.exe

C:\SDFix\dummy.sys

C:\SDFix\Report.txt

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\LEGACY_MCHINJDRV

-------\mchInjDrv

 

 

((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-08 12:02 . 2008-03-08 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-08 12:02 . 2008-03-08 12:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-07 15:54 . 2008-03-07 15:55 <REP> d-------- C:\WINDOWS\ERUNT

2008-03-06 23:51 . 2008-03-06 23:51 <REP> d-------- C:\Program Files\Trend Micro

2008-03-04 09:27 . 2008-03-04 09:28 <REP> d-------- C:\Program Files\LimeWire

2008-03-03 11:05 . 2008-03-05 00:45 <REP> d-------- C:\Program Files\Conduit

2008-03-03 11:05 . 2008-03-05 00:45 <REP> d-------- C:\Program Files\Best_Security_Tips

2008-03-03 10:30 . 2008-03-04 09:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-03 10:30 . 2008-03-03 10:30 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-02-28 11:08 . 2008-03-04 23:24 <REP> d-------- C:\Documents and Settings\Max\Application Data\Faces

2008-02-26 19:31 . 1997-02-25 14:55 351,344 --a------ C:\WINDOWS\system\LTKRN70W.DLL

2008-02-26 19:31 . 1997-02-19 11:04 172,784 --a------ C:\WINDOWS\system\LFCMP70W.DLL

2008-02-26 19:31 . 1997-07-14 17:30 97,498 --a------ C:\WINDOWS\system\WALKER.DLL

2008-02-26 19:31 . 1997-05-12 18:16 72,046 --a------ C:\WINDOWS\system\GFXAPI.DLL

2008-02-26 19:31 . 1997-03-03 12:04 37,712 --a------ C:\WINDOWS\system\LTFIL70W.DLL

2008-02-26 19:31 . 1997-02-19 10:55 17,424 --a------ C:\WINDOWS\system\LTTWN70W.DLL

2008-02-26 19:31 . 1997-02-19 10:56 11,760 --a------ C:\WINDOWS\system\LFBMP70W.DLL

2008-02-26 19:30 . 2008-02-26 19:30 <REP> d-------- C:\Program Files\Anuman Interactive

2008-02-26 19:30 . 1997-07-16 12:00 7,088 --a------ C:\WINDOWS\system\LFIMG70W.DLL

2008-02-21 08:56 . 2008-02-21 14:10 <REP> d-------- C:\Documents and Settings\Max\Application Data\Autodesk

2008-02-21 08:56 . 2008-03-05 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk

2008-02-20 23:54 . 2008-02-20 23:54 8,192 --ahs---- C:\WINDOWS\Thumbs.db

2008-02-20 21:13 . 2008-02-20 21:13 <REP> d-------- C:\Program Files\MagicISO Maker v5 4

2008-02-15 14:01 . 2008-02-15 14:01 <REP> d-------- C:\Program Files\AimGames

2008-02-15 11:44 . 2008-02-15 11:45 <REP> d-------- C:\Program Files\VirtualDub

2008-02-13 17:00 . 2008-02-13 17:00 <REP> d-------- C:\WINDOWS\Driver

2008-02-12 19:24 . 2008-02-12 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft

2008-02-12 19:23 . 2008-02-12 19:24 24 ---hs---- C:\WINDOWS\S6E4BE8E6.tmp

2008-02-11 10:35 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll

2008-02-11 10:35 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-09 13:29 24,152,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-09 13:28 1,155,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-03-09 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-09 13:26 332,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-09 13:26 111,380 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-03-09 11:19 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-03-07 23:07 --------- d-----w C:\Documents and Settings\Max\Application Data\uTorrent

2008-03-05 21:00 --------- d-----w C:\Documents and Settings\Max\Application Data\LimeWire

2008-03-05 20:25 --------- d-----w C:\Documents and Settings\Max\Application Data\Vso

2008-03-04 22:51 --------- d-----w C:\Program Files\Google

2008-03-02 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-14 20:48 --------- d-----w C:\Program Files\VSO

2008-02-13 16:19 --------- d-----w C:\Program Files\SlySoft

2008-02-08 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-08 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-08 17:26 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-01 18:44 --------- d-----w C:\Program Files\EA SPORTS

2008-02-01 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-01 18:12 --------- d-----w C:\Documents and Settings\Max\Application Data\CopyToDvd

2008-02-01 14:10 --------- d-----w C:\Documents and Settings\Max\Application Data\SYSTRAN

2008-02-01 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SYSTRAN

2008-01-31 20:52 --------- d-----w C:\Program Files\Total Video Converter

2008-01-31 18:28 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-01-26 19:33 --------- d-----w C:\Program Files\Alcohol Soft

2008-01-26 19:29 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-25 21:45 --------- d-----w C:\Program Files\Reallusion

2008-01-25 20:57 --------- d-----w C:\Documents and Settings\Max\Application Data\Reallusion

2008-01-25 20:56 --------- d-----w C:\Program Files\Fichiers communs\Reallusion

2008-01-21 19:45 --------- d-----w C:\Documents and Settings\Max\Application Data\Microsoft Corporation

2008-01-21 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2008-01-13 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk

2008-01-13 12:21 --------- d-----w C:\Documents and Settings\Max\Application Data\Joost

2007-12-12 17:59 2,314 ----a-w C:\Program Files\License.xbin

2007-10-20 13:05 47,360 ----a-w C:\Documents and Settings\Max\Application Data\pcouffin.sys

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-10-20 21:24 82 --sha-w C:\WINDOWS\crack\klog.dat

2007-09-29 19:26 23 --sha-w C:\WINDOWS\system32\cde8_r.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-09_12.04.45.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-05 14:29 160832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]

"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-09-04 09:28 270336]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\eMule\\eMule.exe"=

"C:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=

"C:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=

"C:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=

"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranFilterEngine.exe"=

"C:\\Program Files\\SYSTRAN\\6\\SystranTranslationProjectManager.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

 

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-10-08 10:54]

 

*Newly Created Service* - MCHINJDRV

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-09 14:28:34

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\Max\LOCALS~1\Temp\mc23.tmp"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-09 14:32:55 - machine was rebooted [Max]

ComboFix-quarantined-files.txt 2008-03-09 13:32:39

ComboFix2.txt 2008-03-09 11:05:38

.

2008-03-05 13:14:19 --- E O F ---

[fm37]

Service load:

0% 100%

File: klog.dat

Status:

OK

MD5: 561298bfb4708ef76a45858fa779765e

Packers detected:

-

Bit9 reports: File not found

Scanner results

Scan taken on 09 Mar 2008 13:42:55 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Powered by

images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/fortinet.gif images/ikarus.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.gif images/rising.gif images/sophos.gif images/virusbuster.gif images/vba32.png Bit9

Disclaimer

This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

 

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

 

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

 

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

 

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

 

Sponsored by HotelScraper.com.

Statistics

Last file scanned at least one scanner reported something about: Uniblue_RegistryBooster_2_Keygen.exe (MD5: 85af94c9d6fbc9d8ff0197663a14d91b, size: 282658 bytes), detected by:

 

Scanner Malware name

A-Squared Backdoor.Win32.Agent.bmn

AntiVir X

ArcaVir X

Avast Win32:Agent-MCF

AVG Antivirus BackDoor.Agent.NQP

BitDefender Backdoor.Agent.YXB

ClamAV Trojan.Agent-8317

CPsecure BackDoor.W32.Agent.bmn

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus Backdoor.Win32.Agent.bmn

Fortinet W32/Agent.BMN!tr.bdr

Ikarus Backdoor.Win32.Agent.bmn

Kaspersky Anti-Virus Backdoor.Win32.Agent.bmn

NOD32 probably a variant of Win32/Agent

Norman Virus Control W32/Agent.CNIP

Panda Antivirus Trj/Downloader.MDW

Rising Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 Backdoor.Win32.Agent.bmn

 

 

You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives

We are not affiliated with any third parties that conduct tests using this service.

[angelique]

Bon c'est ok

 

• desinstalle ComboFix en copiant collant et en validant la ligne ci dessous dans executer:

 

ComboFix /u

 

As tu encore un soucis??

[fm37]

re bonjour

 

non je n'ai plus de problème et je te remercie pour ton aide

 

bonne fin weekend

 

@+

 

fm37