Votre question

Probleme sur portable fenetre au demarrage

Tags :
  • portable
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Septembre 2008 13:24:21

Bonjour,

J'ai un portable, qui a quelque soucis, au demarrage ouverture de fenetre windows/system32 ou encore de my documents. Je ne peux pas acceder a regedit. je ne peux pas voir les dossiers cacher et les extensions de fichier...

j'ai avast en protection.

Je poste un log hijackthis en attendant vos reponses


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:20 PM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MARCO-ACD07525B.exe
C:\WINDOWS\Marco.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\explorcr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\FlashGuard\FlashGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
H:\explorcr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

F3 - REG:win.ini: load=C:\DOCUME~1\Marco\LOCALS~1\services.exe
F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [explorcr] C:\WINDOWS\system32\explorcr.exe
O4 - HKLM\..\Run: [MARCO-ACD07525B] C:\WINDOWS\win.pif
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGuard] "C:\Program Files\FlashGuard\FlashGuard.exe" -run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Marco] C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.com
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [(Default)] C:\DOCUME~1\Marco\LOCALS~1\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
O4 - HKUS\S-1-5-18\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCBB753A-810C-4C44-8725-331FDE2A5CE5}: NameServer = 218.248.240.208 218.248.240.79
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: MsNet Service (MsNet) - Unknown owner - C:\WINDOWS\Fonts\font.bat (file missing)

--
End of file - 6594 bytes

Autres pages sur : probleme portable fenetre demarrage

5 Septembre 2008 21:55:37

bonsoir
quand je vois l'état de ton infection il y a trois semaines et que je constate que tu n'as pas répondu à Egwene...
http://www.infos-du-net.com/forum/281617-11-probleme-de...

curieux que ton pc tourne encore...

on passe un temps fou pour rédiger des scripts comme ça. je veux bien t'aider, mais t'as intérêt de revenir...
6 Septembre 2008 07:04:53

Desole, mais je suis actuellement en inde en volontariat humanitaire, et pour l'ordi de la derniere fois, j'ai changer de lieu et je n'ai plus acces a cet ordi. d'autre par il ne s'agit pas du meme ordinateur que la derniere fois, cette fois c'est mon portable donc j'y ai acces tout le temps

merci pour vos reponses

marco
Contenus similaires
6 Septembre 2008 11:17:46

bonjour
oui, j'avais vu que ton FAI était en INDE.
Les deux PC sont infectés par un ver:
http://www.prevx.com/filenames/X1649097514790568870-0/E...

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


    7 Septembre 2008 07:31:03

    Merci voici les resultats report SDFIX puis hijackthis


    SDFix: Version 1.221
    Run by Marco on Sat 09/06/2008 at 10:02 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\Documents and Settings\Marco\Local Settings\Temp\DriveGuard.tmp.exe - Deleted
    C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.tmp - Deleted
    C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.tmp - Deleted
    C:\DOCUME~1\Marco\LOCALS~1\Temp\removalfile.bat - Deleted
    C:\autorun.exe - Deleted
    C:\WINDOWS\autorun.inf - Deleted
    C:\WINDOWS\services.exe - Deleted
    C:\WINDOWS\svchost.exe - Deleted
    C:\WINDOWS\System.exe - Deleted
    C:\WINDOWS\winlogon.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 22:04:07
    Windows 5.1.2600 Service Pack 2 NTFS





    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:15:25 PM, on 9/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\MARCO-ACD07525B.exe
    C:\WINDOWS\Marco.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [explorcr] C:\WINDOWS\system32\explorcr.exe
    O4 - HKLM\..\Run: [MARCO-ACD07525B] C:\WINDOWS\win.pif
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [FlashGuard] "C:\Program Files\FlashGuard\FlashGuard.exe" -run
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [d00edeab] rundll32.exe "C:\WINDOWS\system32\xncjpsbv.dll",b
    O4 - HKLM\..\Run: [BMd33ded37] Rundll32.exe "C:\WINDOWS\system32\cmpneror.dll",s
    O4 - HKCU\..\Run: [Marco] C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.com
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
    O4 - HKUS\S-1-5-18\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MsNet Service (MsNet) - Unknown owner - C:\WINDOWS\Fonts\font.bat (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --
    End of file - 6649 bytes
    7 Septembre 2008 18:21:04

    bonsoir
    on poursuit
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    9 Septembre 2008 12:05:52

    Voici les deux report demande :


    ComboFix 08-09-05.05 - Marco 2008-09-08 10:36:46.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1509 [GMT 5.5:30]
    Running from: C:\Documents and Settings\Marco\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    C:\WINDOWS\.exe
    C:\WINDOWS\BMd33ded37.txt
    C:\WINDOWS\BMd33ded37.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\smss.exe
    C:\WINDOWS\system32\cmpneror.dll
    C:\WINDOWS\system32\dfiQBKkj.ini
    C:\WINDOWS\system32\explorcr.exe
    C:\WINDOWS\system32\fqcahu.dll
    C:\WINDOWS\system32\jkKBQifd.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\thngyosn.dll
    C:\WINDOWS\system32\vbspjcnx.ini
    C:\WINDOWS\system32\xncjpsbv.dll
    H:\r.cmd
    I:\autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
    .

    2008-09-06 22:01 . 2008-09-06 22:01 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-09-06 21:56 . 2008-09-06 21:56 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-09-06 21:56 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Administrator.exe
    2008-09-06 21:54 . 2008-09-06 22:05 <DIR> d-------- C:\SDFix
    2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\WINDOWS\Options
    2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Program Files\Broadcom
    2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broadcom
    2008-09-06 21:52 . 2007-06-21 19:16 691,192 --a------ C:\WINDOWS\system32\drivers\bcmwl6.sys
    2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Program Files\ma-config.com
    2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-09-06 11:11 . 2008-09-06 11:12 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\U3
    2008-09-06 10:54 . 2008-09-06 11:01 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\FileZilla
    2008-09-06 10:53 . 2008-09-06 10:53 <DIR> d-------- C:\Program Files\FileZilla FTP Client
    2008-09-06 00:16 . 2008-09-06 00:16 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\Canneverbe_Limited
    2008-09-06 00:15 . 2008-09-06 00:15 <DIR> d-------- C:\Program Files\CDBurnerXP
    2008-09-05 16:34 . 2008-09-05 16:34 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d---s---- C:\Documents and Settings\Marco\UserData
    2008-09-05 09:59 . 2008-09-05 09:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-09-04 15:30 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
    2008-09-04 15:28 . 2008-09-04 15:28 <DIR> d-------- C:\Program Files\Pinnacle
    2008-09-04 15:23 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe
    2008-09-04 15:22 . 2008-09-04 15:22 <DIR> d-------- C:\Documents and Settings\Marco\WINDOWS
    2008-09-04 10:22 . 2008-09-04 10:22 <DIR> d-------- C:\Program Files\Alwil Software
    2008-09-04 10:22 . 2003-03-19 02:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-09-04 10:05 . 2008-09-04 10:05 <DIR> dra-s---- C:\Program Files\FlashGuard
    2008-09-03 21:22 . 2008-09-03 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-03 21:22 . 2008-09-03 21:22 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-03 20:32 . 2008-09-08 05:35 50 --a------ C:\WINDOWS\cdplayer.ini
    2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Real
    2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\Real
    2008-08-31 21:58 . 2008-08-31 21:58 <DIR> d-------- C:\Program Files\AviSynth 2.5
    2008-08-25 23:25 . 2008-08-25 23:25 <DIR> d-------- C:\Program Files\NetWaiting
    2008-08-25 23:23 . 2008-08-25 23:23 <DIR> d-------- C:\Program Files\CONEXANT
    2008-08-25 23:22 . 2006-09-07 14:23 117,248 --a------ C:\WINDOWS\system32\staco.dll
    2008-08-25 23:21 . 2008-08-25 23:21 <DIR> d-------- C:\Program Files\SigmaTel
    2008-08-25 23:04 . 2008-08-25 23:04 <DIR> d-------- C:\Program Files\Realtek
    2008-08-25 22:14 . 2008-08-25 22:14 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\WINDOWS\system32\ENU
    2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\Program Files\Intel
    2008-08-25 22:02 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe
    2008-08-25 22:00 . 2008-08-25 22:00 <DIR> d-------- C:\Program Files\Hp
    2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-08-25 17:17 . 2007-11-02 19:37 77,824 -rahs---- C:\WINDOWS\svchost.exe.bak
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\win.pif
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\msdp32.dll
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\MARCO-ACD07525B.exe
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\command.cmd
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\wininit.com
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\regedit.exe
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Marco.exe
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 ---hs---- C:\AutoRun.exe
    2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a------ C:\WINDOWS\system32\drivers\bcm42xx5.sys
    2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a--c--- C:\WINDOWS\system32\dllcache\bcm42xx5.sys
    2008-08-25 16:41 . 2007-01-30 12:12 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
    2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a------ C:\WINDOWS\system32\drivers\crtaud.sys
    2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a--c--- C:\WINDOWS\system32\dllcache\crtaud.sys
    2008-08-25 16:23 . 2008-08-25 16:23 <DIR> d-------- C:\Program Files\Marvell
    2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Lavalys
    2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Intel Desktop Boards
    2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
    2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
    2008-08-25 07:44 . 2008-08-25 07:44 47,692 --a------ C:\WINDOWS\system32\ae700main.dat
    2008-08-25 07:44 . 2008-08-25 07:44 132 --a------ C:\WINDOWS\system32\{DD362256-A7A2-4524-9457-213DDC2AFC2A}-FunctionContent.dat
    2008-08-25 07:29 . 2008-08-25 07:29 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
    2008-08-25 07:29 . 2008-08-25 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2008-08-25 07:29 . 2008-08-25 07:29 15,236 --a------ C:\WINDOWS\system32\PRE20_FCBlueprint.dat
    2008-08-25 07:29 . 2008-08-25 07:29 156 --a------ C:\WINDOWS\system32\{11C98E1A-EC91-4B38-B44C-C562292D8453}-FunctionContent.dat
    2008-08-25 07:05 . 2008-08-25 07:05 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-08-24 22:43 . 2008-08-24 22:43 <DIR> d--h----- C:\WINDOWS\PIF
    2008-08-24 22:36 . 2008-08-24 22:36 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\vlc
    2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
    2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
    2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
    2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
    2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\drivers\BCMDM.sys
    2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
    2008-08-24 22:05 . 2008-08-24 22:05 27 --a------ C:\WINDOWS\SmAudio.INI
    2008-08-24 21:58 . 2008-08-25 22:01 <DIR> d-------- C:\SWSetup
    2008-08-24 21:57 . 2007-04-16 11:20 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
    2008-08-24 19:58 . 2008-08-24 19:58 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\AdobeUM
    2008-08-24 18:21 . 2008-08-24 18:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
    2008-08-24 18:21 . 2004-08-17 06:10 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
    2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2008-08-24 18:20 . 2008-08-24 18:20 376 --a------ C:\WINDOWS\ODBC.INI
    2008-08-24 18:19 . 2008-08-24 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-08-24 18:18 . 2008-08-24 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-08-24 18:18 . 2008-09-05 08:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\VideoLAN
    2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\eRightSoft
    2008-08-24 18:06 . 2008-08-24 18:06 <DIR> d-------- C:\Documents and Settings\Marco\Bluetooth Software
    2008-08-24 18:05 . 2008-08-24 18:05 <DIR> d-------- C:\Program Files\WIDCOMM
    2008-08-24 18:05 . 2005-11-01 18:08 308,992 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys
    2008-08-24 18:05 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
    2008-08-24 18:05 . 2005-12-22 17:02 51,840 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
    2008-08-24 18:05 . 2005-11-16 20:28 28,928 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys
    2008-08-24 18:05 . 2005-05-06 18:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll
    2008-08-24 18:04 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2008-08-24 18:04 . 2008-08-24 18:04 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\InstallShield
    2008-08-24 18:03 . 2008-09-06 21:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2008-08-24 18:03 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\HPQ
    2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\DIFX
    2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Apoint2K
    2008-08-24 18:03 . 2005-01-31 15:53 109,319 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
    2008-08-24 18:03 . 2005-01-27 15:16 94,247 --a------ C:\WINDOWS\system32\Vxdif.dll
    2008-08-24 18:01 . 2007-03-22 14:29 625,664 --a------ C:\WINDOWS\system32\drivers\CHDAud.sys
    2008-08-24 18:01 . 2007-03-22 09:18 212,992 --a------ C:\WINDOWS\system32\UCI32A19.dll
    2008-08-24 18:01 . 2006-08-10 15:28 122,880 --a------ C:\WINDOWS\system32\uci32108.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
    2008-08-24 12:16 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Administrator.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Marco.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\win.pif
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Fonts\font.bat
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\regedit.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\wininit.com
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\command.cmd
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\MARCO-ACD07525B.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\msdp32.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Web\Picture.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 135168]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 155648]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 131072]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 159744]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
    "MARCO-ACD07525B"="C:\WINDOWS\win.pif" [2007-11-02 77824]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 180269]
    "FlashGuard"="C:\Program Files\FlashGuard\FlashGuard.exe" [2008-04-16 212599]
    "SkyTel"="SkyTel.EXE" [2007-11-20 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 C:\WINDOWS\RTHDCPL.EXE]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 C:\WINDOWS\ALCWZRD.EXE]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "(Default)"="C:\DOCUME~1\Marco\LOCALS~1\winlogon.exe" [2007-11-02 77824]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "(Default)"="win.com" [2001-08-23 C:\WINDOWS\system32\win.com]

    C:\Documents and Settings\Marco\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "System"="C:\\WINDOWS\\System\\wininit.com"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\DOCUME~1\\Marco\\LOCALS~1\\smss.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
    R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
    S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\CHDRT32.sys [2008-03-04 188416]
    S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 42112]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
    S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 933818]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5ad60b-71d8-11dd-8020-b0d135777c5c}]
    \Shell\AutoRun\command - I:\System\Security\DriveGuard.exe -run
    \Shell\Explore\Command - I:\System\Security\DriveGuard.exe -run
    \Shell\Open\Command - I:\System\Security\DriveGuard.exe -run

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{485b1c20-73a0-11dd-8030-001e37e93b43}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
    \Shell\Explore\command - H:\explorcr.exe
    \Shell\Open\command - H:\explorcr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cea6c30-729c-11dd-8028-001d725a9605}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
    \Shell\Explore\command - F:\explorcr.exe
    \Shell\Open\command - F:\explorcr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b0-7bd3-11dd-8035-001e37e93b43}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b1-7bd3-11dd-8035-001e37e93b43}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
    \Shell\Explore\command - G:\explorcr.exe
    \Shell\Open\command - G:\explorcr.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-d00edeab - C:\WINDOWS\system32\xncjpsbv.dll
    HKLM-Run-BMd33ded37 - C:\WINDOWS\system32\cmpneror.dll
    HKU-Default-Run-SYSTEM - C:\WINDOWS\TEMP\Tmp.com


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://google.fr/
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
    C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-08 10:39:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsNet]
    "ImagePath"="C:\WINDOWS\Fonts\font.bat"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\MARCO-ACD07525B.exe
    C:\WINDOWS\Marco.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\ApntEx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-08 10:40:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-08 05:10:54

    Pre-Run: 21,876,367,360 bytes free
    Post-Run: 21,851,176,960 bytes free

    281



    Hijackthis report



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:00:04 PM, on 9/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --
    End of file - 6126 bytes
    9 Septembre 2008 12:06:01

    Voici les deux report demande :


    ComboFix 08-09-05.05 - Marco 2008-09-08 10:36:46.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1509 [GMT 5.5:30]
    Running from: C:\Documents and Settings\Marco\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    C:\WINDOWS\.exe
    C:\WINDOWS\BMd33ded37.txt
    C:\WINDOWS\BMd33ded37.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\smss.exe
    C:\WINDOWS\system32\cmpneror.dll
    C:\WINDOWS\system32\dfiQBKkj.ini
    C:\WINDOWS\system32\explorcr.exe
    C:\WINDOWS\system32\fqcahu.dll
    C:\WINDOWS\system32\jkKBQifd.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\thngyosn.dll
    C:\WINDOWS\system32\vbspjcnx.ini
    C:\WINDOWS\system32\xncjpsbv.dll
    H:\r.cmd
    I:\autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
    .

    2008-09-06 22:01 . 2008-09-06 22:01 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-09-06 21:56 . 2008-09-06 21:56 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-09-06 21:56 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Administrator.exe
    2008-09-06 21:54 . 2008-09-06 22:05 <DIR> d-------- C:\SDFix
    2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\WINDOWS\Options
    2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Program Files\Broadcom
    2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broadcom
    2008-09-06 21:52 . 2007-06-21 19:16 691,192 --a------ C:\WINDOWS\system32\drivers\bcmwl6.sys
    2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Program Files\ma-config.com
    2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-09-06 11:11 . 2008-09-06 11:12 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\U3
    2008-09-06 10:54 . 2008-09-06 11:01 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\FileZilla
    2008-09-06 10:53 . 2008-09-06 10:53 <DIR> d-------- C:\Program Files\FileZilla FTP Client
    2008-09-06 00:16 . 2008-09-06 00:16 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\Canneverbe_Limited
    2008-09-06 00:15 . 2008-09-06 00:15 <DIR> d-------- C:\Program Files\CDBurnerXP
    2008-09-05 16:34 . 2008-09-05 16:34 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d---s---- C:\Documents and Settings\Marco\UserData
    2008-09-05 09:59 . 2008-09-05 09:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-09-04 15:30 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
    2008-09-04 15:28 . 2008-09-04 15:28 <DIR> d-------- C:\Program Files\Pinnacle
    2008-09-04 15:23 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe
    2008-09-04 15:22 . 2008-09-04 15:22 <DIR> d-------- C:\Documents and Settings\Marco\WINDOWS
    2008-09-04 10:22 . 2008-09-04 10:22 <DIR> d-------- C:\Program Files\Alwil Software
    2008-09-04 10:22 . 2003-03-19 02:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-09-04 10:05 . 2008-09-04 10:05 <DIR> dra-s---- C:\Program Files\FlashGuard
    2008-09-03 21:22 . 2008-09-03 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-03 21:22 . 2008-09-03 21:22 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-03 20:32 . 2008-09-08 05:35 50 --a------ C:\WINDOWS\cdplayer.ini
    2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Real
    2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\Real
    2008-08-31 21:58 . 2008-08-31 21:58 <DIR> d-------- C:\Program Files\AviSynth 2.5
    2008-08-25 23:25 . 2008-08-25 23:25 <DIR> d-------- C:\Program Files\NetWaiting
    2008-08-25 23:23 . 2008-08-25 23:23 <DIR> d-------- C:\Program Files\CONEXANT
    2008-08-25 23:22 . 2006-09-07 14:23 117,248 --a------ C:\WINDOWS\system32\staco.dll
    2008-08-25 23:21 . 2008-08-25 23:21 <DIR> d-------- C:\Program Files\SigmaTel
    2008-08-25 23:04 . 2008-08-25 23:04 <DIR> d-------- C:\Program Files\Realtek
    2008-08-25 22:14 . 2008-08-25 22:14 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\WINDOWS\system32\ENU
    2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\Program Files\Intel
    2008-08-25 22:02 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe
    2008-08-25 22:00 . 2008-08-25 22:00 <DIR> d-------- C:\Program Files\Hp
    2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-08-25 17:17 . 2007-11-02 19:37 77,824 -rahs---- C:\WINDOWS\svchost.exe.bak
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\win.pif
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\msdp32.dll
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\MARCO-ACD07525B.exe
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\command.cmd
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\wininit.com
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\regedit.exe
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Marco.exe
    2008-08-25 16:58 . 2007-11-02 19:37 77,824 ---hs---- C:\AutoRun.exe
    2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a------ C:\WINDOWS\system32\drivers\bcm42xx5.sys
    2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a--c--- C:\WINDOWS\system32\dllcache\bcm42xx5.sys
    2008-08-25 16:41 . 2007-01-30 12:12 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
    2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a------ C:\WINDOWS\system32\drivers\crtaud.sys
    2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a--c--- C:\WINDOWS\system32\dllcache\crtaud.sys
    2008-08-25 16:23 . 2008-08-25 16:23 <DIR> d-------- C:\Program Files\Marvell
    2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Lavalys
    2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Intel Desktop Boards
    2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
    2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
    2008-08-25 07:44 . 2008-08-25 07:44 47,692 --a------ C:\WINDOWS\system32\ae700main.dat
    2008-08-25 07:44 . 2008-08-25 07:44 132 --a------ C:\WINDOWS\system32\{DD362256-A7A2-4524-9457-213DDC2AFC2A}-FunctionContent.dat
    2008-08-25 07:29 . 2008-08-25 07:29 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
    2008-08-25 07:29 . 2008-08-25 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2008-08-25 07:29 . 2008-08-25 07:29 15,236 --a------ C:\WINDOWS\system32\PRE20_FCBlueprint.dat
    2008-08-25 07:29 . 2008-08-25 07:29 156 --a------ C:\WINDOWS\system32\{11C98E1A-EC91-4B38-B44C-C562292D8453}-FunctionContent.dat
    2008-08-25 07:05 . 2008-08-25 07:05 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-08-24 22:43 . 2008-08-24 22:43 <DIR> d--h----- C:\WINDOWS\PIF
    2008-08-24 22:36 . 2008-08-24 22:36 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\vlc
    2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
    2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
    2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
    2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
    2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\drivers\BCMDM.sys
    2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
    2008-08-24 22:05 . 2008-08-24 22:05 27 --a------ C:\WINDOWS\SmAudio.INI
    2008-08-24 21:58 . 2008-08-25 22:01 <DIR> d-------- C:\SWSetup
    2008-08-24 21:57 . 2007-04-16 11:20 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
    2008-08-24 19:58 . 2008-08-24 19:58 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\AdobeUM
    2008-08-24 18:21 . 2008-08-24 18:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
    2008-08-24 18:21 . 2004-08-17 06:10 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
    2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2008-08-24 18:20 . 2008-08-24 18:20 376 --a------ C:\WINDOWS\ODBC.INI
    2008-08-24 18:19 . 2008-08-24 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-08-24 18:18 . 2008-08-24 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-08-24 18:18 . 2008-09-05 08:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\VideoLAN
    2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\eRightSoft
    2008-08-24 18:06 . 2008-08-24 18:06 <DIR> d-------- C:\Documents and Settings\Marco\Bluetooth Software
    2008-08-24 18:05 . 2008-08-24 18:05 <DIR> d-------- C:\Program Files\WIDCOMM
    2008-08-24 18:05 . 2005-11-01 18:08 308,992 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys
    2008-08-24 18:05 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
    2008-08-24 18:05 . 2005-12-22 17:02 51,840 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
    2008-08-24 18:05 . 2005-11-16 20:28 28,928 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys
    2008-08-24 18:05 . 2005-05-06 18:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll
    2008-08-24 18:04 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2008-08-24 18:04 . 2008-08-24 18:04 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\InstallShield
    2008-08-24 18:03 . 2008-09-06 21:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2008-08-24 18:03 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\HPQ
    2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\DIFX
    2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Apoint2K
    2008-08-24 18:03 . 2005-01-31 15:53 109,319 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
    2008-08-24 18:03 . 2005-01-27 15:16 94,247 --a------ C:\WINDOWS\system32\Vxdif.dll
    2008-08-24 18:01 . 2007-03-22 14:29 625,664 --a------ C:\WINDOWS\system32\drivers\CHDAud.sys
    2008-08-24 18:01 . 2007-03-22 09:18 212,992 --a------ C:\WINDOWS\system32\UCI32A19.dll
    2008-08-24 18:01 . 2006-08-10 15:28 122,880 --a------ C:\WINDOWS\system32\uci32108.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
    2008-08-24 12:16 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Administrator.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Marco.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\win.pif
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Fonts\font.bat
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\regedit.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\wininit.com
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\command.cmd
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\MARCO-ACD07525B.exe
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\msdp32.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
    2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Web\Picture.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 135168]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 155648]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 131072]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 159744]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
    "MARCO-ACD07525B"="C:\WINDOWS\win.pif" [2007-11-02 77824]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 180269]
    "FlashGuard"="C:\Program Files\FlashGuard\FlashGuard.exe" [2008-04-16 212599]
    "SkyTel"="SkyTel.EXE" [2007-11-20 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 C:\WINDOWS\RTHDCPL.EXE]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 C:\WINDOWS\ALCWZRD.EXE]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "(Default)"="C:\DOCUME~1\Marco\LOCALS~1\winlogon.exe" [2007-11-02 77824]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "(Default)"="win.com" [2001-08-23 C:\WINDOWS\system32\win.com]

    C:\Documents and Settings\Marco\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "System"="C:\\WINDOWS\\System\\wininit.com"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\DOCUME~1\\Marco\\LOCALS~1\\smss.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
    R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
    S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\CHDRT32.sys [2008-03-04 188416]
    S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 42112]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
    S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 933818]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5ad60b-71d8-11dd-8020-b0d135777c5c}]
    \Shell\AutoRun\command - I:\System\Security\DriveGuard.exe -run
    \Shell\Explore\Command - I:\System\Security\DriveGuard.exe -run
    \Shell\Open\Command - I:\System\Security\DriveGuard.exe -run

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{485b1c20-73a0-11dd-8030-001e37e93b43}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
    \Shell\Explore\command - H:\explorcr.exe
    \Shell\Open\command - H:\explorcr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cea6c30-729c-11dd-8028-001d725a9605}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
    \Shell\Explore\command - F:\explorcr.exe
    \Shell\Open\command - F:\explorcr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b0-7bd3-11dd-8035-001e37e93b43}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b1-7bd3-11dd-8035-001e37e93b43}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
    \Shell\Explore\command - G:\explorcr.exe
    \Shell\Open\command - G:\explorcr.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-d00edeab - C:\WINDOWS\system32\xncjpsbv.dll
    HKLM-Run-BMd33ded37 - C:\WINDOWS\system32\cmpneror.dll
    HKU-Default-Run-SYSTEM - C:\WINDOWS\TEMP\Tmp.com


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://google.fr/
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
    C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-08 10:39:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsNet]
    "ImagePath"="C:\WINDOWS\Fonts\font.bat"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\MARCO-ACD07525B.exe
    C:\WINDOWS\Marco.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\ApntEx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-08 10:40:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-08 05:10:54

    Pre-Run: 21,876,367,360 bytes free
    Post-Run: 21,851,176,960 bytes free

    281



    Hijackthis report



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:00:04 PM, on 9/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --
    End of file - 6126 bytes
    9 Septembre 2008 21:45:26

    bonsoir
    je ne suis pas sûr qu'on arrivera à te désinfecter...

    Télécharge Flash Disinfector
    Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
    Connecte tous les périphériques externes ( DD , USB , ..... )
    Double clique sur Flash Disinfector et laisse toi guider


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\Administrator.exe
    C:\WINDOWS\svchost.exe.bak
    C:\WINDOWS\win.pif
    C:\WINDOWS\system32\msdp32.dll
    C:\WINDOWS\system32\MARCO-ACD07525B.exe
    C:\WINDOWS\system32\command.cmd
    C:\WINDOWS\system\wininit.com
    C:\WINDOWS\system\regedit.exe
    C:\WINDOWS\Marco.exe
    C:\AutoRun.exe
    C:\WINDOWS\Fonts\font.bat

    Folder::
    C:\Documents and Settings\Administrator
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MARCO-ACD07525B"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    ++++++++++++++++


    je suis presque sûr que tu es infecté par virut:
    http://www.threatexpert.com/files/regedit.exe.html

    si c'est ça, il faudra formater. On doit vérifier avant que je rédige un script plus détaillé.


    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.

    18 Septembre 2008 15:13:59

    Dsl Sham je mets du temps a repondre, ma reponse va arriver avec les logs....

    Mais je n'est pas beaucoup de temps a moi en ce moment

    Marco
    18 Septembre 2008 21:19:59

    bonsoir
    pas de problèmes ;O)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS