demande d'avis Résolu

Question

Bonjour,

Etant la personne "la plus calée" en informatique de ma famille, j'ai récupéré de m'occuper de la sécurités des PC. Le PC de mes parents a eu affaire a une petite infection virale la semaine dernière (de mémoire: kavos.exe et deux autres vers) que j'ai réussi -je pense- à circonscrire.
Depuis le PC en question démarre assez difficilement (blocage à l'arrivée sur le bureau Windows) mais de manière aléatoire.
J'ai fait une analyse hijackthis dont je poste le log, si quelqu'un peut m'aider et me dire si y'a quelque chose qui cloche, ce serait bien.
Merci d'avance



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:24, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\1036\msoffice.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O1 - Hosts: 207.44.196.219 auto.search.msn.com #NETVISION
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453434 14
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe" /autorun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Réglages souris Labtec.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://*.supertraffic.info
O15 - Trusted Zone: http://*.ww2.supertraffic.info
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

slt il en reste :(


1/ désactive le tea timer de spybot! mode puis mode avancé puis outils puis resident

______________


# télécharger Hoster : 
http://www.funkytoad.com/download/HostsXpert.zip 

# Dézipper le dossier sur le bureau. 
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File 


si impossible fais RHOST 

http://siri.urz.free.fr/RHosts.php 

________________

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 


________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

jabu · Answer

Mouaiff... le début de la réponse encourage guère...
Allez on retrousse les manches et c'est parti!

HostsXpert: téléchargé et dézippé mais ne peut créer le fichier
j'ai donc lancé RHOST

Combofix: voici son rapport tout chaud d'il y a 30s même pas!

ComboFix 09-03-02.01 - Francis 2009-03-02 22:11:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.615 [GMT 1:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090302-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\nmdfgds1.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 21:11 . 2009-03-02 21:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-02 21:10 . 2005-01-29 05:04 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-03-02 21:10 . 2005-01-29 06:00 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-02 21:10 . 2009-03-02 21:10 <REP> d-------- c:\documents and settings\Administrateur
2009-02-28 14:05 . 2009-03-02 18:53 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-28 14:05 . 2009-02-28 14:05 1,409 --a------ c:\windows\QTFont.for
2009-02-28 12:19 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 12:19 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2009-02-28 12:19 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 12:19 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 12:19 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 12:19 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 12:19 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 12:12 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
2009-02-28 12:11 . 2004-12-14 18:35 86,016 --a------ c:\windows\system32\vatee.ax
2009-02-27 16:19 . 2009-02-27 16:19 <REP> dr------- c:\program files\Skype
2009-02-27 16:19 . 2009-02-27 16:19 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-26 17:47 . 2009-02-26 17:47 <REP> d-------- c:\program files\Trend Micro
2009-02-23 10:04 . 2009-02-23 10:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\Francis\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 21:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 21:23 . 2009-02-22 21:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 19:33 . 2009-02-22 20:48 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-22 19:27 . 2009-02-22 20:49 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-21 20:08 . 2008-04-14 03:34 70,656 --a------ c:\windows\AhnRpta.exe
2009-02-21 19:27 . 2009-02-21 19:27 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 19:27 . 2009-02-21 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 12:14 . 2009-03-02 22:04 <REP> d-------- c:\documents and settings\Francis\Application Data\HPAppData
2009-02-07 12:12 . 2009-02-07 12:13 <REP> d-------- c:\documents and settings\Francis\Application Data\HP
2009-02-07 12:10 . 2009-02-07 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-07 12:09 . 2007-11-01 04:28 970,752 -ra------ c:\windows\system32\hpotiop5.dll
2009-02-07 12:09 . 2007-11-01 04:28 729,088 -ra------ c:\windows\system32\hpowiax5.dll
2009-02-07 12:09 . 2007-11-01 04:28 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-07 12:09 . 2007-11-01 04:28 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-07 12:09 . 2007-11-01 04:28 303,104 -ra------ c:\windows\system32\hpovst12.dll
2009-02-07 12:09 . 2007-12-06 16:55 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-02-07 12:09 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-07 11:52 . 2009-02-02 15:58 186,749 --------- c:\windows\hpoins21.dat.temp
2009-02-07 11:52 . 2008-02-13 02:15 7,262 --------- c:\windows\hpomdl21.dat.temp
2009-02-02 15:53 . 2009-02-07 12:13 187,065 --a------ c:\windows\hpoins21.dat
2009-02-02 15:53 . 2008-02-13 02:15 7,262 --------- c:\windows\hpomdl21.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 21:05 --------- d-----w c:\program files\Wanadoo
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\skypePM
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\Skype
2009-03-01 17:36 --------- d-----w c:\documents and settings\Francis\Application Data\U3
2009-02-28 11:11 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-02-27 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-23 09:03 --------- d-----w c:\program files\Java
2009-02-07 10:54 --------- d-----w c:\program files\HP
2009-01-31 17:26 --------- d-----w c:\program files\GUILD WARS
2009-01-18 18:52 1,524 ----a-w c:\documents and settings\Francis\Application Data\wklnhst.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-04 12:06 2,402,832 ----a-w c:\program files\WLinstaller.exe
2007-03-24 18:54 54,553,388 ----a-w c:\program files\ci07_05_2007_2_027.exe
2006-06-04 08:54 247,608 ----a-w c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2005-06-12 16:31 13,374 ----a-w c:\program files\Script.iwz
2008-11-30 08:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-02-16 2273280]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Camera Detector"="c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2003-11-17 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-03-05 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-03-12 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-19 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
R‚glages souris Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2006-10-07 266240]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-02-05 925696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A
"kava"=c:\windows\system32\kavo.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"protect_autorun"=c:\documents and settings\Francis\Mes documents\Kill MS32dll.dll.vbs.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 114768]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2006-10-07 9088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-02-05 402432]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-07-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-07-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-07-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-07-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-07-26 82864]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - HTTPFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44043189-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - L:\il0byu3h.com
\Shell\open\Command - L:\il0byu3h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f66-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f68-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - M:\2fiy.bat
\Shell\open\Command - M:\2fiy.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2009-03-02 c:\windows\Tasks\HPpromoLoginTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-02 c:\windows\Tasks\HPpromoPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-fsc-reminder.exe - c:\windows\reminder\fsc-reminder.exe
ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - c:\windows\system32\afmain0.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: supertraffic.info
Trusted Zone: ww2.supertraffic.info
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 22:12:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-02 22:14:52
ComboFix-quarantined-files.txt 2009-03-02 21:14:42

Avant-CF: 168 552 161 280 octets libres
Après-CF: 168,624,594,944 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

235 --- E O F --- 2009-02-25 09:55:11
-------------------------------------------------------------------------------------------------------

Je m'occupe de RSIT et je reviens poster les rapports
Encore merci pour le coups de patte rapide

jabu · Answer

voici les deux rapports de RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Francis at 2009-03-02 22:24:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 161 GB (84%) free of 191 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:50, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Francis\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Francis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe" /autorun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453434 14
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Réglages souris Labtec.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://*.supertraffic.info
O15 - Trusted Zone: http://*.ww2.supertraffic.info
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

analyse ce fichier si tu ne le connais pas et dis moi ce qu'est ton disque K:https://www.virustotal.com/gui/

 K:\Une-cle-pour-demarrer.exe


________________



je me mets ceci de coté:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44043189-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - L:\il0byu3h.com
\Shell\open\Command - L:\il0byu3h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - M:\2fiy.bat
\Shell\open\Command - M:\2fiy.bat 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"=C:\WINDOWS\reminder\fsc-reminder.exe 2453434 14 []

jabu · Answer

une-cle-pour-demarrer.exe est le logiciel qui se lance à la connection de la clé USB qui m'a été fournie par mon boulot (Educ' Nat'). Il est impossible de le faire sauter (à mon grand dam!);  on peut donc le considérer comme clean.

Pour les autres entrées du registre que tu as pointées, que faire?
il0byu3h.com    m'a été signalé par Avast comme un virus je l'ai mis en quarantaine quand il est apparu sur C... apparemment il trainerait sur une clé USB si je comprends bien (lecteur L:)
2fiy.bat    m'a lui aussi été signalé comme une vérole par Avast... j'ai du le supprimer via Avast, je ne le retrouve pas en quarantaine
le reminder... je sais pas à quoi il sert

jlpjlp · Answer

ok par contre a ton boulot l'ordi doit etre infecté tu y passera RAV et , flash disinfector


____________


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


Files:
M:\2fiy.bat
C:\WINDOWS\reminder\fsc-reminder.exe 
L:\il0byu3h.com
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b­}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b­}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
"fsc-reminder.exe"=-





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 


_______________________



passe ensuite flash disinfector pour immuniser la clé  (tu le lancera au boulot)

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

jabu · Answer

je viens de finir avec combofix, voici son rapport
par contre j'ai pas eu le message dont tu me parlais (1 to continue 2 to abort). C'est grave?

ComboFix 09-03-02.01 - Francis 2009-03-03 19:05:03.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.565 [GMT 1:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Francis\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090303-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 22:24 . 2009-03-02 22:24 <REP> d-------- C:\rsit
2009-03-02 21:11 . 2009-03-02 21:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-02 21:10 . 2005-01-29 05:04 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-03-02 21:10 . 2005-01-29 06:00 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-02 21:10 . 2009-03-02 21:10 <REP> d-------- c:\documents and settings\Administrateur
2009-02-28 14:05 . 2009-03-03 18:55 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-28 14:05 . 2009-02-28 14:05 1,409 --a------ c:\windows\QTFont.for
2009-02-28 12:19 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 12:19 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2009-02-28 12:19 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 12:19 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 12:19 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 12:19 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 12:19 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 12:12 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
2009-02-28 12:11 . 2004-12-14 18:35 86,016 --a------ c:\windows\system32\vatee.ax
2009-02-27 16:19 . 2009-02-27 16:19 <REP> dr------- c:\program files\Skype
2009-02-27 16:19 . 2009-02-27 16:19 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-26 17:47 . 2009-02-26 17:47 <REP> d-------- c:\program files\Trend Micro
2009-02-23 10:04 . 2009-02-23 10:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\Francis\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 21:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 21:23 . 2009-02-22 21:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 19:33 . 2009-02-22 20:48 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-22 19:27 . 2009-02-22 20:49 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-21 20:08 . 2008-04-14 03:34 70,656 --a------ c:\windows\AhnRpta.exe
2009-02-21 19:27 . 2009-02-21 19:27 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 19:27 . 2009-02-21 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 12:14 . 2009-03-03 18:44 <REP> d-------- c:\documents and settings\Francis\Application Data\HPAppData
2009-02-07 12:12 . 2009-02-07 12:13 <REP> d-------- c:\documents and settings\Francis\Application Data\HP
2009-02-07 12:10 . 2009-02-07 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-07 12:09 . 2007-11-01 04:28 970,752 -ra------ c:\windows\system32\hpotiop5.dll
2009-02-07 12:09 . 2007-11-01 04:28 729,088 -ra------ c:\windows\system32\hpowiax5.dll
2009-02-07 12:09 . 2007-11-01 04:28 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-07 12:09 . 2007-11-01 04:28 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-07 12:09 . 2007-11-01 04:28 303,104 -ra------ c:\windows\system32\hpovst12.dll
2009-02-07 12:09 . 2007-12-06 16:55 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-02-07 12:09 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-07 11:52 . 2009-02-02 15:58 186,749 --------- c:\windows\hpoins21.dat.temp
2009-02-07 11:52 . 2008-02-13 02:15 7,262 --------- c:\windows\hpomdl21.dat.temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 17:39 --------- d-----w c:\program files\Wanadoo
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\skypePM
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\Skype
2009-03-01 17:36 --------- d-----w c:\documents and settings\Francis\Application Data\U3
2009-02-28 11:11 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-02-27 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-23 09:03 --------- d-----w c:\program files\Java
2009-02-07 10:54 --------- d-----w c:\program files\HP
2009-01-31 17:26 --------- d-----w c:\program files\GUILD WARS
2009-01-18 18:52 1,524 ----a-w c:\documents and settings\Francis\Application Data\wklnhst.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-04 12:06 2,402,832 ----a-w c:\program files\WLinstaller.exe
2007-03-24 18:54 54,553,388 ----a-w c:\program files\ci07_05_2007_2_027.exe
2006-06-04 08:54 247,608 ----a-w c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2005-06-12 16:31 13,374 ----a-w c:\program files\Script.iwz
2008-11-30 08:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_22.13.10,65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:37:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-02-16 2273280]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"fsc-reminder.exe"="c:\windows\reminder\fsc-reminder.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Camera Detector"="c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2003-11-17 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-03-05 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-03-12 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-19 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
R‚glages souris Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2006-10-07 266240]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-02-05 925696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A
"kava"=c:\windows\system32\kavo.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"protect_autorun"=c:\documents and settings\Francis\Mes documents\Kill MS32dll.dll.vbs.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 114768]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2006-10-07 9088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-02-05 402432]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-07-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-07-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-07-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-07-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-07-26 82864]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44043189-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - L:\il0byu3h.com
\Shell\open\Command - L:\il0byu3h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f66-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f68-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - M:\2fiy.bat
\Shell\open\Command - M:\2fiy.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2009-03-03 c:\windows\Tasks\HPpromoLoginTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-02 c:\windows\Tasks\HPpromoPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{6DC0BE02-4733-421E-9441-B95D56112533}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: supertraffic.info
Trusted Zone: ww2.supertraffic.info
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 19:07:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-03 19:09:21
ComboFix-quarantined-files.txt 2009-03-03 18:09:15
ComboFix2.txt 2009-03-02 21:14:54

Avant-CF: 168 594 898 944 octets libres
Après-CF: 168,580,337,664 octets libres

226 --- E O F --- 2009-02-25 09:55:11

jlpjlp · Answer

tu as mal fait!!! refais avec ce qui suis 


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


Driver :: 
ZDCndis5 
Files:
c:\windows\system32\ZDCndis5.SYS
M:\2fiy.bat
C:\WINDOWS\reminder\fsc-reminder.exe
L:\il0byu3h.com
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b­}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b­}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
"fsc-reminder.exe"=-





Enregistre ce fichier sous le nom CFscript           (bien mettre majuscules et minuscules)


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

jabu · Answer

oups ok je recommence...
Le fichier texte à créer s'appelle bien CFscript.txt, c'est bien ca ou alors il ne lui faut pas d'extension? J'ai eu un doute tout à l'heure

jlpjlp · Answer

ne mets pas d'extension

jabu · Answer

bien, le scan Combofix vient de se terminer
je n'ai fait que des copier-coller de tout ce que tu avais noté pour éviter toute erreur de recopie (y compris le nom du fichier de script)
Voila le rapport

ComboFix 09-03-02.01 - Francis 2009-03-03 20:35:43.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.561 [GMT 1:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Francis\Bureau\CFscript
AV: avast! antivirus 4.8.1335 [VPS 090303-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 22:24 . 2009-03-02 22:24 <REP> d-------- C:\rsit
2009-03-02 21:11 . 2009-03-02 21:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-02 21:10 . 2005-01-29 05:04 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-03-02 21:10 . 2005-01-29 06:00 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-02 21:10 . 2009-03-02 21:10 <REP> d-------- c:\documents and settings\Administrateur
2009-02-28 14:05 . 2009-03-03 18:55 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-28 14:05 . 2009-02-28 14:05 1,409 --a------ c:\windows\QTFont.for
2009-02-28 12:19 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 12:19 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2009-02-28 12:19 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 12:19 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 12:19 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 12:19 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 12:19 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 12:12 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
2009-02-28 12:11 . 2004-12-14 18:35 86,016 --a------ c:\windows\system32\vatee.ax
2009-02-27 16:19 . 2009-02-27 16:19 <REP> dr------- c:\program files\Skype
2009-02-27 16:19 . 2009-02-27 16:19 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-26 17:47 . 2009-02-26 17:47 <REP> d-------- c:\program files\Trend Micro
2009-02-23 10:04 . 2009-02-23 10:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\Francis\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 21:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 21:23 . 2009-02-22 21:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 19:33 . 2009-02-22 20:48 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-22 19:27 . 2009-02-22 20:49 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-21 20:08 . 2008-04-14 03:34 70,656 --a------ c:\windows\AhnRpta.exe
2009-02-21 19:27 . 2009-02-21 19:27 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 19:27 . 2009-02-21 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 12:14 . 2009-03-03 20:34 <REP> d-------- c:\documents and settings\Francis\Application Data\HPAppData
2009-02-07 12:12 . 2009-02-07 12:13 <REP> d-------- c:\documents and settings\Francis\Application Data\HP
2009-02-07 12:10 . 2009-02-07 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-07 12:09 . 2007-11-01 04:28 970,752 -ra------ c:\windows\system32\hpotiop5.dll
2009-02-07 12:09 . 2007-11-01 04:28 729,088 -ra------ c:\windows\system32\hpowiax5.dll
2009-02-07 12:09 . 2007-11-01 04:28 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-07 12:09 . 2007-11-01 04:28 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-07 12:09 . 2007-11-01 04:28 303,104 -ra------ c:\windows\system32\hpovst12.dll
2009-02-07 12:09 . 2007-12-06 16:55 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-02-07 12:09 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-07 11:52 . 2009-02-02 15:58 186,749 --------- c:\windows\hpoins21.dat.temp
2009-02-07 11:52 . 2008-02-13 02:15 7,262 --------- c:\windows\hpomdl21.dat.temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 19:34 --------- d-----w c:\program files\Wanadoo
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\skypePM
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\Skype
2009-03-01 17:36 --------- d-----w c:\documents and settings\Francis\Application Data\U3
2009-02-28 11:11 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-02-27 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-23 09:03 --------- d-----w c:\program files\Java
2009-02-07 10:54 --------- d-----w c:\program files\HP
2009-01-31 17:26 --------- d-----w c:\program files\GUILD WARS
2009-01-18 18:52 1,524 ----a-w c:\documents and settings\Francis\Application Data\wklnhst.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-04 12:06 2,402,832 ----a-w c:\program files\WLinstaller.exe
2007-03-24 18:54 54,553,388 ----a-w c:\program files\ci07_05_2007_2_027.exe
2006-06-04 08:54 247,608 ----a-w c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2005-06-12 16:31 13,374 ----a-w c:\program files\Script.iwz
2008-11-30 08:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_22.13.10,65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:37:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-02-16 2273280]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"fsc-reminder.exe"="c:\windows\reminder\fsc-reminder.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Camera Detector"="c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2003-11-17 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-03-05 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-03-12 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-19 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
R‚glages souris Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2006-10-07 266240]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-02-05 925696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A
"kava"=c:\windows\system32\kavo.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"protect_autorun"=c:\documents and settings\Francis\Mes documents\Kill MS32dll.dll.vbs.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 114768]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2006-10-07 9088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-02-05 402432]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-07-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-07-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-07-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-07-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-07-26 82864]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44043189-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - L:\il0byu3h.com
\Shell\open\Command - L:\il0byu3h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f66-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f68-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - M:\2fiy.bat
\Shell\open\Command - M:\2fiy.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2009-03-03 c:\windows\Tasks\HPpromoLoginTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\HPpromoPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{6DC0BE02-4733-421E-9441-B95D56112533}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: supertraffic.info
Trusted Zone: ww2.supertraffic.info
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 20:37:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-03 20:39:29
ComboFix-quarantined-files.txt 2009-03-03 19:39:23
ComboFix2.txt 2009-03-03 18:09:24
ComboFix3.txt 2009-03-02 21:14:54

Avant-CF: 168 565 334 016 octets libres
Après-CF: 168,550,273,024 octets libres

225 --- E O F --- 2009-02-25 09:55:11

jlpjlp · Answer

c'est pas bon 

refais avec extension cette fois

jabu · Answer

et M...!
Bon on reprend... le scan combofix vient de se terminer et voici le rapport... J'ai pas l'impession qu'il y ait des changements par rapport au précédent

ComboFix 09-03-02.01 - Francis 2009-03-03 20:48:37.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.554 [GMT 1:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Francis\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090303-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 22:24 . 2009-03-02 22:24 <REP> d-------- C:\rsit
2009-03-02 21:11 . 2009-03-02 21:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-02 21:10 . 2005-01-29 05:04 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-03-02 21:10 . 2005-01-29 06:00 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-02 21:10 . 2009-03-02 21:10 <REP> d-------- c:\documents and settings\Administrateur
2009-02-28 14:05 . 2009-03-03 18:55 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-28 14:05 . 2009-02-28 14:05 1,409 --a------ c:\windows\QTFont.for
2009-02-28 12:19 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 12:19 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2009-02-28 12:19 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 12:19 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 12:19 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 12:19 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 12:19 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 12:12 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
2009-02-28 12:11 . 2004-12-14 18:35 86,016 --a------ c:\windows\system32\vatee.ax
2009-02-27 16:19 . 2009-02-27 16:19 <REP> dr------- c:\program files\Skype
2009-02-27 16:19 . 2009-02-27 16:19 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-26 17:47 . 2009-02-26 17:47 <REP> d-------- c:\program files\Trend Micro
2009-02-23 10:04 . 2009-02-23 10:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\Francis\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 21:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 21:23 . 2009-02-22 21:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 19:33 . 2009-02-22 20:48 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-22 19:27 . 2009-02-22 20:49 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-21 20:08 . 2008-04-14 03:34 70,656 --a------ c:\windows\AhnRpta.exe
2009-02-21 19:27 . 2009-02-21 19:27 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 19:27 . 2009-02-21 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 12:14 . 2009-03-03 20:45 <REP> d-------- c:\documents and settings\Francis\Application Data\HPAppData
2009-02-07 12:12 . 2009-02-07 12:13 <REP> d-------- c:\documents and settings\Francis\Application Data\HP
2009-02-07 12:10 . 2009-02-07 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-07 12:09 . 2007-11-01 04:28 970,752 -ra------ c:\windows\system32\hpotiop5.dll
2009-02-07 12:09 . 2007-11-01 04:28 729,088 -ra------ c:\windows\system32\hpowiax5.dll
2009-02-07 12:09 . 2007-11-01 04:28 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-07 12:09 . 2007-11-01 04:28 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-07 12:09 . 2007-11-01 04:28 303,104 -ra------ c:\windows\system32\hpovst12.dll
2009-02-07 12:09 . 2007-12-06 16:55 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-02-07 12:09 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-07 11:52 . 2009-02-02 15:58 186,749 --------- c:\windows\hpoins21.dat.temp
2009-02-07 11:52 . 2008-02-13 02:15 7,262 --------- c:\windows\hpomdl21.dat.temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 19:47 --------- d-----w c:\program files\Wanadoo
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\skypePM
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\Skype
2009-03-01 17:36 --------- d-----w c:\documents and settings\Francis\Application Data\U3
2009-02-28 11:11 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-02-27 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-23 09:03 --------- d-----w c:\program files\Java
2009-02-07 10:54 --------- d-----w c:\program files\HP
2009-01-31 17:26 --------- d-----w c:\program files\GUILD WARS
2009-01-18 18:52 1,524 ----a-w c:\documents and settings\Francis\Application Data\wklnhst.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-04 12:06 2,402,832 ----a-w c:\program files\WLinstaller.exe
2007-03-24 18:54 54,553,388 ----a-w c:\program files\ci07_05_2007_2_027.exe
2006-06-04 08:54 247,608 ----a-w c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2005-06-12 16:31 13,374 ----a-w c:\program files\Script.iwz
2008-11-30 08:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_22.13.10,65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:37:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-02-16 2273280]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"fsc-reminder.exe"="c:\windows\reminder\fsc-reminder.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Camera Detector"="c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2003-11-17 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-03-05 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-03-12 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-19 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
R‚glages souris Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2006-10-07 266240]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-02-05 925696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A
"kava"=c:\windows\system32\kavo.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"protect_autorun"=c:\documents and settings\Francis\Mes documents\Kill MS32dll.dll.vbs.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 114768]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2006-10-07 9088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-02-05 402432]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-07-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-07-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-07-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-07-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-07-26 82864]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44043189-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - L:\il0byu3h.com
\Shell\open\Command - L:\il0byu3h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f66-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f68-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - M:\2fiy.bat
\Shell\open\Command - M:\2fiy.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2009-03-03 c:\windows\Tasks\HPpromoLoginTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\HPpromoPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{6DC0BE02-4733-421E-9441-B95D56112533}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: supertraffic.info
Trusted Zone: ww2.supertraffic.info
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 20:49:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-03 20:51:30
ComboFix-quarantined-files.txt 2009-03-03 19:51:28
ComboFix2.txt 2009-03-03 19:39:32
ComboFix3.txt 2009-03-03 18:09:24
ComboFix4.txt 2009-03-02 21:14:54

Avant-CF: 168 533 360 640 octets libres
Après-CF: 168,517,689,344 octets libres

226 --- E O F --- 2009-02-25 09:55:11

jabu · Answer

Je regardais le contenu du script que tu m'as envoyé...
tu as écris Driver :: puis Files: et Registry:: (apparemment ce sont les différents chapitres à regarder dans l'action de combofix)
Il faudrait pas garder la même syntaxe pour chaque "chapitre", à savoir donc le nom suivi d'un espace et de deux : ?
Je ne fais que demander au cas où...

P.S.: j'espère qu'on va vite trouver la solution... je n'aurai plus accès à ce PC à partir de samedi

jlpjlp · Answer

il faut copier en un bloc tout ce texte







Driver ::
ZDCndis5
Files:
c:\windows\system32\ZDCndis5.SYS
M:\2fiy.bat
C:\WINDOWS\reminder\fsc-reminder.exe
L:\il0byu3h.com
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b­}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b­}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
"fsc-reminder.exe"=-

jabu · Answer

c'est pourtant exactement ce que je fais depuis tout à l'heure...
sélection depuis Driver jusqu'à =-
copier puis coller dans un nouveau document texte sur le bureau et nommé CFscript
La bardée de lignes vierges avant Driver est-elle importante?
Je recommence

Voila le rapport de combofix... j'ai pas l'impression qu'il y ait de la nouveauté...

ComboFix 09-03-02.01 - Francis 2009-03-03 23:03:39.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.589 [GMT 1:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Francis\Bureau\CFscript
AV: avast! antivirus 4.8.1335 [VPS 090303-1] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 22:24 . 2009-03-02 22:24 <REP> d-------- C:\rsit
2009-03-02 21:11 . 2009-03-02 21:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-02 21:10 . 2005-01-29 05:04 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-03-02 21:10 . 2005-01-29 06:00 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-02 21:10 . 2005-01-29 05:09 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-03-02 21:10 . 2005-01-29 06:00 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-02 21:10 . 2009-03-02 21:10 <REP> d-------- c:\documents and settings\Administrateur
2009-02-28 14:05 . 2009-03-03 18:55 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-28 14:05 . 2009-02-28 14:05 1,409 --a------ c:\windows\QTFont.for
2009-02-28 12:19 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
2009-02-28 12:19 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2009-02-28 12:19 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
2009-02-28 12:19 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2009-02-28 12:19 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
2009-02-28 12:19 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-28 12:19 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
2009-02-28 12:12 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
2009-02-28 12:11 . 2004-12-14 18:35 86,016 --a------ c:\windows\system32\vatee.ax
2009-02-27 16:19 . 2009-02-27 16:19 <REP> dr------- c:\program files\Skype
2009-02-27 16:19 . 2009-02-27 16:19 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-26 17:47 . 2009-02-26 17:47 <REP> d-------- c:\program files\Trend Micro
2009-02-23 10:04 . 2009-02-23 10:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\Francis\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-22 21:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 21:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 21:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 21:23 . 2009-02-22 21:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 19:33 . 2009-02-22 20:48 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-22 19:27 . 2009-02-22 20:49 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-21 20:08 . 2008-04-14 03:34 70,656 --a------ c:\windows\AhnRpta.exe
2009-02-21 19:27 . 2009-02-21 19:27 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 19:27 . 2009-02-21 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 12:14 . 2009-03-03 22:46 <REP> d-------- c:\documents and settings\Francis\Application Data\HPAppData
2009-02-07 12:12 . 2009-02-07 12:13 <REP> d-------- c:\documents and settings\Francis\Application Data\HP
2009-02-07 12:10 . 2009-02-07 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-07 12:09 . 2007-11-01 04:28 970,752 -ra------ c:\windows\system32\hpotiop5.dll
2009-02-07 12:09 . 2007-11-01 04:28 729,088 -ra------ c:\windows\system32\hpowiax5.dll
2009-02-07 12:09 . 2007-11-01 04:28 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-07 12:09 . 2007-11-01 04:28 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-07 12:09 . 2007-11-01 04:28 303,104 -ra------ c:\windows\system32\hpovst12.dll
2009-02-07 12:09 . 2007-12-06 16:55 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-02-07 12:09 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 11:54 . 2009-02-07 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-07 11:52 . 2009-02-02 15:58 186,749 --------- c:\windows\hpoins21.dat.temp
2009-02-07 11:52 . 2008-02-13 02:15 7,262 --------- c:\windows\hpomdl21.dat.temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 22:03 --------- d-----w c:\program files\Wanadoo
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\skypePM
2009-03-02 18:23 --------- d-----w c:\documents and settings\Francis\Application Data\Skype
2009-03-01 17:36 --------- d-----w c:\documents and settings\Francis\Application Data\U3
2009-02-28 11:11 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-02-27 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-23 09:03 --------- d-----w c:\program files\Java
2009-02-07 10:54 --------- d-----w c:\program files\HP
2009-01-31 17:26 --------- d-----w c:\program files\GUILD WARS
2009-01-18 18:52 1,524 ----a-w c:\documents and settings\Francis\Application Data\wklnhst.dat
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-04 12:06 2,402,832 ----a-w c:\program files\WLinstaller.exe
2007-03-24 18:54 54,553,388 ----a-w c:\program files\ci07_05_2007_2_027.exe
2006-06-04 08:54 247,608 ----a-w c:\program files\jre-1_5_0_07-windows-i586-p-iftw.exe
2005-06-12 16:31 13,374 ----a-w c:\program files\Script.iwz
2008-11-30 08:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_22.13.10,65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:37:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-02-16 2273280]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"fsc-reminder.exe"="c:\windows\reminder\fsc-reminder.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Camera Detector"="c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2003-11-17 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Francis\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2005-03-05 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-03-12 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-05-19 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
R‚glages souris Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2006-10-07 266240]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-02-05 925696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A
"kava"=c:\windows\system32\kavo.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"protect_autorun"=c:\documents and settings\Francis\Mes documents\Kill MS32dll.dll.vbs.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FASTTRACKNETVISION"=c:\windows\NETVISION.exe -A

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 114768]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2006-10-07 9088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-02-05 402432]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-07-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-07-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-07-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-07-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-07-26 82864]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44043189-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - K:\Une-cle-pour-demarrer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}]
\Shell\AutoRun\command - L:\il0byu3h.com
\Shell\open\Command - L:\il0byu3h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f66-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f68-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}]
\Shell\AutoRun\command - M:\2fiy.bat
\Shell\open\Command - M:\2fiy.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2009-03-03 c:\windows\Tasks\HPpromoLoginTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\HPpromoPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\HPpromo.exe [2007-12-22 17:12]

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{6DC0BE02-4733-421E-9441-B95D56112533}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: supertraffic.info
Trusted Zone: ww2.supertraffic.info
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 23:06:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-03 23:08:04
ComboFix-quarantined-files.txt 2009-03-03 22:08:00
ComboFix2.txt 2009-03-03 19:51:33
ComboFix3.txt 2009-03-03 19:39:32
ComboFix4.txt 2009-03-03 18:09:24
ComboFix5.txt 2009-03-03 22:02:51

Avant-CF: 168 769 458 176 octets libres
Après-CF: 168,829,919,232 octets libres

227 --- E O F --- 2009-02-25 09:55:11

jlpjlp · Answer

télécharge OTMoveIt

http://oldtimer.geekstogo.com/OTMoveIt3.exe

(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.



:processus
explorer.exe 
:services 
ZDCndis5
:files
c:\windows\system32\ZDCndis5.SYS
M:\2fiy.bat
C:\WINDOWS\reminder\fsc-reminder.exe
L:\il0byu3h.com
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n­\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff278­6b­}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n­\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff278­6b­}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run]
"fsc-reminder.exe"=-

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

jabu · Answer

voila le résultat:

Error: Unable to interpret <:processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Service ZDCndis5 stopped successfully.
Service ZDCndis5 deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\ZDCndis5.SYS not found.
File/Folder M:\2fiy.bat not found.
File/Folder C:\WINDOWS\reminder\fsc-reminder.exe not found.
File/Folder L:\il0byu3h.com not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4404318a-0045-11de-8af4-00112ff2786b}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54af9f69-b3fe-11dd-8a61-00112ff2786b}\\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03042009_095713

jlpjlp · Answer

tu avais branché les disques M et L?

jabu · Answer

M et L sont deux clés USB... je ne les ai pas branchées (va falloir que je recherche quelle clé correspond alors...)

Demande d'avis

32 réponses

Votre réponse

Newsletters