Bonjour, je voudrais supprimer koobface

Question

Bonjour, je voudrais supprimer koobface de mon pc!
Voici le logfile de hijackthis: 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:18, on 19/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
G:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric Vanden Wyngaert\Bureau\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

XaTon · Answer

Bonjour ,

Fait ceci :

~~~~~~~~~~~~~~~~> Combofix <~~~~~~~~~~~~~~~~~~~

- Télécharge Combofix

>http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Renomme le pour l’enregistrer sur ton bureau en asdehi
- Double clique combofix.exe qui est devenu asdehi.exe

/!\  Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours avant de lancer le scan /!\
/!\   Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares  /!\

- Tape sur la touche 1 (Yes) pour démarrer le scan
- Lorsque ComboFix a fini son examen, il annoncera qu'il est en train de préparer le compte rendu

Note :
Ceci peut durer un certain temps, donc surtout sois patient. Si si le Bureau Windows disparaît, ne pas s'inquiéter pas

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 
- Un log s'ouvrira, celui ci sera sauvegarder dans C:/ Combofix

/!\  Réactiver la protection en temps réel  /!\

- Copie / Colle moi le rapport present dans C:/ Combofix

zooum · Answer

Merci &#8592;« Xa&#358;o&#1080; »&#8594; ™ je fais ça direct!

zooum · Answer

Voilà le log de combofix et encore mille merci pour ton aide, je dois te préciser que spybot search & destroy a trouvé koobface et je l'ai supprimer mais je ne sais pas s'il est vraiment effacé!

ComboFix 09-08-18.04 - Eric Vanden Wyngaert 19/08/2009 19:09.1.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.2047.1587 [GMT 2:00]
Running from: c:\documents and settings\Eric Vanden Wyngaert\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090818-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\010112010146120114.xe
c:\windows\01011201014650120.xe
c:\windows\0101120101465653.xe
c:\windows\prxid93ps.dat
c:\windows\system32\msssc.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected 
Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll 

.
(((((((((((((((((((((((((   Files Created from 2009-07-19 to 2009-08-19  )))))))))))))))))))))))))))))))
.

2009-08-19 16:13 . 2006-05-24 11:36	110592	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\U3\temp\cleanup.exe
2009-08-19 15:38 . 2009-08-19 15:38	--------	d-sh--w-	c:\windows\ftpcache
2009-08-19 15:38 . 2009-08-19 16:13	--------	d-----w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\U3
2009-08-18 15:34 . 2008-06-11 08:47	9022288	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\TomTom\HOME\Profiles\khdusnd7.default\extensions\Navcore.8.010.9369@tomtom.com\8-010-9369-1.dll
2009-08-17 15:24 . 2009-08-17 15:24	--------	d-----w-	c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-17 15:24 . 2009-08-17 15:24	--------	d-----w-	c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-17 15:21 . 2009-08-17 21:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 14:51 . 2009-08-17 14:51	1	----a-w-	c:\windows\ectbbyn.dat
2009-08-17 14:50 . 2009-08-17 16:51	4085	----a-w-	c:\windows\ex1234.dat
2009-08-17 14:47 . 2009-08-17 14:47	1	---h--w-	c:\windows\ex23567.dat
2009-08-16 13:56 . 2009-08-16 13:56	--------	d-----w-	c:\windows\system32\XPSViewer
2009-08-16 13:56 . 2009-08-16 13:56	--------	d-----w-	c:\program files\Reference Assemblies
2009-08-16 13:53 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 13:53 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2009-08-16 13:53 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 13:53 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 13:53 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2009-08-16 13:53 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2009-08-16 13:53 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2009-08-12 18:17 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll
2009-08-09 12:35 . 2008-04-14 02:33	26624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-09 01:26 . 2009-08-09 01:26	152576	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-08 15:28 . 2009-08-08 15:28	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-08-08 15:22 . 2009-08-08 15:25	--------	d-----w-	c:\windows\system32\drivers\UMDF
2009-08-05 11:34 . 2009-08-05 11:35	--------	d-----w-	c:\program files\Microsoft Works
2009-08-05 11:34 . 2009-08-05 11:34	--------	d-----w-	c:\program files\MSBuild
2009-08-05 11:33 . 2009-08-05 11:33	--------	d-----w-	c:\program files\Microsoft.NET
2009-08-05 11:31 . 2009-08-05 11:31	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2009-08-05 11:30 . 2009-08-05 11:34	--------	d-----w-	c:\windows\SHELLNEW
2009-08-05 11:30 . 2009-08-05 11:30	--------	d-----w-	c:\documents and settings\Eric Vanden Wyngaert\Local Settings\Application Data\Microsoft Help
2009-08-05 11:30 . 2009-08-13 01:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-31 23:53 . 2009-07-31 23:53	--------	d-----w-	c:\windows\system32\wbem\Repository
2009-07-22 22:33 . 2009-07-22 22:33	--------	d-----w-	c:\program files\Fichiers communs\PCSuite
2009-07-22 22:33 . 2009-07-22 22:33	--------	d-----w-	c:\program files\Fichiers communs\Nokia
2009-07-22 22:31 . 2008-08-26 08:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2009-07-22 22:31 . 2009-07-22 22:31	--------	d-----w-	c:\program files\PC Connectivity Solution
2009-07-22 22:29 . 2009-07-22 22:11	33728384	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre.exe
2009-07-22 22:29 . 2009-07-22 22:29	95232	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-22 22:29 . 2009-07-22 22:29	8192	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-22 22:29 . 2009-07-22 22:29	61440	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-22 22:29 . 2009-07-22 22:29	10240	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 01:30 . 2009-06-17 17:36	--------	d-----w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\uTorrent
2009-08-16 19:39 . 2009-06-20 14:58	--------	d-----w-	c:\program files\KONAMI
2009-08-16 16:26 . 2006-03-02 12:00	81734	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-16 16:26 . 2006-03-02 12:00	503570	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-16 14:22 . 2009-06-05 22:20	69240	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 01:27 . 2009-06-06 16:30	--------	d-----w-	c:\program files\Java
2009-08-05 09:00 . 2006-03-02 12:00	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2009-06-06 16:30	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-22 23:13 . 2009-06-06 19:03	--------	d-----w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\Nokia
2009-07-22 22:11 . 2009-06-06 19:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Installations
2009-07-18 19:23 . 2009-07-18 19:23	22328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-07-18 19:23 . 2009-07-18 19:23	22328	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\PnkBstrK.sys
2009-07-18 19:23 . 2009-07-18 19:23	22328	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\PnkBstrK.sys
2009-07-18 19:23 . 2009-07-18 19:23	107832	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-07-18 19:23 . 2009-07-18 19:23	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-07-18 19:23 . 2009-07-18 19:23	2250024	----a-w-	c:\windows\system32\pbsvc.exe
2009-07-18 19:20 . 2009-06-20 21:06	--------	d-----w-	c:\program files\Ubisoft
2009-07-18 19:20 . 2009-06-06 16:55	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-17 19:03 . 2006-03-02 12:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 20:28 . 2009-07-14 20:13	--------	d-----w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\Skype
2009-07-14 20:13 . 2009-07-14 20:13	--------	d-----w-	c:\program files\Fichiers communs\Skype
2009-07-14 20:12 . 2009-07-14 20:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2009-07-14 16:55 . 2009-07-14 16:54	--------	d-----w-	c:\program files\Lexmark 1200 Series
2009-07-13 21:43 . 2006-03-02 12:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-12 17:24 . 2009-07-12 17:24	--------	d-----w-	c:\program files\AGEIA Technologies
2009-07-12 17:23 . 2009-07-12 17:23	--------	d-----w-	c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-26 16:50 . 2006-03-02 12:00	670720	----a-w-	c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2009-06-26 10:27 . 2009-06-26 10:23	--------	d-----w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\Canon
2009-06-26 10:21 . 2009-06-26 10:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2009-06-26 10:01 . 2009-06-26 10:01	--------	d-----w-	c:\program files\Canon
2009-06-25 08:26 . 2006-03-02 12:00	736768	----a-w-	c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2006-03-02 12:00	56832	----a-w-	c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2006-03-02 12:00	54272	----a-w-	c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2006-03-02 12:00	147456	----a-w-	c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2006-03-02 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2006-03-02 12:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-03-02 12:00	92928	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-06-20 15:04 . 2009-06-20 15:04	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-06-16 14:40 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2006-03-02 12:00	78848	----a-w-	c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2006-03-02 12:00	85504	----a-w-	c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-06-05 21:41	2066432	----a-w-	c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2006-03-02 12:00	132096	----a-w-	c:\windows\system32\wkssvc.dll
2009-06-06 19:01 . 2009-06-06 19:01	8192	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-06 19:01 . 2009-06-06 19:01	61440	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-06 19:01 . 2009-06-06 19:01	10240	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-06 19:00 . 2009-06-06 19:01	33764696	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre_web[1].exe
2009-06-06 17:29 . 2009-06-06 17:29	0	----a-w-	c:\windows\ativpsrm.bin
2009-06-06 16:44 . 2009-06-05 21:45	76507	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-06 16:31 . 2009-06-06 16:31	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-06-06 16:29 . 2009-06-06 16:29	152576	----a-w-	c:\documents and settings\Eric Vanden Wyngaert\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-05 21:42 . 2009-06-05 21:42	21892	----a-w-	c:\windows\system32\emptyregdb.dat
2009-06-03 19:10 . 2006-03-02 12:00	1297408	----a-w-	c:\windows\system32\quartz.dll
2009-06-02 16:11 . 2009-06-24 14:35	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-06-24 14:35	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-06-24 14:35	881664	----a-w-	c:\windows\system32\xvidcore.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"RocketDock"="g:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"TomTomHOME.exe"="g:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"g:\Program Files\BitLord\BitLord.exe"=
"g:\Program Files\LimeWire\LimeWire.exe"=
"g:\Program Files\AssassinsCreed_\AssassinsCreed_Dx9.exe"=
"g:\Program Files\AssassinsCreed_\AssassinsCreed_Dx10.exe"=
"g:\Program Files\AssassinsCreed_\AssassinsCreed_Launcher.exe"=
"g:\Program Files\uTorrent.exe"=
"c:\Documents and Settings\Eric Vanden Wyngaert\Games\Tom Clancy's H.A.W.X\HAWX.exe"=
"c:\Documents and Settings\Eric Vanden Wyngaert\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe"=
"c:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"=
"c:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"h:\Transferts\Games\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2.exe"=
"g:\Program Files\Phone\Skype.exe"=
"h:\Transferts\Games\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe"=
"c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"=
"c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"=
"c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"=
"c:\WINDOWS\system32\PnkBstrA.exe"=
"c:\WINDOWS\system32\PnkBstrB.exe"=
"g:\Program Files\Office12\OUTLOOK.EXE"=
"c:\Program Files\KONAMI\PortChkPES2009EUPC.exe"=
"c:\WINDOWS\system32\LEXPPS.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/06/2009 0:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/06/2009 0:28 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/06/2009 0:36 55152]
R2 TomTomHOMEService;TomTomHOMEService;g:\program files\TomTom HOME 2\TomTomHOMEService.exe [7/08/2009 16:31 92008]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.be/fr
IE: E&xporter vers Microsoft Excel - g:\progra~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3052)
g:\program files\RocketDock\RocketDock.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
g:\program files\Nokia PC Suite 7\PhoneBrowser.dll
g:\program files\Nokia PC Suite 7\NGSCM.DLL
g:\program files\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
g:\program files\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-08-19 19:22 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-19 17:22

Pre-Run: 73.173.700.608 octets libres
Post-Run: 73.177.292.800 octets libres

257	--- E O F ---	2009-08-19 15:21

XaTon · Answer

Koobface a été supprimé avant ou après le log Hijack ?

zooum · Answer

Avant

zooum · Answer

Voici le log de hijack this avant que je supprime
Il me semble que le fichier "O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe "était le problème mais je voudrais en être sûr!
 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:47, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\pp11.exe
C:\WINDOWS\system32\lexpps.exe
G:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eric Vanden Wyngaert\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

XaTon · Answer

Fait ceci :

~~~~~~~~~~~~~~~~> Combofix <~~~~~~~~~~~~~~~~~~~

- Télécharge Combofix

>http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Renomme le pour l’enregistrer sur ton bureau en asdehi
- Double clique combofix.exe qui est devenu asdehi.exe

/!\  Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours avant de lancer le scan /!\
/!\   Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares  /!\

- Tape sur la touche 1 (Yes) pour démarrer le scan
- Lorsque ComboFix a fini son examen, il annoncera qu'il est en train de préparer le compte rendu

Note :
Ceci peut durer un certain temps, donc surtout sois patient. Si si le Bureau Windows disparaît, ne pas s'inquiéter pas

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 
- Un log s'ouvrira, celui ci sera sauvegarder dans C:/ Combofix

/!\  Réactiver la protection en temps réel  /!\

- Copie / Colle moi le rapport present dans C:/ Combofix

zooum · Answer

ComboFix 09-08-18.04 - Eric Vanden Wyngaert 19/08/2009 19:09.1.2 - NTFSx86 
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1587 [GMT 2:00] 
Running from: c:\documents and settings\Eric Vanden Wyngaert\Bureau\ComboFix.exe 
AV: avast! antivirus 4.8.1335 [VPS 090818-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
. 

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) 
. 

c:\windows\010112010146120114.xe 
c:\windows\01011201014650120.xe 
c:\windows\0101120101465653.xe 
c:\windows\prxid93ps.dat 
c:\windows\system32\msssc.dll 
D:\Autorun.inf 

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected 
Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll 

. 
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))))) 
. 

2009-08-19 16:13 . 2006-05-24 11:36 110592 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\U3\temp\cleanup.exe 
2009-08-19 15:38 . 2009-08-19 15:38 -------- d-sh--w- c:\windows\ftpcache 
2009-08-19 15:38 . 2009-08-19 16:13 -------- d-----w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\U3 
2009-08-18 15:34 . 2008-06-11 08:47 9022288 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\TomTom\HOME\Profiles\khdusnd7.default\extensions\Navcore.8.010.9369@tomtom.com\8-010-9369-1.dll 
2009-08-17 15:24 . 2009-08-17 15:24 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 
2009-08-17 15:24 . 2009-08-17 15:24 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 
2009-08-17 15:21 . 2009-08-17 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 
2009-08-17 14:51 . 2009-08-17 14:51 1 ----a-w- c:\windows\ectbbyn.dat 
2009-08-17 14:50 . 2009-08-17 16:51 4085 ----a-w- c:\windows\ex1234.dat 
2009-08-17 14:47 . 2009-08-17 14:47 1 ---h--w- c:\windows\ex23567.dat 
2009-08-16 13:56 . 2009-08-16 13:56 -------- d-----w- c:\windows\system32\XPSViewer 
2009-08-16 13:56 . 2009-08-16 13:56 -------- d-----w- c:\program files\Reference Assemblies 
2009-08-16 13:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 
2009-08-16 13:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 
2009-08-16 13:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 
2009-08-16 13:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 
2009-08-16 13:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 
2009-08-16 13:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 
2009-08-16 13:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 
2009-08-12 18:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 
2009-08-09 12:35 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 
2009-08-09 01:26 . 2009-08-09 01:26 152576 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 
2009-08-08 15:28 . 2009-08-08 15:28 -------- d-----w- c:\program files\Windows Media Connect 2 
2009-08-08 15:22 . 2009-08-08 15:25 -------- d-----w- c:\windows\system32\drivers\UMDF 
2009-08-05 11:34 . 2009-08-05 11:35 -------- d-----w- c:\program files\Microsoft Works 
2009-08-05 11:34 . 2009-08-05 11:34 -------- d-----w- c:\program files\MSBuild 
2009-08-05 11:33 . 2009-08-05 11:33 -------- d-----w- c:\program files\Microsoft.NET 
2009-08-05 11:31 . 2009-08-05 11:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8 
2009-08-05 11:30 . 2009-08-05 11:34 -------- d-----w- c:\windows\SHELLNEW 
2009-08-05 11:30 . 2009-08-05 11:30 -------- d-----w- c:\documents and settings\Eric Vanden Wyngaert\Local Settings\Application Data\Microsoft Help 
2009-08-05 11:30 . 2009-08-13 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 
2009-07-31 23:53 . 2009-07-31 23:53 -------- d-----w- c:\windows\system32\wbem\Repository 
2009-07-22 22:33 . 2009-07-22 22:33 -------- d-----w- c:\program files\Fichiers communs\PCSuite 
2009-07-22 22:33 . 2009-07-22 22:33 -------- d-----w- c:\program files\Fichiers communs\Nokia 
2009-07-22 22:31 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 
2009-07-22 22:31 . 2009-07-22 22:31 -------- d-----w- c:\program files\PC Connectivity Solution 
2009-07-22 22:29 . 2009-07-22 22:11 33728384 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre.exe 
2009-07-22 22:29 . 2009-07-22 22:29 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 
2009-07-22 22:29 . 2009-07-22 22:29 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 
2009-07-22 22:29 . 2009-07-22 22:29 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 
2009-07-22 22:29 . 2009-07-22 22:29 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 

. 
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 
. 
2009-08-17 01:30 . 2009-06-17 17:36 -------- d-----w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\uTorrent 
2009-08-16 19:39 . 2009-06-20 14:58 -------- d-----w- c:\program files\KONAMI 
2009-08-16 16:26 . 2006-03-02 12:00 81734 ----a-w- c:\windows\system32\perfc00C.dat 
2009-08-16 16:26 . 2006-03-02 12:00 503570 ----a-w- c:\windows\system32\perfh00C.dat 
2009-08-16 14:22 . 2009-06-05 22:20 69240 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
2009-08-09 01:27 . 2009-06-06 16:30 -------- d-----w- c:\program files\Java 
2009-08-05 09:00 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 
2009-07-25 03:23 . 2009-06-06 16:30 411368 ----a-w- c:\windows\system32\deploytk.dll 
2009-07-22 23:13 . 2009-06-06 19:03 -------- d-----w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\Nokia 
2009-07-22 22:11 . 2009-06-06 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 
2009-07-18 19:23 . 2009-07-18 19:23 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 
2009-07-18 19:23 . 2009-07-18 19:23 22328 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\PnkBstrK.sys 
2009-07-18 19:23 . 2009-07-18 19:23 22328 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\PnkBstrK.sys 
2009-07-18 19:23 . 2009-07-18 19:23 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 
2009-07-18 19:23 . 2009-07-18 19:23 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 
2009-07-18 19:23 . 2009-07-18 19:23 2250024 ----a-w- c:\windows\system32\pbsvc.exe 
2009-07-18 19:20 . 2009-06-20 21:06 -------- d-----w- c:\program files\Ubisoft 
2009-07-18 19:20 . 2009-06-06 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information 
2009-07-17 19:03 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 
2009-07-14 20:28 . 2009-07-14 20:13 -------- d-----w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\Skype 
2009-07-14 20:13 . 2009-07-14 20:13 -------- d-----w- c:\program files\Fichiers communs\Skype 
2009-07-14 20:12 . 2009-07-14 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 
2009-07-14 16:55 . 2009-07-14 16:54 -------- d-----w- c:\program files\Lexmark 1200 Series 
2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 
2009-07-12 17:24 . 2009-07-12 17:24 -------- d-----w- c:\program files\AGEIA Technologies 
2009-07-12 17:23 . 2009-07-12 17:23 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 
2009-06-26 16:50 . 2006-03-02 12:00 670720 ----a-w- c:\windows\system32\wininet.dll 
2009-06-26 16:50 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 
2009-06-26 10:27 . 2009-06-26 10:23 -------- d-----w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\Canon 
2009-06-26 10:21 . 2009-06-26 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 
2009-06-26 10:01 . 2009-06-26 10:01 -------- d-----w- c:\program files\Canon 
2009-06-25 08:26 . 2006-03-02 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 
2009-06-25 08:26 . 2006-03-02 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 
2009-06-25 08:26 . 2006-03-02 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 
2009-06-25 08:26 . 2006-03-02 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 
2009-06-25 08:26 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 
2009-06-25 08:26 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 
2009-06-24 11:18 . 2006-03-02 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 
2009-06-20 15:04 . 2009-06-20 15:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 
2009-06-15 10:44 . 2006-03-02 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 
2009-06-10 14:14 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 
2009-06-10 07:21 . 2009-06-05 21:41 2066432 ----a-w- c:\windows\system32\mstscax.dll 
2009-06-10 06:15 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 
2009-06-06 19:01 . 2009-06-06 19:01 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe 
2009-06-06 19:01 . 2009-06-06 19:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 
2009-06-06 19:01 . 2009-06-06 19:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe 
2009-06-06 19:00 . 2009-06-06 19:01 33764696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre_web[1].exe 
2009-06-06 17:29 . 2009-06-06 17:29 0 ----a-w- c:\windows\ativpsrm.bin 
2009-06-06 16:44 . 2009-06-05 21:45 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 
2009-06-06 16:31 . 2009-06-06 16:31 664 ----a-w- c:\windows\system32\d3d9caps.dat 
2009-06-06 16:29 . 2009-06-06 16:29 152576 ----a-w- c:\documents and settings\Eric Vanden Wyngaert\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 
2009-06-05 21:42 . 2009-06-05 21:42 21892 ----a-w- c:\windows\system32\emptyregdb.dat 
2009-06-03 19:10 . 2006-03-02 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll 
2009-06-02 16:11 . 2009-06-24 14:35 85504 ----a-w- c:\windows\system32\ff_vfw.dll 
2009-05-29 21:37 . 2009-06-24 14:35 205824 ----a-w- c:\windows\system32\xvidvfw.dll 
2009-05-29 21:31 . 2009-06-24 14:35 881664 ----a-w- c:\windows\system32\xvidcore.dll 
. 

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) 
. 
. 
*Note* empty entries & legit default entries are not shown 
REGEDIT4 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] 
"RocketDock"="g:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] 
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] 
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] 
"TomTomHOME.exe"="g:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] 
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] 
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664] 
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] 
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] 
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] 
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] 
@="Driver" 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
"%windir%\system32\sessmgr.exe"= 
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"= 
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"= 
"%windir%\Network Diagnostic\xpnetdiag.exe"= 
"g:\Program Files\BitLord\BitLord.exe"= 
"g:\Program Files\LimeWire\LimeWire.exe"= 
"g:\Program Files\AssassinsCreed_\AssassinsCreed_Dx9.exe"= 
"g:\Program Files\AssassinsCreed_\AssassinsCreed_Dx10.exe"= 
"g:\Program Files\AssassinsCreed_\AssassinsCreed_Launcher.exe"= 
"g:\Program Files\uTorrent.exe"= 
"c:\Documents and Settings\Eric Vanden Wyngaert\Games\Tom Clancy's H.A.W.X\HAWX.exe"= 
"c:\Documents and Settings\Eric Vanden Wyngaert\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe"= 
"c:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"= 
"c:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe"= 
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= 
"h:\Transferts\Games\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2.exe"= 
"g:\Program Files\Phone\Skype.exe"= 
"h:\Transferts\Games\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe"= 
"c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"= 
"c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"= 
"c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"= 
"c:\WINDOWS\system32\PnkBstrA.exe"= 
"c:\WINDOWS\system32\PnkBstrB.exe"= 
"g:\Program Files\Office12\OUTLOOK.EXE"= 
"c:\Program Files\KONAMI\PortChkPES2009EUPC.exe"= 
"c:\WINDOWS\system32\LEXPPS.EXE"= 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/06/2009 0:28 114768] 
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/06/2009 0:28 20560] 
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/06/2009 0:36 55152] 
R2 TomTomHOMEService;TomTomHOMEService;g:\program files\TomTom HOME 2\TomTomHOMEService.exe [7/08/2009 16:31 92008] 
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360] 
. 
. 
------- Supplementary Scan ------- 
. 
uStart Page = hxxp://google.be/fr 
IE: E&xporter vers Microsoft Excel - g:\progra~1\Office12\EXCEL.EXE/3000 
. 

************************************************************************** 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net 
Rootkit scan 2009-08-19 19:15 
Windows 5.1.2600 Service Pack 3 NTFS 

scanning hidden processes ... 

scanning hidden autostart entries ... 

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

************************************************************************** 
. 
--------------------- LOCKED REGISTRY KEYS --------------------- 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] 
@Denied: (A 2) (Everyone) 
@="FlashBroker" 
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe,-101" 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] 
"Enabled"=dword:00000001 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] 
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe" 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] 
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] 
@Denied: (A 2) (Everyone) 
@="IFlashBroker3" 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] 
@="{00020424-0000-0000-C000-000000000046}" 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] 
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" 
"Version"="1.0" 
. 
--------------------- DLLs Loaded Under Running Processes --------------------- 

- - - - - - - > 'winlogon.exe'(524) 
c:\windows\system32\Ati2evxx.dll 

- - - - - - - > 'explorer.exe'(3052) 
g:\program files\RocketDock\RocketDock.dll 
c:\windows\system32\msi.dll 
c:\windows\system32\eappprxy.dll 
c:\windows\system32\WPDShServiceObj.dll 
g:\program files\Nokia PC Suite 7\PhoneBrowser.dll 
g:\program files\Nokia PC Suite 7\NGSCM.DLL 
g:\program files\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr 
g:\program files\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr 
c:\windows\system32\PortableDeviceTypes.dll 
c:\windows\system32\PortableDeviceApi.dll 
. 
------------------------ Other Running Processes ------------------------ 
. 
c:\windows\system32\ati2evxx.exe 
c:\windows\system32\ati2evxx.exe 
c:\program files\Alwil Software\Avast4\aswUpdSv.exe 
c:\program files\Alwil Software\Avast4\ashServ.exe 
c:\windows\system32\LEXBCES.EXE 
c:\windows\system32\LEXPPS.EXE 
c:\program files\Java\jre6\bin\jqs.exe 
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe 
c:\windows\system32\IoctlSvc.exe 
c:\windows\system32\PnkBstrA.exe 
c:\windows\system32\PnkBstrB.exe 
c:\program files\Analog Devices\SoundMAX\SMAgent.exe 
c:\program files\Alwil Software\Avast4\ashMaiSv.exe 
c:\program files\Alwil Software\Avast4\ashWebSv.exe 
c:\windows\system32\wbem\wmiapsrv.exe 
c:\windows\system32\rundll32.exe 
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe 
c:\windows\system32\dwwin.exe 
. 
************************************************************************** 
. 
Completion time: 2009-08-19 19:22 - machine was rebooted 
ComboFix-quarantined-files.txt 2009-08-19 17:22 

Pre-Run: 73.173.700.608 octets libres 
Post-Run: 73.177.292.800 octets libres 

257 --- E O F --- 2009-08-19 15:21

XaTon · Answer

Refait un Hijack

zooum · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:21, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
G:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric Vanden Wyngaert\Mes documents\Downloads\Data Doctor Recovery PRO -14in1- (portable) {FIXED}[trees]\Data Doctor.exe
C:\DOCUME~1\ERICVA~1\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\DOCUME~1\ERICVA~1\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Data Doctor Recovery NTFS.exe
C:\Documents and Settings\Eric Vanden Wyngaert\Bureau\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

XaTon · Answer

Lis bien et exécute cette manipulation dans l’ordre.

- Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
- Mets les à jour, comme indiqué dans les démos ou tutos.

/!\  Ne les utilise pas tout de suite. /!\


Antispywares et autres :

*Malwarebytes(gratuit)

Téléchargement :
> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tuto :
> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

*Spybot (gratuit) :

Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

Demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm


Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)

Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !


========================================

->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]


=======================================

->Démarre en mode sans échec :

> Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
> Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
> Puis tape « entrée ».
> Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !

Note

Si F8 ne marche pas utilise la touche F5

=======================================

->Lance CCleaner.

Suppression des fichiers temporaires

> Va dans la section "Options" situé dans la marge gauche.
> Décoche "Avancé"
> Retourne ensuite dans la section "Nettoyeur"
> Fais bien attention de cocher toutes ces cases dans la marge gauche 
(Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]


========================================

->Passe MalwareBytes et supprime tout ce qu’il trouve + supprime les quarantaines…

========================================

->Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…

========================================

->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Registre] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]

• Patiente pendant que CCleaner scan ton registre.

• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Note

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.

========================================

-> Vide ta Corbeille.

========================================

->Redémarre en mode normal

- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

> http://www.bitdefender.fr/scan_fr/scan8/ie.html


Utilisation :

Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".

Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

Copier/coller le rapport entier sur le forum.

Tutoriel en images ici : 
http://perso.orange.fr/rginformatique/section%20virus/defender.htm 

[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

Relance Hijackthis et copie/colle un nouveau rapport sur le forum.

zooum · Answer

Merci beaucoup, je m'y mets !

Bonjour, je voudrais supprimer koobface

12 réponses

Votre réponse

Discussions similaires

Newsletters